MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd
SHA3-384 hash: a7778823ce418a9a028de2217a6365029332beb6d265af6631cfd42c4319e990269b97268bfd7db7e2593298038b5a07
SHA1 hash: d4cd986c4cabee5e1fecaa375f3d6a4828c82c91
MD5 hash: c90ba9602b0fd0594290d963ad92adf0
humanhash: indigo-apart-july-foxtrot
File name:bee
Download: download sample
Signature Mirai
Create hunting rule
File size:490 bytes
First seen:2025-01-26 13:37:26 UTC
Last seen:2025-01-27 11:30:31 UTC
File type: sh
MIME type:text/plain
ssdeep 12:2OJLHMH7LRHRNIl5rHCf0LKkHnvCH1aCH/p:2OJLHMH7LRHRNI7rHhKkHnvCH1aCH/p
TLSH T148F030AD766652CB8D48CE44B0734888A05DDBC9B074DF6EA8492C754CBF7403234F4D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.232.205.184/armb4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57 Miraimirai
http://185.232.205.184/arm4b4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57 Miraiddos elf mirai
http://185.232.205.184/arm5f641c646b09a47bce17d7c55b7323bb67bf16c151269d125f9615455955ab201 Miraiddos elf mirai
http://185.232.205.184/arm61200075da17d87d7748d66dde17eceb0f75fb2a2a491da622db0cdd3a61077a1 Miraiddos elf mirai
http://185.232.205.184/arm71473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraimirai
http://185.232.205.184/x86bbbd8da54939b309d5355cb37e5e526d0fd504634fe8e17d5b6a79635a951028 Gafgytddos elf gafgyt mirai
http://185.232.205.184/mips3609f8f3d45d41da70c11fc558eb7e37b6cae17d88c0179a4473d9991dad23cc Miraiddos elf mirai
http://185.232.205.184/mpsl647723492da9410480ea3337ea11c5e39d360305dea6a09eb661cce35b9a8b7e Gafgytddos elf gafgyt mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67963de1752ec6ca68011523linux22vpnfull_triage
Tags:
chacha agent hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/67963abb39aa2bdf29b25e92/reports/d363892f-576b-45a7-b621-7f17989f0a94/overview
Verdict:
Malicious
Labled as:
Trojan.Script.Downloader
Link:
https://www.hybrid-analysis.com/sample/bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd/
Threat name:
Linux.Downloader.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-26 13:28:01 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2ueipk6whodrhtdoi2synj3tz23auidrdnqxiqa63uv7l2yetoq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250126-q3h1wssqdz/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bea8443d5eb1dc389e6372352c353b9e75b0510388db0ba200f6e95faf5824dd

(this sample)

Mirai

elf b4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57

  
URLhaus
https://urlhaus.abuse.ch/url/3414917/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8b4d2cf17ee322b83dfef1df337f5cfb
  
Dropping
SHA256 b4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57

Comments