MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf
SHA3-384 hash: e3742429e1d877204ceff6eff7d9575cd18840ff8f02a658c5d1c1806eb2482b9ab2c431f8f23f530075d75d72fbbed9
SHA1 hash: 662efad65e25720bf7a845b737fd6b60834accfe
MD5 hash: 4b7f5c93712521b19b1e572dbd7b2524
humanhash: uranus-sodium-cardinal-uncle
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:897 bytes
First seen:2025-04-20 14:53:46 UTC
Last seen:2025-04-21 14:35:08 UTC
File type: sh
MIME type:text/plain
ssdeep 12:eiV+mxCWE+QNI9kxwA+5ySKxWH+exRI4qKA+Svq+UPC+2oeV+DJe+vx7+cA+xy9T:h7mNIqYKxS1x6wsZa8v
TLSH T15E1188CD101429D9851FCDC3339E0E12578687E0E4AEAB35769619339CCA600F858FCB
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.115.12/bot.armc4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm5705a79e4e5255b67ac7cb7228b74dfefc679b2bbf15236dff2507447d99fbc1c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm6904d5285d634fea62e0aeb0853de78de8166c9a38f8d2cfa20c60bf59312bb5f Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm7a75dd62515d52472d1bc732109342df8e5e784cb9276eb107d99f03b370b38ce Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.sh45c4907709725e1ff6b7ada33854fe67e7059645233a752c75c7f52f7e77dbe34 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.ppc1c935eac666882c1e64fcf7091909d6e1c8dd977c4ba28a4369494781595091e Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mips1e933eaca08ad804d1e35157c95176727ae64a87056f3688a521782687a55a95 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mpslb7307c083b9fdfde53c6adbc55654368c051b390755a9c0b766dda122036f574 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.spcn/an/aelf mirai moobot ua-wget
http://94.156.115.12/bot.x86c0ea92acc7aa2ce377c2f86f58f2ec12b20e51cf7c23191887c5072b84c561ac Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.x86_641bf9fa0c8c8eb7513470a0006724a3b21785c81ee74eb0017afce2d44aef27e6 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.i586n/an/aelf mirai moobot ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68050a98280f5f89a0d2697elinux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68050a9490767142c3dc80be/reports/86919504-f6a1-4501-b870-1af45758e05f/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-20 14:54:14 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqhv7v2cbfb5ggwfqganzxe5r24njh4xhpr6k6irecybrhvv5c7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250420-r9xnas1q15/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b40f5fd7420943d31ac58180dcdc9d8eb8d49f973be3e5791120b0189eb5e8bf

(this sample)

Mirai

elf 616e2826d4c027924809731e7eacbcbf8b0cc3023afad78e7833e70b8c0c3197

Mirai

elf c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c

  
Dropping
MD5 36e8177ee200fb5a316af4e51f25a87d
  
Dropping
SHA256 c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c
  
URLhaus
https://urlhaus.abuse.ch/url/3519774/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3519810/

Comments