MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2
SHA3-384 hash: 5839eee6a0abf31f7cc8d25016e26c7fb2506cab0314ccfbec7b03f61e2665b1803fc4e0fef039a1abe71996b77528fd
SHA1 hash: 3e7bdbc9576dda96e5b5f96e94a1b3f2d1dc1513
MD5 hash: fc883b159262268f7cac2f13c693b668
humanhash: indigo-crazy-golf-jupiter
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'189 bytes
First seen:2025-11-18 19:05:40 UTC
Last seen:2025-11-19 10:32:03 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:q0FtIeMAnX0Ft9CnX0Ft7NnX0FtJNtAnX0FtU+qnX0Ft9NIh5zAnX0FtOKLKjnXO:vyTH3R6dt9++PfNIfJvKAycU4DIBK
TLSH T1ED2112DA32A706782E656D23706E450075F5A7C764E0EF1928DC78F6508EE14B042F93
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/x86b374fa15482ea33ed27b9258c7a5a5cd965aa58858788f4ed4f59d348b061e7f Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/mips889f63769ef9a2da3dd0b8e2f15d1f4c6d3274ad35dcfa09f8b7b91556737238 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/mpsl4b5a176588e6e0bec03fe7a6e05e7281e945fe3bd845b9f868d2b57d1ce742f2 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/x86_645f64a7c287bdb2cd4b941717ec8382cb53b62de644f2fde94849d927e45382f3 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/arm5b6a1d2cacd09d1af879954b11e1bf3ab9a55786adfee94e7063625fc96dd2763 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/arm6bbc63002a1a46759795e24ce97eba0f073f936d0b9a3019690eeefbf63fd4985 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/arm7d9f9655faf21e0e21025530bd88f6a61718e5358105efd9593f233348a91f77a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/ppcf9bfaca7e8e151df876f7811bf30a1d30ad94cf61781850177c08679e192b883 Miraielf mirai
http://213.209.143.62/m68k5dad5ac542b347a69212fa758137b9e9bec5d655e078c0ed8c7e8c39c34a9a27 Miraielf geofenced m68k mirai opendir ua-wget USA
http://213.209.143.62/sh40dd5d2422dc9902ea167d667b8536ebf13f332fd73283ad15d34448d5c786911 Miraielf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
2
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/691cc3afe68d9822a37c24e9/reports/650397f0-797b-4d65-844d-21041d681c88/overview
Result
Gathering data
Verdict:
Malicious
File Type:
Script
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1add186f-417b-413a-a3bc-59586edc721c
Behavior Graph:
Download SVG
%3 guuid=eb730e0f-1900-0000-29f0-0fe55f130000 pid=4959 /usr/bin/sudo guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967 /tmp/sample.bin guuid=eb730e0f-1900-0000-29f0-0fe55f130000 pid=4959->guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967 execve guuid=ad950211-1900-0000-29f0-0fe569130000 pid=4969 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=ad950211-1900-0000-29f0-0fe569130000 pid=4969 execve guuid=03d0dc16-1900-0000-29f0-0fe580130000 pid=4992 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=03d0dc16-1900-0000-29f0-0fe580130000 pid=4992 execve guuid=f5022617-1900-0000-29f0-0fe581130000 pid=4993 /tmp/x86 net guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=f5022617-1900-0000-29f0-0fe581130000 pid=4993 execve guuid=24235c17-1900-0000-29f0-0fe584130000 pid=4996 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=24235c17-1900-0000-29f0-0fe584130000 pid=4996 execve guuid=49680e1d-1900-0000-29f0-0fe595130000 pid=5013 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=49680e1d-1900-0000-29f0-0fe595130000 pid=5013 execve guuid=f335491d-1900-0000-29f0-0fe598130000 pid=5016 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=f335491d-1900-0000-29f0-0fe598130000 pid=5016 clone guuid=cd62d91d-1900-0000-29f0-0fe59e130000 pid=5022 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=cd62d91d-1900-0000-29f0-0fe59e130000 pid=5022 