MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89
SHA3-384 hash: f4a255c668f9516f3cbfae4b16fd9af26029af0b596c1057741a901b53a04c9cc1d47549b3549d6ac933249327993e25
SHA1 hash: 36fe879dea70e3217671b8a08bf47ae6dfb19a91
MD5 hash: 008a8a5ee25bf0ce08d857ac1df3885c
humanhash: equal-don-papa-hotel
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'368 bytes
First seen:2024-12-26 09:11:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Auvc2A+W3cWAPw4Mxceb9AAunyNI9cAlAKXcJ/yc+KuAyINUacW3vARlecEcqAa6:AI5euyNIg0KcIWG364IsTph4CGz
TLSH T17221D285132ADC0B53FFCF8AB522818CF050C4A768AFD79CD00D8D78E565204B4B6D69
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.213.190.246/bins/byte.x863c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615 Mirai32-bit elf mirai x86-32
http://154.213.190.246/bins/byte.arm36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm59a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm67f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm75da633f7a8255cbb98c8a7e20275283dfbd32e8caf222d8427ced92340a4fc0c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.m68kddfa8420830bc6c810baea92c293ffd3887f72efa0783df911034a11f382f431 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mipsb3bfa58c4e2b12d2dfa7571a84ca63bd2103e2f022e0f7caa8f02607e9f96d51 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mpslafa7eab80fa5332cb8e1c47751769c5903221c91f96de122a5ac9121d598f197 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.ppc8839604630cffc6f3ee31aaa8c20f65452036349b047978adcf9149a67f50511 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.sh4f748206ffbad9746b208a6f0c0135d9f1f670664f4eab81c9ca311f000401e67 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.spce76f1b70be2277a65f7fe5c758178f224c06cf1c09ec520a1f70df07b3f6b408 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676d1df38a4d48ee35ff95a3linux22vpnfull_triage
Tags:
malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/676d1deed986a2005f8c99cf/reports/a79cedc5-5e4d-430f-9b3e-0ff2a010317e/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-12-26 09:12:12 UTC
File Type:
Text (Makefile)
AV detection:
10 of 23 (43.48%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2irptwnw5vmzekl7pg6g36nuq6jy6xj5wed75h7icozvexpnpseq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241226-k56xvaskam/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d222f9d9b6ed5992297f79bc6df9b487938f5d3db107fe9fe813b3525ded7c89

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  
URLhaus
https://urlhaus.abuse.ch/url/3377061/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3377094/
  
Dropping
MD5 bb9275394716c60d1941432c7085ca13
  
Dropping
SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments