MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e
SHA3-384 hash: 2a11f378d1084aaa4f6cc00c41b8c55299c1fb8fa9d46d8be603df07f1ac05c2c9442fada1621ca58be1df3707e38c5b
SHA1 hash: bb774a9fe1edbc0c2cc65f3e1764b426a3cfffe1
MD5 hash: 55c67637dcd3e6c7c8165d8bce8b575c
humanhash: oven-hamper-one-massachusetts
File name:fc
Download: download sample
Signature Mirai
Create hunting rule
File size:982 bytes
First seen:2025-03-03 02:41:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:2zKOYt3jWT6soe3TSsoe3THe3TWve3T/e3k:2zZm3jWT6mTSmTcTWUTEk
TLSH T16F11E9533B4C74F5FBDE5E0AB2638BD968DAD09F3C830601D87892E66C905140A74F70
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.188.254.201/arm717f914470010441ed25e072bce54a4dd4ed8f2d0a6fbc82c549228c6bf835145 Miraicensys elf mirai opendir
http://91.188.254.201/mips5b9d2b23c12dac512fc127a47c9e1d81aa92bfdb9edc2dbaa0d85c88141cf900 Gafgytelf gafgyt opendir
http://91.188.254.201/arm2f66b28645b910c0fcb7a751e9a0dad86fd2be825d07f45dd6ab086ec2eeafc0 Mirai32-bit elf mirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.9238.12561.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c551fcc8d04e92a4be914clinux22vpnfull_triage
Tags:
trojan agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67c5170ff8726576332c586d/reports/ed01b4f0-9ecd-4039-9d27-6f441da10153/overview
Verdict:
Malicious
Labled as:
Linux/TrojanDownloader.SH
Link:
https://www.hybrid-analysis.com/sample/b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-03 06:50:13 UTC
File Type:
Text (Shell)
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=we7tiegtijk4psn65lspxxsrku4advgoxd6afqjp4nq4k35peaha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250303-hlz9vaz1e1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b13f3410d34255c7c9beeae4fbde51553801d4ceb8fc02c12fe361c56faf200e

(this sample)

Mirai

elf 17f914470010441ed25e072bce54a4dd4ed8f2d0a6fbc82c549228c6bf835145

  
URLhaus
https://urlhaus.abuse.ch/url/3445404/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6399a3969c4fc5f3e46fae6571488c01
  
Dropping
SHA256 17f914470010441ed25e072bce54a4dd4ed8f2d0a6fbc82c549228c6bf835145

Comments