MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f
SHA3-384 hash: 0a8b13d3fc1351ab4707d1f3e5f58ec5db5daea14b4dc6a61bb1bfd873297533e89b8bd62cba60143dbde319666a6757
SHA1 hash: 781f4946de3b18678bcc37da13fd538e844ffbb6
MD5 hash: c9f2a8eb87382e13d5a25d07a63c90e7
humanhash: five-avocado-bluebird-winner
File name:hik.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'041 bytes
First seen:2025-09-30 05:32:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:A+gW+paaW+JNIQ2W+SvKZW+PW+HW+7W+noW+uW++xW+tHW+WJvkv:MDjNIBQKZthFlog8xLgJsv
TLSH T1C21137F90029D11568006B11B09A08396DBFF7EA66339EF5647FF423A1CB5E13B21E35
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget
http://213.209.143.44/UnHAnaAW.i5863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68db6bc274e5a289899987c0/reports/5c5d90b8-c939-4b88-89db-d72828540db4/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-30T02:52:00Z UTC
Last seen:
2025-09-30T02:52:00Z UTC
Hits:
~10
Detections:
HEUR:Exploit.Linux.CVE-2017-17215.a HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Mirai.au HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 05:35:38 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3cp4zqfanjizpyk4h5wgqnaqvwhogl2ykusmfmcycc4wrxax5nhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250930-f89qpatrz2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d89fccc0a06a5197e15c3f6c683410ad8ee32f585524c2b05810b968dc17eb4f

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3635418/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments