MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9
SHA3-384 hash: 9c55ac2480085c600f5f1a81e7027a67bf4b4a0faf1b07c18529cff3c4acdb592b30771a8e2c34d1637fd4237d836b5b
SHA1 hash: 0bdbb145a5e326497c1bfdc77bc95c3885870384
MD5 hash: 83f6ba22c9fd5d5e9d63f601c9f5e0f7
humanhash: seven-chicken-lima-helium
File name:huawei
Download: download sample
Signature Mirai
Create hunting rule
File size:2'399 bytes
First seen:2025-05-06 17:57:47 UTC
Last seen:2025-05-07 07:34:57 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vfkekUmCfkDk8OCfktakt/CfkSkXCfktkK4Cfk7ak7lCfkXkJCfkzk7NCfkEkJCM:vHWHM9KzkPazYpZIIa
TLSH T10041B2CD135382307E55DE277DE6D81872A5A4A9ECC28F9499F938FC404EF089940EE3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.84.250/bins/x86d32808af1e42d5e38850da570373372c6acbd46f21cc5f40cad349816afff6d2 Miraielf mirai ua-wget
http://196.251.84.250/bins/mips708cd48e7af4d40c16fcf7e30ea9d0c696816c6722d90c0248a00106bb30fcb7 Mirai32-bit elf mirai
http://196.251.84.250/bins/mpsl4991a1558e62267fa1a41abb9c19796609f26e7426d283017a3b9e83cf7599d0 Miraielf mirai ua-wget
http://196.251.84.250/bins/arm93d798bc2b8e2746f772cbe2346fa4abb0dd07ad93512c2021ea15cd900a73d9 Mirai32-bit elf mirai
http://196.251.84.250/bins/arm5a52acf74b82e2a8d34d49b7bcb81fae3ca2bf7ba4937884c3b4cb4f8e849feac Miraielf mirai ua-wget
http://196.251.84.250/bins/arm632d033f243ddd5c2a7462deedc63297a1af5a5f583a799ecb07ed88a5c8100d5 Miraielf mirai ua-wget
http://196.251.84.250/bins/arm7n/an/acensys elf ua-wget
http://196.251.84.250/bins/ppc3b8cba8e9d4b92c37c00e78bd3642a13f54e547fb0619270bc03f00af8bd1b28 Miraielf mirai ua-wget
http://196.251.84.250/bins/m68k240a26f3fae0060c058a4b49d8681757dc04e737c594cdc471041c30c9f4f765 Miraielf mirai ua-wget
http://196.251.84.250/bins/spc139752248d1b8b97331aa528399982e2f5776d2ec38e783f2357f47a0e23ad73 Miraielf mirai ua-wget
http://196.251.84.250/bins/i686n/an/acensys elf ua-wget
http://196.251.84.250/bins/sh42f5bccd2e1bd3474bc60eeb58d47ba361827321324a3edd2aa65cd586487811c Miraielf mirai ua-wget
http://196.251.84.250/bins/arcn/an/acensys elf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681a4eae432e243ac3e4aea3linux22vpnfull_triage
Tags:
ransomware mirai overt virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin mirai remote
Link:
https://www.filescan.io/uploads/681a4dab0b64e174c41a6572/reports/2b8d7a6e-1e94-40cd-87da-6cb997353a1b/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-05-06 17:57:08 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7d5rsm2pkd4ytppdvbj7gkhti5g4tuoadmhiqlrhnoqyz4upxeq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:wicked antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250506-wj8p4ahn9s/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Creates a large amount of network flows
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (7622) amount of remote hosts
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bfc7d8c99a7a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bfc7d8c99a7a87cc4def1d429f99479a3a6e4e8e00d87441713b5d0c67947dc9

(this sample)

Mirai

elf d32808af1e42d5e38850da570373372c6acbd46f21cc5f40cad349816afff6d2

  
URLhaus
https://urlhaus.abuse.ch/url/3536631/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cf5c2838c5bb507167668ec7d25ada91
  
Dropping
SHA256 d32808af1e42d5e38850da570373372c6acbd46f21cc5f40cad349816afff6d2

Comments