MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d
SHA3-384 hash: 5ec685129bf599571f8b9c923b9cca7f36a0038f02bba3111d73d47b9e24f920feb07cbab3420136ff4c5e50b747de32
SHA1 hash: 6038576e2ce856bb94d86cf2a7046455ca9a6e24
MD5 hash: bf3cdbf57d76a29fc42bfe10d6067a64
humanhash: fix-table-video-johnny
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:1'623 bytes
First seen:2025-05-10 00:07:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:GIb1wacMiLcMcqcMCGcM6zcM6KXOcMVCcM5ytOcMiGcMcxcMCFcM6OcM6KX2DMmw:jD0kq7izSj8vTkxWiOSOMvxfyzJ
TLSH T19B31F8943CE19F779602DF82F3324225B603C98B80D00E5DA5AA107DDCBC918397AE0F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.29.68/mipsf84d591eb643e47542bf9665307d909fcb252b170f31280b6c18f6dac877fdc9 Miraicensys elf mirai ua-wget
http://103.149.29.68/mpsl147125b7314161e8eeaacc8887ec43c85f38936bd96c534276ac90c97594fd56 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm4db24eade25ad55c9f76db969f88ae866d330d2d2d30d85533ec9831bfaa0b55c Miraicensys elf mirai ua-wget
http://103.149.29.68/arm57acfedd2b92a0d344c1ae07d037be2dadcf1f27f64fbd72c18ceb03d53c2d6b9 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm744ae290eefb70f644382bd2f1ff6232150ba5872b8a4d7feef1fe45e2371de94 Miraicensys elf mirai ua-wget
http://103.149.29.68/ppcac75e324b6f26b2629d51d72732c97275cbb0b7d1082adaa3172ce279ef86a42 Miraicensys elf mirai ua-wget
http://103.149.29.68/sh4aa83d64c92decfb4ef8ad8aa9f8d7a6f30c9b6128ddaea3d7d20acf451acc3f7 Miraicensys elf mirai ua-wget
ftp://3.149.29.68:8021/mipsn/an/an/a
ftp://3.149.29.68:8021/mpsln/an/an/a
ftp://3.149.29.68:8021/arm4n/an/an/a
ftp://3.149.29.68:8021/arm5n/an/an/a
ftp://3.149.29.68:8021/arm7n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681ef15ce16384d6a70365c5linux22vpnfull_triage
Tags:
trojan agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681e98e78d43c3a878fa13f6/reports/843ee40f-bad0-43d6-9eb7-331f2809a21f/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-10 06:21:09 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxayub5jz2hcbkysqh5jiw3mxgxbc56hvpq6wqemcyuyw4w72mwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cdc18a07a9ce8e20ab1281fa945b6cb9ae1177c7abe1eb408c16298b72dfd32d

(this sample)

Mirai

elf 019dddb50e30d8cb3c6bb2bad01bc344152df54207c70c5d6c05b9f8ad4c8d49

  
URLhaus
https://urlhaus.abuse.ch/url/3537890/
  
Delivery method
Distributed via web download
  
Dropping
MD5 83df9df5c64f1de8b9074f5efdbcc97e
  
Dropping
SHA256 019dddb50e30d8cb3c6bb2bad01bc344152df54207c70c5d6c05b9f8ad4c8d49

Comments