MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52
SHA3-384 hash: 4849693506570b32f49e67310489c27c7d1acd3614af4b7025150a510d2d27b4742194c8e98e944cf454e279b09e5147
SHA1 hash: 0c60a846f8d6a1ccd8896a2a0b665da7d99bd14f
MD5 hash: 55d999d6cd4342cdec48514b7cdb5531
humanhash: skylark-echo-summer-east
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'251 bytes
First seen:2025-05-07 14:42:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:JK3QK33RK3czK3xBKZUKLKfiK5K1K+KsKnK3fK33eK3cYK3xOKZTKgKfxK2KSKtB:/0oO
TLSH T1594142CD23A1A6930F5D9E19B0F68C886404C5D1AC61DF19AC5CACF6A8D4E01726DBFF
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.248.238.54/arm6f6b15d1480dcd4eb3339bfe5210a58694433f7d62fa38b4d4ab729810ec301b Miraielf mirai
http://161.248.238.54/arm59f8d153c1085b0e95550fc4e5565253c5e67ec00787ba1e8361ee9509c689e23 Miraielf mirai
http://161.248.238.54/arm666379a88fb87bf7d23187ba8479f26322ff3e3547b3986d09ab8bffd2f1f064f Miraielf mirai
http://161.248.238.54/arm79f3155bea08d56448740c4777a9e83a10ee28f619e7e1c9175122e6422100f1f Miraielf mirai
http://161.248.238.54/m68kn/an/aelf mirai
http://161.248.238.54/mips11307d83209bca0e6faa99051785a69b08369c33603fcaf9f8e2603c37146612 Miraielf mirai
http://161.248.238.54/mpsl952c4a054a4efd75cc6fb16ee0015c61005ec5beaf6158bf0fe4baee9eab43b5 Miraielf mirai
http://161.248.238.54/ppcn/an/aelf mirai
http://161.248.238.54/sh4n/an/aelf mirai
http://161.248.238.54/spcde7a5d186f6479d750e25924643899efa46b62832ab17affa562abe7931bc2d8 Miraielf mirai
http://161.248.238.54/x86c30a4fd2a4d30dd2a85af8c15754c5ede1a824b8dbe0254d6e4d5474cb4a060e Miraielf mirai
http://161.248.238.54/x86_645c279f4fc7c31f9c35ab244de3d2841b610d24b88286a6b28760a313ec093627 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681b71c791991ead82b5d984linux22vpnfull_triage
Tags:
backdoor trojan hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681b71830b64e174c41c14dc/reports/2bdadbe3-293b-4a34-a7c6-95e4aedb25d6/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-07 14:32:05 UTC
File Type:
Text (Shell)
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zzuj6yy2a3qgy2q5wi6naid4jsecfnyy7mqsekz7zv6scfk2rnja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250507-r3nf2sbr5x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ce689f631a06e06c6a1db23cd0207c4c8822b718fb21222b3fcd7d21155a8b52

(this sample)

Mirai

elf 6f6b15d1480dcd4eb3339bfe5210a58694433f7d62fa38b4d4ab729810ec301b

  
URLhaus
https://urlhaus.abuse.ch/url/3537824/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6f201b7f56765644fd89df5c8cf6de85
  
Dropping
SHA256 6f6b15d1480dcd4eb3339bfe5210a58694433f7d62fa38b4d4ab729810ec301b

Comments