MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291
SHA3-384 hash: 1434082f8459fdbb8ab547721bee0ff7014ac2d66cfc160ad34b2d9e37c078dcebd229f41bfd0a507c1b7f3c6c0d2883
SHA1 hash: 3faa7ecec472c4c615ef4221d2b45163b122eac4
MD5 hash: 56072be6205862de0b76df0211dee27e
humanhash: violet-burger-angel-ink
File name:weed
Download: download sample
Signature Mirai
Create hunting rule
File size:3'578 bytes
First seen:2025-03-21 20:21:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:1pV7W9nNGUoVZ+VpyAN1U8im2mPy92zM1/Fv:1pKnNAZ1ANGP5EC/Fv
TLSH T1B67103F839516F328F07DF03EAA295D6E52784E34590CE851D6D04F8F9BDD88A43068B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://104.245.241.166/nimips5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e Miraiddos elf mirai
http://104.245.241.166/mpsl3e1538122d57ee64768adb518627d2de4ee0e6e810f65ebf3084fd25986d2d00 Miraiddos elf mirai
http://104.245.241.166/armdd4fd6c13aa216db9e15d64217a2caab460c2187a79fbc0d76749abd0406814b Miraiddos elf mirai
http://104.245.241.166/arm514bf913ecc812b61ef026394cfec54aaca187754f0c2f35908d57daa1d3dfe48 Miraiddos elf mirai
http://104.245.241.166/arm63a23ff501ce58ec816fa09f77f8b8e9b79934199688f6f8aaf2d8e32caad1435 Miraiddos elf mirai
http://104.245.241.166/arm7aedfd688b2d0f597204ac5ecbe95974a1f3a262b16e121325b67fc539d9832df Miraiddos elf mirai
http://104.245.241.166/ppc360231c0d3cbcb4ba6b67ffecd3bd728afce759584739cf89274629104629b87 Miraielf mirai ua-wget
http://104.245.241.166/sh4e16f3d076dbdf0d46935b8702cc5ca7e7e10d737993acd2fa3427ad8ed5c276f Gafgytelf gafgyt mirai ua-wget
ftp://4.245.241.166:8021/nimipsn/an/an/a
ftp://4.245.241.166:8021/mpsln/an/an/a
ftp://4.245.241.166:8021/armn/an/an/a
ftp://4.245.241.166:8021/arm5n/an/an/a
ftp://4.245.241.166:8021/arm7n/an/an/a
ftp://4.245.241.166:8021/ppcn/an/an/a
ftp://4.245.241.166:8021/sh4n/an/an/a
ftp://4.245.241.166:8021/arm6n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67de60b9c8a812f780e7f6eblinux22vpnfull_triage
Tags:
botnet trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive expand lolbin remote
Link:
https://www.filescan.io/uploads/67ddca73e05c48ec61e5bee5/reports/66dc94f0-c4fc-45af-bbde-c3a578c2e467/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2025-03-21 21:41:09 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=26imvtxepshlvqjhzzaabvicuopnv4dgsyy75drt5inccbdqmkiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d790cacee47c8ebac127ce4000d502a39edaf0669631fe8e33ea1a2104706291

(this sample)

Mirai

elf 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

  
URLhaus
https://urlhaus.abuse.ch/url/3485597/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3485610/
  
