MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930
SHA3-384 hash: e250a914107446f0f2b0909e2453ca05bcdf37a9430a064dde35847f0571c6f12923c848cf5457e4cf862c1927e978cd
SHA1 hash: 749c295fb5afe90f251a498f9042ec3ebaff48e6
MD5 hash: 2837eea3a70705aaa5c49a772dc81337
humanhash: social-iowa-sierra-connecticut
File name:uc.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:628 bytes
First seen:2025-01-22 08:11:22 UTC
Last seen:2025-01-23 00:40:24 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:KYLwkLlyNIl5X/0LKVwpytlW72ytsyfa/c:KmwqlyNI7XKKqYtlw2ytsyfa/c
TLSH T1D8F0BBCF6B1123E68C05EE91B5734C945406BBDC21E9C75DF8C55D29A894F80F468F4E
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://79.124.60.186/arm10f8ae13d953fae3b774e0add0441b439570554df2e680c245bee79cd0802e24 Miraielf mirai ua-wget
http://79.124.60.186/arm505b13bf8f70ed79e141feac59e6cf8fd244f912fb49de419bf191c4f302ac90a Miraielf mirai ua-wget
http://79.124.60.186/arm66440cdf936007223e72684767f5a8a808a9eac29bd91c62aaf33ce1d0d31fcd3 Miraielf mirai ua-wget
http://79.124.60.186/arm706c5a9b132c5381322d69c916a5956a63c5262ea46588d9caf694671521678d2 Miraielf mirai ua-wget
http://79.124.60.186/sh4001971a3336301324e84c355e3d6dfa6e64c39a7b803b9426c1336c78d67d482 Miraielf mirai ua-wget
http://79.124.60.186/arc6312fe1b0359bde5876d0d25cff90e7f940caf9e2e620eb3b85a2b2a9ae2a291 Miraielf mirai ua-wget
http://79.124.60.186/mipsdd468133d6cf72249cb0692655fe89a7efee041ac79e3dd932623f43026a00ac Miraielf mirai ua-wget
http://79.124.60.186/mpsln/an/an/a
http://79.124.60.186/spcn/an/an/a
http://79.124.60.186/x86n/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
59
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6790ac37e708b6e7a3af5d60linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6790a85d6bf8c8cec5f1d60f/reports/f949f853-2f6b-403b-8495-4f3582eb77c7/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-01-22 08:12:04 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2irznwp4eaoleh5pjjk253tf5rh5m4jmhie5r2s5ywx4yqgoneya._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250122-j3tztswqhx/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d22396d9fc201cb21faf4a55aeee65ec4fd6712c3a09d8ea5dc5afcc40ce6930

(this sample)

Mirai

elf 10f8ae13d953fae3b774e0add0441b439570554df2e680c245bee79cd0802e24

  
URLhaus
https://urlhaus.abuse.ch/url/3409798/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1a1de6528715ff281884ec898ca99c2d
  
Dropping
SHA256 10f8ae13d953fae3b774e0add0441b439570554df2e680c245bee79cd0802e24

Comments