MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710
SHA3-384 hash: 676d6f89800bb6f937280b6a215b7cfc97a66a232e104f77ee526b1c9b8025a86a7e4fc3e9857d382e63bfb500e7cef7
SHA1 hash: 216930fef40b9f744a89918e38604f14546b629e
MD5 hash: dcf4ccf89e6927a2ada2d1fe7692d144
humanhash: rugby-nebraska-louisiana-fourteen
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:957 bytes
First seen:2025-12-09 09:19:12 UTC
Last seen:2025-12-09 14:05:14 UTC
File type: sh
MIME type:text/plain
ssdeep 24:QE5WxEcpfNIZEtMvEVKTjb3E3eMUzEOfRMETqOEHK3EKPFiEzcA:nWvpHMgQjbEehzfRpqTKVPFzV
TLSH T15D1148CF08543446898CCF8530A648C4B6FDEED47024060BAD88BDF7E088917B9B4FEA
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://82.117.87.188/Fantazy.armn/an/aelf ua-wget
http://82.117.87.188/Fantazy.arm54aac04e8622d199b7c2bb710c19d99becf6e9de6006febd55132aaeb720e5ad7 Miraiarm elf geofenced mirai ua-wget USA
http://82.117.87.188/Fantazy.arm6ff404e2e322896b0ddc9ed5a8d10b51c5640cdc4597c1af5dc5ecce6c6f7303a Miraiarm elf geofenced mirai ua-wget USA
http://82.117.87.188/Fantazy.arm76dd85ec7536d822ef2d4221cc5671c97b928f10aec4bf59b01cc76670ba13c0e Miraiarm elf geofenced mirai ua-wget USA
http://82.117.87.188/Fantazy.ppc65507883ad78ecacbe5a13863e6b26f691d9204a005d088c1d8a07f72bc9e7b6 Miraielf geofenced mirai PowerPC ua-wget USA
http://82.117.87.188/Fantazy.mipsc0c0eb2bf97a4c1a35c20a49d6cd457aee75983b1e45e2b0bdbeab4ff59f6119 Miraielf geofenced mips mirai ua-wget USA
http://82.117.87.188/Fantazy.mpsl916ff20b14c6e0a8142850a4a429b3b9e919b4c1ef513d2ec643ea1b9da83b82 Miraielf geofenced mips mirai ua-wget USA
http://82.117.87.188/Fantazy.m68ka9b1d54d62c7fcfaf8fc9425f9ea81ea1a7389a6f3dec3e47ac7daee028002f7 Miraielf geofenced m68k mirai ua-wget USA
http://82.117.87.188/Fantazy.sh4c5052cb6873b1827bbca42721a888d5c60d75a9259036d6c301aeafe058db1cd Miraielf geofenced mirai SuperH ua-wget USA
http://82.117.87.188/Fantazy.spc7bf377eaaa9219c1a1c896f4f2ef4344d48561a3a997e4713a9a259f4f67f5ee Miraielf geofenced mirai sparc ua-wget USA

Intelligence

File Origin
# of uploads :
4
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6937e993bc15eab491f81b4b/reports/ffa160da-7b9d-4e1f-bad3-65b78d967d59/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-12-08T22:27:00Z UTC
Last seen:
2025-12-08T23:59:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-09 01:17:06 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3v3il2nhns3qn2xqbep3mjxo4xfxeadvfz2ubkungkf775she4ia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251209-labnwsfl5x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dd7685e9a76cb706eaf0091fb626eee5cb7200752e7540aa8d328bfff6472710

(this sample)

Mirai

elf 4aac04e8622d199b7c2bb710c19d99becf6e9de6006febd55132aaeb720e5ad7

  
URLhaus
https://urlhaus.abuse.ch/url/3729556/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9e017d0ade0b720b095b3d7cfecbc70f
  
Dropping
SHA256 4aac04e8622d199b7c2bb710c19d99becf6e9de6006febd55132aaeb720e5ad7

Comments