URLhaus
https://urlhaus.abuse.ch/url/3485613/
  
URLhaus
https://urlhaus.abuse.ch/url/3485614/
  
URLhaus
https://urlhaus.abuse.ch/url/3485617/
  
URLhaus
https://urlhaus.abuse.ch/url/3485619/
  
URLhaus
https://urlhaus.abuse.ch/url/3485620/
  
URLhaus
https://urlhaus.abuse.ch/url/3485618/
  
URLhaus
https://urlhaus.abuse.ch/url/3485623/
  
URLhaus
https://urlhaus.abuse.ch/url/3485622/
  
URLhaus
https://urlhaus.abuse.ch/url/3485624/
  
URLhaus
https://urlhaus.abuse.ch/url/3485627/
  
URLhaus
https://urlhaus.abuse.ch/url/3485628/
  
URLhaus
https://urlhaus.abuse.ch/url/3485625/
  
URLhaus
https://urlhaus.abuse.ch/url/3485626/
  
URLhaus
https://urlhaus.abuse.ch/url/3485621/
  
URLhaus
https://urlhaus.abuse.ch/url/3485630/
  
URLhaus
https://urlhaus.abuse.ch/url/3485629/
  
URLhaus
https://urlhaus.abuse.ch/url/3485631/
  
URLhaus
https://urlhaus.abuse.ch/url/3485634/
  
URLhaus
https://urlhaus.abuse.ch/url/3485632/
  
URLhaus
https://urlhaus.abuse.ch/url/3485636/
  
URLhaus
https://urlhaus.abuse.ch/url/3485635/
  
URLhaus
https://urlhaus.abuse.ch/url/3485633/
  
URLhaus
https://urlhaus.abuse.ch/url/3485638/
  
URLhaus
https://urlhaus.abuse.ch/url/3485637/
  
URLhaus
https://urlhaus.abuse.ch/url/3485641/
  
URLhaus
https://urlhaus.abuse.ch/url/3485643/
  
URLhaus
https://urlhaus.abuse.ch/url/3485639/
  
URLhaus
https://urlhaus.abuse.ch/url/3485640/
  
URLhaus
https://urlhaus.abuse.ch/url/3485642/
  
URLhaus
https://urlhaus.abuse.ch/url/3485644/
  
URLhaus
https://urlhaus.abuse.ch/url/3485647/
  
URLhaus
https://urlhaus.abuse.ch/url/3485645/
  
URLhaus
https://urlhaus.abuse.ch/url/3485646/
  
URLhaus
https://urlhaus.abuse.ch/url/3485648/
  
URLhaus
https://urlhaus.abuse.ch/url/3485649/
  
URLhaus
https://urlhaus.abuse.ch/url/3485651/
  
URLhaus
https://urlhaus.abuse.ch/url/3485652/
  
URLhaus
https://urlhaus.abuse.ch/url/3485653/
  
URLhaus
https://urlhaus.abuse.ch/url/3485655/
  
URLhaus
https://urlhaus.abuse.ch/url/3485656/
  
URLhaus
https://urlhaus.abuse.ch/url/3485658/
  
URLhaus
https://urlhaus.abuse.ch/url/3485662/
  
URLhaus
https://urlhaus.abuse.ch/url/3485661/
  
URLhaus
https://urlhaus.abuse.ch/url/3485663/
  
URLhaus
https://urlhaus.abuse.ch/url/3485666/
  
URLhaus
https://urlhaus.abuse.ch/url/3485676/
  
URLhaus
https://urlhaus.abuse.ch/url/3485665/
  
URLhaus
https://urlhaus.abuse.ch/url/3485674/
  
URLhaus
https://urlhaus.abuse.ch/url/3485672/
  
URLhaus
https://urlhaus.abuse.ch/url/3485675/
  
URLhaus
https://urlhaus.abuse.ch/url/3485673/
  
URLhaus
https://urlhaus.abuse.ch/url/3485669/
  
URLhaus
https://urlhaus.abuse.ch/url/3485671/
  
URLhaus
https://urlhaus.abuse.ch/url/3485681/
  
URLhaus
https://urlhaus.abuse.ch/url/3485679/
  
URLhaus
https://urlhaus.abuse.ch/url/3485682/
  
URLhaus
https://urlhaus.abuse.ch/url/3485667/
  
URLhaus
https://urlhaus.abuse.ch/url/3485680/
  
URLhaus
https://urlhaus.abuse.ch/url/3485677/
  
URLhaus
https://urlhaus.abuse.ch/url/3485670/
  
URLhaus
https://urlhaus.abuse.ch/url/3485683/
  
URLhaus
https://urlhaus.abuse.ch/url/3485668/
  
URLhaus
https://urlhaus.abuse.ch/url/3485678/
  
URLhaus
https://urlhaus.abuse.ch/url/3485685/
  
URLhaus
https://urlhaus.abuse.ch/url/3485684/
  
URLhaus
https://urlhaus.abuse.ch/url/3485687/
  
URLhaus
https://urlhaus.abuse.ch/url/3485686/
  
URLhaus
https://urlhaus.abuse.ch/url/3485688/
  
URLhaus
https://urlhaus.abuse.ch/url/3485690/
  
URLhaus
https://urlhaus.abuse.ch/url/3485692/
  
Dropping
MD5 833feb0df15c75d09fd2f10ffbd7b5e0
  
Dropping
SHA256 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

Comments