MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78
SHA3-384 hash: 12e5d685331c0756c1e1517d8bf8cb1779ef4a92f11eb45b1a5b100d9c5877306cade1d79af05379efe235d059d8c7d4
SHA1 hash: 4281a873baaa2f2053fcf37912a893949546d99e
MD5 hash: 8b5ae0e65730efbec5305c4e58a01be6
humanhash: orange-triple-avocado-sixteen
File name:linnn
Download: download sample
Signature Mirai
Create hunting rule
File size:1'549 bytes
First seen:2025-09-03 04:14:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:sF+l/2rvvT/2elc/2+sAd/25ctl/2n7t/225s/2CsX/2Di7/2QR/2z2O/2o:eiK7QDNNKJtQ+SGTUZd
TLSH T1A231D4C950A086B63CD49D8B756BCC0E3027F58E18C95F8ADEDC34FA588CE81B055703
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.177.197.168/x86_647e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f Miraielf mirai
http://139.177.197.168/mpsl73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f Miraielf mirai
http://139.177.197.168/mips4e589892f95fe0035dbda7f3c189adee300dd94ee2de6bff873822f450080696 Miraielf mirai
http://139.177.197.168/arm4a2d3763d65108aea92fcbea331ae846d7f9d4ce0e8da0102b807b74eaecc7b7b Miraielf mirai
http://139.177.197.168/arm54b556c1816c13581e8391b6db17a9c1b1541adb871a29885129883e85f23b41a Miraielf mirai
http://139.177.197.168/arm6d36f3c629742f780da8f8a520381eb82bd8b3df8ad89a3b95d133354b3c836f0 Miraielf mirai
http://139.177.197.168/arm71037110be4c7ed0ab6be853d1bf99d95faac02e9ffdb5b3e8420ad5c3750bd8d Gafgytbotnet gafgyt mirai
http://139.177.197.168/m68kn/an/aelf mirai
http://139.177.197.168/x865356de50d524ed4ff2f4c815ee2e0d389542df51eda110feca31615e4aca7c31 Miraielf mirai
http://139.177.197.168/spcb23980490a512200d8d9b799a7f6a11279859862a5a151730a9548bdd079565e Gafgytelf mirai
http://139.177.197.168/ppcc2d57db0733962630a62af61e4c5150469715c967439ab17b224a5e0e28e8915 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78
Verdict:
Malicious
File Type:
text
First seen:
2024-04-14T16:45:00Z UTC
Last seen:
2024-04-14T16:45:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/415b8978-b25a-4755-a611-262ac94b7046
Behavior Graph:
Download SVG
%3 guuid=a21d72dc-1900-0000-6e65-ce76b60a0000 pid=2742 /usr/bin/sudo guuid=2a5977de-1900-0000-6e65-ce76b80a0000 pid=2744 /tmp/sample.bin guuid=a21d72dc-1900-0000-6e65-ce76b60a0000 pid=2742->guuid=2a5977de-1900-0000-6e65-ce76b80a0000 pid=2744 execve guuid=dbfeacde-1900-0000-6e65-ce76b90a0000 pid=2745 /usr/bin/rm guuid=2a5977de-1900-0000-6e65-ce76b80a0000 pid=2744->guuid=dbfeacde-1900-0000-6e65-ce76b90a0000 pid=2745 execve guuid=f7171cdf-1900-0000-6e65-ce76bb0a0000 pid=2747 /usr/bin/busybox guuid=2a5977de-1900-0000-6e65-ce76b80a0000 pid=2744->guuid=f7171cdf-1900-0000-6e65-ce76bb0a0000 pid=2747 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-07-04 04:23:08 UTC
File Type:
Text (Shell)
AV detection:
21 of 37 (56.76%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mywvrm6nhmmo72p3fssd6oxmjbmvdg77qqzrep53s3scmm2vv4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250903-ey2fwser2v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d3316ac59e69d8c77f4fd96521f9d76242ca8cdffc219891fddcb721319aad78

(this sample)

Mirai

elf 7e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f

  
URLhaus
https://urlhaus.abuse.ch/url/3615974/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fcfef12901b0eb48e34e9a238d163089
  
Dropping
SHA256 7e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f

Comments