MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058
SHA3-384 hash: ca9484bd511f8c95eef4e91046fd60427cf21964244a72f19b750a866314f56a06fa62bc3527af7a26c2b900881d117d
SHA1 hash: f2b0e699c1ede883d0d6dfdbf3fecd2964f9db44
MD5 hash: e8867165d8930400a2d44781cc5c10f8
humanhash: two-football-oregon-idaho
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:708 bytes
First seen:2025-09-30 21:55:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:FzY8id/7JAC7akxGWi2jX0KTk5ja+pt+VTEinv:FzY8k1/sWi2jkFj8Th
TLSH T1460149ECA07CCB81099DC641B1F1501444B2D0C7B1F497E5F26E4825BF489993B2261D
Magika xml
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.NetLoader
Link:
https://www.hybrid-analysis.com/sample/b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4c44e008-fd38-43f5-b6bc-89725ffb5118
Behavior Graph:
Download SVG
%3 guuid=a9898d12-1700-0000-6661-a7d51e0d0000 pid=3358 /usr/bin/sudo guuid=a290e214-1700-0000-6661-a7d5250d0000 pid=3365 /tmp/sample.bin guuid=a9898d12-1700-0000-6661-a7d51e0d0000 pid=3358->guuid=a290e214-1700-0000-6661-a7d5250d0000 pid=3365 execve guuid=58cc3215-1700-0000-6661-a7d5270d0000 pid=3367 /usr/bin/dash guuid=a290e214-1700-0000-6661-a7d5250d0000 pid=3365->guuid=58cc3215-1700-0000-6661-a7d5270d0000 pid=3367 clone
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 22:10:44 UTC
File Type:
Text
AV detection:
9 of 38 (23.68%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wgvhahdrxvlqrq22l7a5lgvrwkmb4r7tfmbfrzfb7pjlqpcvmbma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b1aa701c71bd5708c35a5fc1d59ab1b2981e47f32b0258e4a1fbd2b83c556058

(this sample)

Mirai

elf 3fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5

  
URLhaus
https://urlhaus.abuse.ch/url/3633510/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8ca3d6664690094a3440af2a401cf767
  
Dropping
SHA256 3fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5

Comments