execve guuid=9d677523-1900-0000-29f0-0fe5b1130000 pid=5041 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=9d677523-1900-0000-29f0-0fe5b1130000 pid=5041 execve guuid=99aead23-1900-0000-29f0-0fe5b4130000 pid=5044 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=99aead23-1900-0000-29f0-0fe5b4130000 pid=5044 clone guuid=eb4ef124-1900-0000-29f0-0fe5be130000 pid=5054 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=eb4ef124-1900-0000-29f0-0fe5be130000 pid=5054 execve guuid=3c833629-1900-0000-29f0-0fe5d1130000 pid=5073 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=3c833629-1900-0000-29f0-0fe5d1130000 pid=5073 execve guuid=3a497629-1900-0000-29f0-0fe5d3130000 pid=5075 /tmp/x86_64 net guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=3a497629-1900-0000-29f0-0fe5d3130000 pid=5075 execve guuid=c9427a54-1a00-0000-29f0-0fe577140000 pid=5239 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=c9427a54-1a00-0000-29f0-0fe577140000 pid=5239 execve guuid=68c5695b-1a00-0000-29f0-0fe578140000 pid=5240 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=68c5695b-1a00-0000-29f0-0fe578140000 pid=5240 execve guuid=65b4d05b-1a00-0000-29f0-0fe579140000 pid=5241 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=65b4d05b-1a00-0000-29f0-0fe579140000 pid=5241 clone guuid=1c42e25c-1a00-0000-29f0-0fe57b140000 pid=5243 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=1c42e25c-1a00-0000-29f0-0fe57b140000 pid=5243 execve guuid=d0424262-1a00-0000-29f0-0fe57c140000 pid=5244 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=d0424262-1a00-0000-29f0-0fe57c140000 pid=5244 execve guuid=30edac62-1a00-0000-29f0-0fe57d140000 pid=5245 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=30edac62-1a00-0000-29f0-0fe57d140000 pid=5245 clone guuid=5fa9af63-1a00-0000-29f0-0fe57f140000 pid=5247 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=5fa9af63-1a00-0000-29f0-0fe57f140000 pid=5247 execve guuid=d9d9536a-1a00-0000-29f0-0fe580140000 pid=5248 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=d9d9536a-1a00-0000-29f0-0fe580140000 pid=5248 execve guuid=fdfab86a-1a00-0000-29f0-0fe581140000 pid=5249 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=fdfab86a-1a00-0000-29f0-0fe581140000 pid=5249 clone guuid=bcb08d6c-1a00-0000-29f0-0fe583140000 pid=5251 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=bcb08d6c-1a00-0000-29f0-0fe583140000 pid=5251 execve guuid=7e47fd72-1a00-0000-29f0-0fe584140000 pid=5252 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=7e47fd72-1a00-0000-29f0-0fe584140000 pid=5252 execve guuid=5320a873-1a00-0000-29f0-0fe585140000 pid=5253 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=5320a873-1a00-0000-29f0-0fe585140000 pid=5253 clone guuid=32e6ac74-1a00-0000-29f0-0fe587140000 pid=5255 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=32e6ac74-1a00-0000-29f0-0fe587140000 pid=5255 execve guuid=b2517879-1a00-0000-29f0-0fe588140000 pid=5256 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=b2517879-1a00-0000-29f0-0fe588140000 pid=5256 execve guuid=2d8f4e7c-1a00-0000-29f0-0fe589140000 pid=5257 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=2d8f4e7c-1a00-0000-29f0-0fe589140000 pid=5257 clone guuid=19cc9086-1a00-0000-29f0-0fe58b140000 pid=5259 /usr/bin/wget net send-data write-file guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=19cc9086-1a00-0000-29f0-0fe58b140000 pid=5259 execve guuid=a4d4928c-1a00-0000-29f0-0fe58c140000 pid=5260 /usr/bin/chmod guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=a4d4928c-1a00-0000-29f0-0fe58c140000 pid=5260 execve guuid=1bd43d8d-1a00-0000-29f0-0fe58d140000 pid=5261 /usr/bin/bash