MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d
SHA3-384 hash: 548b74c3223baa77c2698816fb7b987121dc247a431abdb441d9aa08083ed006a776ccbcad491bdcf662d374a11daf56
SHA1 hash: 314b5a2e9fddc9027cd94b051b23fef98292a996
MD5 hash: 1186b4365502de4ad7cd4959d26e7756
humanhash: ten-finch-fifteen-paris
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:924 bytes
First seen:2025-01-10 18:46:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:HtJTACxfoQ2WRpamgQebjsx91eUa74M1UtvjhB1AX/5sJ:HXxJoQD7amgQcueUa7z3+J
TLSH T1BD11DDCE47F0BA508488DD0660630995DB25CBC161E16FDABEE90C7389C8FD4B86AF57
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://141.98.10.40/wev8673b224ca0b265b966bab0a5e12a56c5ad724d8be7e45375937829dc40b763f9f Miraielf mirai
http://141.98.10.40/vevhea46717a34d3a9e62bcb38aa09ec5d9b808b47e43e0e6414d2dec524dc260067bb1 Miraielf mirai
http://141.98.10.40/ngwa52af4488381adf88522c2b490c0ee889dda0f581bc5626b0eb8117e6e451138a1 Miraielf mirai
http://141.98.10.40/woega65134d50dc2ecb23c3b79aeaac70840e68df6c1cc87a9753673a0cbf2a508e73a Miraielf mirai
http://141.98.10.40/ivwebcda7eb1becb13b33f5919802d491858aa980ca5651b13e622315338aee57b5c7717f Miraielf mirai
http://141.98.10.40/debvps49576a80267abe5303a939184d9be72fb7bc25a605705892ae4ad87913a66b6d Miraielf mirai
http://141.98.10.40/fbhervbhsl065be6eca92b89d586b6a0f55bf27ce74da7f217f1b62bfafd845c71f2483761 Miraielf mirai
http://141.98.10.40/fqkjei68666778b88710ef39bf7adc25fc48b0ca0888132b9f98f73733db118b4c176a1ed Miraielf mirai
http://141.98.10.40/gnjqwpcf71b8e92a8e65877a01b39da313e005b7437b9c9712e753d3fefc1e8f849a47f Miraielf mirai
http://141.98.10.40/qbfwdbgc9156abfacfc54dbab20f1878c989ab65cf3dc2a78f1178f499f8f9e15ee214f Miraielf mirai
http://141.98.10.40/jefne64684933d923e088f8540f80518e1e39fc9fe57fc7dd45c9869c8115b8ad9c9c5b Miraielf mirai
http://141.98.10.40/wlw68k0ababc1f58c9b140857ef6bf7c803acbdc8217471c5f849786fcdf5e2cde4ce3 Miraielf mirai
http://141.98.10.40/wrjkngh4fd49a88d5f9d3c9ca2d5b9418c01dbca4415085ad561beac43ce01eafbb804f1 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67816b371e9cdec7dbbb8972linux22vpnfull_triage
Tags:
mirai
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug bash lolbin remote
Link:
https://www.filescan.io/uploads/67816b32cc92c77244bed55a/reports/fdcdaef9-8bc0-4222-b286-f683c0dd77cc/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-10 18:47:10 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xk3dj6jndak3vsvrpz6ig443xnp74olqoy33u4pyu544ud2gqgq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250110-xe7gxavmeq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d5d5b1a7c968c0add6558bf3e41b9cdddafff1cb83b1bdd38fc53bce507a340d

(this sample)

Mirai

elf 73b224ca0b265b966bab0a5e12a56c5ad724d8be7e45375937829dc40b763f9f

  
URLhaus
https://urlhaus.abuse.ch/url/3396256/
  
Delivery method
Distributed via web download
  
Dropping
MD5 31d6db8bba6407d7f4826efecf6a75e1
  
Dropping
SHA256 73b224ca0b265b966bab0a5e12a56c5ad724d8be7e45375937829dc40b763f9f

Comments