MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2
SHA3-384 hash: 622b616df6d4e7d3647ad2a8e65b3c3d6c1b5bbe40a6ce22bc0b8a00f0cb9cb0256047f2f4db776c21995177fd03e298
SHA1 hash: f5c30dfba52f6e12badf20974306a633a6784b67
MD5 hash: 5c7a93d10ffbcc1b90e4ab6447299c8b
humanhash: louisiana-video-idaho-two
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'029 bytes
First seen:2025-07-21 06:39:29 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:RTx+2bcArE+23NI+3BEA+2cTKRiH+2PNZIq+2iQi+29TNPcw+2xg+2fB0KA+2Hzf:Rn03NI6fKKEPN+2iPZxmt0NF3d/xn
TLSH T175111CFF5392610701B8CEC534AA06049655979BF47C4B3BB5C8ADBB64D8A04B06CF8F
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://37.114.50.115/bins/morte.arm1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b Miraimirai opendir
http://37.114.50.115/bins/morte.arm5bb58685e750ea7ea86ef5e8e0272309259225751e891a8180edeb43f00e12237 Miraimirai opendir
http://37.114.50.115/bins/morte.arm6fc5cd925ce297000ca57784ead53c74be59b7f1947fe30fc596b8288b58e34ac Miraimirai opendir
http://37.114.50.115/bins/morte.arm7f668ad9e7208fb93503504745e844534c2f1cd03bb8be6580ceb107b2f3e5c1f Miraimirai opendir
http://37.114.50.115/bins/morte.m68kb34ab7b3235520d509129dbf8ce61fa4aaf07c689caf1086678d209c2bdfb15f Miraimirai opendir
http://37.114.50.115/bins/morte.mipsdb7c3f4a4d9955f60e2428d33081b7516d2b05a554549ef7435ad5f0da26aebc Miraimirai opendir
http://37.114.50.115/bins/morte.mpsl6a381680badfe72a680a7ebbac5a87b69b92bef8cf495dea18c08768ae4a8104 Miraimirai opendir
http://37.114.50.115/bins/morte.ppc4c2307922752b1dda4168efb06f7f577df1e1a6b559b16e290533fa875bbfb67 Miraimirai opendir
http://37.114.50.115/bins/morte.sh4aeaca0a823b1c1ba1fef65021e4435d355d8da6763b976bfecfe002a17023b80 Miraimirai opendir
http://37.114.50.115/bins/morte.spc600fc077b364f1e19774afc961c350ca78168a7c89985b8d649d18a784bb54ca Miraimirai opendir
http://37.114.50.115/bins/morte.x866b89288f82c10313cc04d6801994f61ae0f454a8e49ae902416549475d22563e Miraimirai opendir
http://37.114.50.115/bins/morte.x86_640f3d5843dbea20320950015e6b16d397ead64d3a0cc0c0c9d236ab0c329e5c3c Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Unknown
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687de0e27bc45bdee1b2e021/reports/211f3d8a-8917-46f4-9732-6d53aea08612/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f760056f-c692-4dc3-af81-be1c470c9d41
Behavior Graph:
Download SVG
%3 guuid=92b6d51d-1a00-0000-ea5d-2b9fb20a0000 pid=2738 /usr/bin/sudo guuid=9a664720-1a00-0000-ea5d-2b9fb70a0000 pid=2743 /tmp/sample.bin guuid=92b6d51d-1a00-0000-ea5d-2b9fb20a0000 pid=2738->guuid=9a664720-1a00-0000-ea5d-2b9fb70a0000 pid=2743 execve guuid=e7b38c20-1a00-0000-ea5d-2b9fb80a0000 pid=2744 /usr/bin/wget guuid=9a664720-1a00-0000-ea5d-2b9fb70a0000 pid=2743->guuid=e7b38c20-1a00-0000-ea5d-2b9fb80a0000 pid=2744 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-21 06:40:35 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoppap4ebeudfefn7oqtpnr6g2yvfdgtd7embsxh272cjg462pja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250721-hfgkjsxnt4/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bb9ef03f8409283290adfba137b63e36b1528cd31fc8c0cae7d7f4249b9ed3d2

(this sample)

Mirai

elf 0f4dd32bbc70a788e271114b388a8199ad1e13aa02b390a354e555c9ff1c89ae

Mirai

elf 1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b

  
URLhaus
https://urlhaus.abuse.ch/url/3586689/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3586691/
  
Dropping
MD5 289172bfab002afd1c028e2069cd4b30
  
Dropping
SHA256 1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b

Comments