guuid=499eae10-1900-0000-29f0-0fe567130000 pid=4967->guuid=1bd43d8d-1a00-0000-29f0-0fe58d140000 pid=5261 clone eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=ad950211-1900-0000-29f0-0fe569130000 pid=4969->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 132B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f5022617-1900-0000-29f0-0fe581130000 pid=4993->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8e365417-1900-0000-29f0-0fe583130000 pid=4995 /tmp/x86 dns net send-data zombie guuid=f5022617-1900-0000-29f0-0fe581130000 pid=4993->guuid=8e365417-1900-0000-29f0-0fe583130000 pid=4995 clone guuid=8e365417-1900-0000-29f0-0fe583130000 pid=4995->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 34B e2b85705-f4de-5d08-97e2-43e6315e6586 viba.duckdns.org:56999 guuid=8e365417-1900-0000-29f0-0fe583130000 pid=4995->e2b85705-f4de-5d08-97e2-43e6315e6586 con guuid=db076017-1900-0000-29f0-0fe585130000 pid=4997 /tmp/x86 guuid=8e365417-1900-0000-29f0-0fe583130000 pid=4995->guuid=db076017-1900-0000-29f0-0fe585130000 pid=4997 clone guuid=24235c17-1900-0000-29f0-0fe584130000 pid=4996->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 133B guuid=cd62d91d-1900-0000-29f0-0fe59e130000 pid=5022->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 133B guuid=eb4ef124-1900-0000-29f0-0fe5be130000 pid=5054->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 135B guuid=3a497629-1900-0000-29f0-0fe5d3130000 pid=5075->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 0fac5c0b-8763-5166-9296-402d073ea2e0 0.0.0.0:48123 guuid=3a497629-1900-0000-29f0-0fe5d3130000 pid=5075->0fac5c0b-8763-5166-9296-402d073ea2e0 con guuid=01726454-1a00-0000-29f0-0fe575140000 pid=5237 /tmp/x86_64 dns net send-data zombie guuid=3a497629-1900-0000-29f0-0fe5d3130000 pid=5075->guuid=01726454-1a00-0000-29f0-0fe575140000 pid=5237 clone guuid=01726454-1a00-0000-29f0-0fe575140000 pid=5237->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 34B guuid=01726454-1a00-0000-29f0-0fe575140000 pid=5237->e2b85705-f4de-5d08-97e2-43e6315e6586 send: 10B guuid=20567354-1a00-0000-29f0-0fe576140000 pid=5238 /tmp/x86_64 guuid=01726454-1a00-0000-29f0-0fe575140000 pid=5237->guuid=20567354-1a00-0000-29f0-0fe576140000 pid=5238 clone 761d5e24-199c-5850-8133-16da238615c6 viba.duckdns.org:80 guuid=c9427a54-1a00-0000-29f0-0fe577140000 pid=5239->761d5e24-199c-5850-8133-16da238615c6 send: 133B guuid=1c42e25c-1a00-0000-29f0-0fe57b140000 pid=5243->761d5e24-199c-5850-8133-16da238615c6 send: 133B guuid=5fa9af63-1a00-0000-29f0-0fe57f140000 pid=5247->761d5e24-199c-5850-8133-16da238615c6 send: 133B guuid=bcb08d6c-1a00-0000-29f0-0fe583140000 pid=5251->761d5e24-199c-5850-8133-16da238615c6 send: 132B guuid=32e6ac74-1a00-0000-29f0-0fe587140000 pid=5255->761d5e24-199c-5850-8133-16da238615c6 send: 133B guuid=19cc9086-1a00-0000-29f0-0fe58b140000 pid=5259->761d5e24-199c-5850-8133-16da238615c6 send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wz2incdcgmv5evjsa7syd4x7eqtaqbhakygnkehvgbz4tpv62pba._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/251118-xrvnwaymby/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
viba.duckdns.org
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b674868862332bd2553207e581f2ff24260804e0560cd510f53073c9bebed3c2

(this sample)

Mirai

elf b374fa15482ea33ed27b9258c7a5a5cd965aa58858788f4ed4f59d348b061e7f

  
URLhaus
https://urlhaus.abuse.ch/url/3667552/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3667551/
  
URLhaus
https://urlhaus.abuse.ch/url/3667550/
  
Dropping
MD5 6a6dd9971984cefc5f4a6b23d6140c11
  
Dropping
SHA256 b374fa15482ea33ed27b9258c7a5a5cd965aa58858788f4ed4f59d348b061e7f

Comments