MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4
SHA3-384 hash: 01e27ce8c4e2672a6c1f51923750d339262daa3b3b031f8e0ef63bd948d0d4b87ce4e47639daf81d959bc498bad4349b
SHA1 hash: 3119b67e969d9f57555a924a42e46fc76dff1c4e
MD5 hash: 2b230aa4490c59ae07768528d8192d64
humanhash: kentucky-blossom-network-illinois
File name:c
Download: download sample
Signature Mirai
Create hunting rule
File size:801 bytes
First seen:2025-11-28 18:34:16 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:wUOM5pQoGiMvXxGxlR7HzDS6WVGv3qon7cSJno/pXhvDcW/yu:NZ6Gx37HvS6WVSISexx7cbu
TLSH T1D10124FD04666C4878CEA67A327B17557488A607B87B4F4CACC828ED9884E437075A85
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.241.208.197/xd/bips6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b Gafgytelf gafgyt geofenced ua-wget USA
http://185.241.208.197/xd/bipseld81305aa62c634523e9e7244fa27113954cfb1fa0c729c5a4c44441248d8ba6c Gafgytelf gafgyt geofenced ua-wget USA
http://185.241.208.197/xd/cameraSpy869c88187b896637f0b284f34b5bacc456d84127c7755f1c5b626ebc2372187c Miraielf mirai ua-wget
http://185.241.208.197/xd/dropbear9e092f88fc7871f4417fa24b682919c2e6e8fd807edad4a8cd8da656b522da23 Miraielf mirai ua-wget
http://185.241.208.197/xd/sshd3364bdb131f8fa1da1a4c910ae7605bcdd6cc57d780d11432f0010008948ebc1 Miraielf mirai ua-wget
http://185.241.208.197/xd/powera6c6489d1f844db3c842b57c361535065a3082b42155769b03fa66c2031bdcb3 Miraielf mirai ua-wget
http://185.241.208.197/xd/realpowerbdf59f4a8ab5cbb846a5464d4d5c52fa45eeac71843f47205b3d1861bdffb655 Miraielf mirai ua-wget
http://185.241.208.197/xd/i68662e5a7394eecd9fad29bca64952ed64879cc0cee08d2349478cc9939e9835100 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-28T15:47:00Z UTC
Last seen:
2025-11-29T03:28:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-28 18:19:51 UTC
File Type:
Text (Shell)
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmq5um4ehvtnyjhck2gmls5xwkeg6o3g5s6doratukximvrhj3ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bb21da33843d66dc24e2568cc5cbb7b2886f3b66ecbc374413a2ae8656274ec4

(this sample)

Gafgyt

elf 6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b

  
URLhaus
https://urlhaus.abuse.ch/url/3718807/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e9a9eaee0b6e4e64ad85ba9cdb874432
  
Dropping
SHA256 6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b

Comments