MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6
SHA3-384 hash: 793d1e8d612d23cbcd8cafcd1fe57784675bc2ec66f1ae6c803a63b6e79967f4ab6edfe75a9fbad69a967678f65fdefc
SHA1 hash: 98307cb29ada461d6302e33b0550821b6e42664a
MD5 hash: 48fc3a29c2431a17b73cd0e680c34179
humanhash: neptune-delaware-lithium-friend
File name:yrn.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'028 bytes
First seen:2025-12-06 07:32:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:20vWvZkj0ORo0KN80KN80yHycNbXbPb+bSbd+:2OsujUogJbXbPb+bSbd+
TLSH T1E811B7D516B1A372DC58DF0CFEB0491CD01E27A6E4DF3DE446CA6A992C1D90836A8736
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://179.43.172.109/bins/x86c04f3c0c359057740a11e3893df15102fd05a8699b8781311e0e8ebb153c25e6 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6933dc38bba50eaf04241b71/reports/541a5013-e0d3-493a-8b9e-d72844c7866c/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-06T05:10:00Z UTC
Last seen:
2025-12-06T07:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 07:15:06 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zs4nqy5o5fvxwhp6jrh4bdgelgqrudx6uwtuo5lc4rle7gjcql3a._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/251206-jdlbdscz5c/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ccb8d863aee9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ccb8d863aee96b7b1dfe4c4fc08cc459a11a0efea5a7477562e4564f992282f6

(this sample)

Mirai

elf 7a60331e4c14e1c780acf4377a2b5230359f5cf9219302597d0510db4464fdbd

  
URLhaus
https://urlhaus.abuse.ch/url/3726992/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fb941b7d5b79e32604fa1a7088b6373e
  
Dropping
SHA256 7a60331e4c14e1c780acf4377a2b5230359f5cf9219302597d0510db4464fdbd

Comments