MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac
SHA3-384 hash: c2c8a4d6344c77f43d97903861b6cd52b32d1a226bb4c66139954b12a28c3b986963e68838191dabb40e8da2d81dd750
SHA1 hash: de811743e7189d7e10cc80768c02a143eb3b74ad
MD5 hash: 44f2d87ce683e8ca24848d5c720ae40e
humanhash: tennessee-single-cat-table
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:577 bytes
First seen:2025-12-06 17:51:10 UTC
Last seen:2025-12-06 17:55:09 UTC
File type: sh
MIME type:text/plain
ssdeep 12:xnmxqxnURHxn1NIjlTBAxnmiKl2ExnQdKAxnB9qxnp0qxnHh7IAUv:hmxWUH1NIpKbKlF3sBY5Hmv
TLSH T147F08C8C0222682713688E0AB42DD10AD446F2C07BB12B4AEE2661AD6C9420B701DFD7
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://134.195.137.84/bins/parm0159cc82783133fadba23d723a60a147c3ad0a66330990c703bddd8ae624f0d7 Miraiarm elf geofenced opendir ua-wget USA
http://134.195.137.84/bins/parm5fafa43c38a5fb5cbbf3a90cb3542271bd6905796589bed3f93402d5df42d5259 Miraiarm elf geofenced opendir ua-wget USA
http://134.195.137.84/bins/parm69eb53795ab94a0dd7af7f05eb8d950a9858da8ca74e9ec98350f6f72ae6742e6 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.84/bins/parm7b67a1c34960d4a7844c7a0ddfed31815f2b687029fcb12eb69734a7fc9350543 Miraiarm elf geofenced mirai opendir ua-wget USA
http://134.195.137.84/bins/psh41087e419327971f9df908df5a41aa0605a504f46328662519ab517e325883a61 Miraielf geofenced mirai opendir SuperH ua-wget USA
http://134.195.137.84/bins/pmips877df054bb56d748db96839685b8130e134ca8fb28bd031da076ea5fb6bf74b0 Miraielf geofenced mips mirai opendir ua-wget USA
http://134.195.137.84/bins/pmipseln/an/aelf ua-wget
http://134.195.137.84/bins/px8622941b4caec4169d45bb23767e4644b9b0161388c4e822d2ada9a1d7971ebc2c Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69346d29bc15eab491f5f533/reports/4818dafb-e412-41f5-a6a3-0ccd37053824/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-12-06T15:58:00Z UTC
Last seen:
2025-12-07T02:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 17:52:21 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2vahnxuv53sm46oy2bulnlrx6nmmgd4246spvs57c3ffhgspowa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251206-wfg3zaxqgn/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ceaa03b6f4af772673cec68345b571bf9ac6187cd73d27d65df8b6529cd27bac

(this sample)

Mirai

elf 92db700af734af799d2e3a8ab2986081c195b50d96df826f34dd7c0c617864c8

Mirai

elf 0159cc82783133fadba23d723a60a147c3ad0a66330990c703bddd8ae624f0d7

  
URLhaus
https://urlhaus.abuse.ch/url/3727844/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d779969993b636b9025dfd2dde445be4
  
Dropping
SHA256 0159cc82783133fadba23d723a60a147c3ad0a66330990c703bddd8ae624f0d7

Comments