MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47
SHA3-384 hash: 5ef1e686bbbfe2c8d0d90431ad52601228a7a2b0f1fd5c4b1228a27bd81a38953dc7fba13e5b85c54dbd5065eb8eee35
SHA1 hash: 9313fb5f686795d57a399e180830938b5ea5d0d1
MD5 hash: 3f28a1b901ee2cf5ea6ea6169a286da7
humanhash: bacon-enemy-may-mars
File name:telnet.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'779 bytes
First seen:2025-09-22 05:52:06 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:bOx8/8wq3de5WNG9T8d4F+JruymavV+hO1ab:s9o
TLSH T1B63189CDD3A19ED2E646CF60B872C3C4A3ADD5CA2791CB71A4CA3C21984DA80BC75716
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.248.150.68:85/x86_64c5e0567df8996eb5f0255bc8c120cd0631ac5c142a6c5220f13cf993627ffd9c Miraielf geofenced mirai ua-wget USA x86
http://87.248.150.68:85/aarch647f26530e0279f5ea372b16432a3a7e129100de06bb3d57eb5b51e572fd84b80b Miraiarm elf geofenced mirai ua-wget USA
http://87.248.150.68:85/m68k6eec00e5461cf30aeacc2f74b9396392ebffdda45a8449146196762623eb7ad4 Miraielf geofenced m68k mirai ua-wget USA
http://87.248.150.68:85/mips23f4101ea2739ed6e18f7c5ec1fba7493313a8ec7581ab6ceba399a07f39d683 Mirai32-bit elf mirai Mozi
http://87.248.150.68:85/mipseld023fbac92a708cc2e9d723e6894b544e964ccfcf4acb4ae373c2d191be2d42f Mirai32-bit elf mirai Mozi
http://87.248.150.68:85/powerpcf518a63121d049a3f4030ca67bcb02ca19ed924b22ea252bd0d11b805b55cab0 Miraielf geofenced mirai PowerPC ua-wget USA
http://87.248.150.68:85/sparc81c697f89573af8f1755c71fbdd0c606722a82320d73c479598deeb49228f977 Miraielf geofenced mirai sparc ua-wget USA
http://87.248.150.68:85/sh4954d7769cb4502519f0075180e8a5eeca259ccfb8dd9893de358778948e3f7de Miraielf geofenced mirai SuperH ua-wget USA
http://87.248.150.68:85/arca594b3cd262deec71d411ab05e3f7fe646a7fc1842ce0adc01e09839ecaa7352 Miraiarc elf geofenced mirai ua-wget USA
http://87.248.150.68:85/i4864cee951e4b2bf7bf1240c10adfb78db50769197cb233e29cff374a257b171b74 Miraielf geofenced mirai ua-wget USA x86
http://87.248.150.68:85/armv4l08a12ea78ba03275be97db8ab26f77f2d17033f9b218780eca1b9d78a43dc507 Miraiarm elf geofenced mirai ua-wget USA
http://87.248.150.68:85/armv5lfa64fc3cd16bfed05daf32de0aae1df9825565b2b1a91b3c41c04ff671572f41 Miraiarm elf geofenced mirai ua-wget USA
http://87.248.150.68:85/armv6ld0287ee6b419fd5839bf106e550cb7148fd94ce06a781a5c75189d353b0279ba Miraiarm elf geofenced mirai ua-wget USA
http://87.248.150.68:85/armv7l0545abdcb90dfddcde873410d0aeb42f64b23b4adfb73b6d3f0ce9f51ed23e34 Miraiarm elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.683.9813.25280.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-21T20:18:00Z UTC
Last seen:
2025-09-21T20:18:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47/
Verdict:
Malicious
Threat:
Document-HTML.Trojan.Vigorf
Link:
https://tip.neiki.dev/file/d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-22 01:13:09 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=26d3u2muwk5q47sgu2zg7lcyrcwz6t7m2qfq5r6ia4imaptprvdq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/250922-gk3g5sdr41/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
Reads runtime system information
Changes its process name
Checks CPU configuration
Enumerates running processes
Modifies init.d
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.98
Link:
https://yomi.yoroi.company/submissions/d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d787ba6994b2bb0e7e46a6b26fac5888ad9f4fecd40b0ec7c80710c03e6f8d47

(this sample)

Mirai

elf c5e0567df8996eb5f0255bc8c120cd0631ac5c142a6c5220f13cf993627ffd9c

  
URLhaus
https://urlhaus.abuse.ch/url/3629006/
  
Delivery method
Distributed via web download
  
Dropping
MD5 21852d67bda2d81ae11284f24be26ce7
  
Dropping
SHA256 c5e0567df8996eb5f0255bc8c120cd0631ac5c142a6c5220f13cf993627ffd9c

Comments