MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319
SHA3-384 hash: 78e8c171d93f7a1161d70bd8829f147368281f89700ea3242f8e0e1aba45cc358e6cb8f8e69d176c050bec596f30f6c2
SHA1 hash: 543658844b9837108c573e71386302f1c7043154
MD5 hash: 9c2cfdb72500503d07b0ea97f87143ad
humanhash: yankee-eleven-football-winner
File name:shr
Download: download sample
Signature Mirai
Create hunting rule
File size:1'013 bytes
First seen:2025-09-08 16:34:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:IiScySSdnKzQxVayCCom0NajXG0AzYKiKNIyYlmIYyT:IiPybhKzQxEyCCom0NwXG0AzYn6YlmIp
TLSH T171115A9A68119041C80B5F8464733B3AB819E9A223A0CF4DFDD55D71C7CEE20F5E9B85
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/resgod.x86b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b Miraielf mirai
http://109.205.213.5/resgod.spc6e0f15c3a92edea0104cd9050dea4f26e61ccccb0c04503c0574a0ea4c6d8c1a Miraielf mirai ua-wget
http://109.205.213.5/resgod.sh4d9c3bdbfc3930340483c07ff809d21b3a70c431b4e93b0938c010a90bd629538 Miraielf mirai
http://109.205.213.5/resgod.ppc79c1d9a2427318b5bfedc8040e8d3bdbd503892b3ad16c641b62886e03efa1f4 Miraielf mirai
http://109.205.213.5/resgod.mpslab2e398b9d039ff05a0e2361e7b8391e1957e0252efab1ff4a37efbadcdc8357 Miraielf mirai
http://109.205.213.5/resgod.mipsa829c07ba77c4fa8e2153e65e68b14ffa0fe8bfb5da8b0643ecd43ad63f20506 Miraielf mirai
http://109.205.213.5/resgod.m68kd062d1cf10cc8da9da71b159e7d7dcf62990cd6bcc32041ed8f7e4151621c6be Miraielf mirai ua-wget
http://109.205.213.5/resgod.arm7ab1a7156179e8ba66177bfe455a2a00e0bdec190e2dda53fe046518853d93a06 Miraielf mirai
http://109.205.213.5/resgod.arm646de942f38760912e646e5832eb6dbc8dc128b8f8e20b678de7e2e34c4ea1300 Miraielf mirai
http://109.205.213.5/resgod.arm5e89328219e412a061745f826ee6ad9be1a56ea91de224f3178a93b63375604b9 Miraielf mirai
http://109.205.213.5/resgod.arm6139cadea1690b3f429e693688a7c024b596d373d592ee6d2e7edb77bc436fe2 Miraielf mirai
http://109.205.213.5/resgod.arc3c1f47cb749115c78ccb72e75eb06e3a0b8f5ec68169c55b0bbf4674b9c35f7a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319
Verdict:
Malicious
File Type:
text
First seen:
2025-09-08T17:02:00Z UTC
Last seen:
2025-09-08T17:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/040b1bc3-5865-40f4-ab89-614ac195f1bc
Behavior Graph:
Download SVG
%3 guuid=5be5d707-2100-0000-61e9-63a7eb080000 pid=2283 /usr/bin/sudo guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289 /tmp/sample.bin guuid=5be5d707-2100-0000-61e9-63a7eb080000 pid=2283->guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289 execve guuid=1b4d160a-2100-0000-61e9-63a7f3080000 pid=2291 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=1b4d160a-2100-0000-61e9-63a7f3080000 pid=2291 execve guuid=a0a1231a-2100-0000-61e9-63a70d090000 pid=2317 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=a0a1231a-2100-0000-61e9-63a70d090000 pid=2317 execve guuid=f51f7f1a-2100-0000-61e9-63a70e090000 pid=2318 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=f51f7f1a-2100-0000-61e9-63a70e090000 pid=2318 clone guuid=1bda961a-2100-0000-61e9-63a70f090000 pid=2319 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=1bda961a-2100-0000-61e9-63a70f090000 pid=2319 execve guuid=758f9c26-2100-0000-61e9-63a723090000 pid=2339 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=758f9c26-2100-0000-61e9-63a723090000 pid=2339 execve guuid=9c4bfc26-2100-0000-61e9-63a724090000 pid=2340 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=9c4bfc26-2100-0000-61e9-63a724090000 pid=2340 clone guuid=d6f51027-2100-0000-61e9-63a725090000 pid=2341 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=d6f51027-2100-0000-61e9-63a725090000 pid=2341 execve guuid=b06dff31-2100-0000-61e9-63a73d090000 pid=2365 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=b06dff31-2100-0000-61e9-63a73d090000 pid=2365 execve guuid=60c63e32-2100-0000-61e9-63a73e090000 pid=2366 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=60c63e32-2100-0000-61e9-63a73e090000 pid=2366 clone guuid=bb1a4e32-2100-0000-61e9-63a73f090000 pid=2367 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=bb1a4e32-2100-0000-61e9-63a73f090000 pid=2367 execve guuid=0bd9003d-2100-0000-61e9-63a756090000 pid=2390 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=0bd9003d-2100-0000-61e9-63a756090000 pid=2390 execve guuid=80463c3d-2100-0000-61e9-63a758090000 pid=2392 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=80463c3d-2100-0000-61e9-63a758090000 pid=2392 clone guuid=e0e6473d-2100-0000-61e9-63a759090000 pid=2393 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=e0e6473d-2100-0000-61e9-63a759090000 pid=2393 execve guuid=6fdf3048-2100-0000-61e9-63a76c090000 pid=2412 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=6fdf3048-2100-0000-61e9-63a76c090000 pid=2412 execve guuid=244c8848-2100-0000-61e9-63a76e090000 pid=2414 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=244c8848-2100-0000-61e9-63a76e090000 pid=2414 clone guuid=84389548-2100-0000-61e9-63a76f090000 pid=2415 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=84389548-2100-0000-61e9-63a76f090000 pid=2415 execve guuid=f673f253-2100-0000-61e9-63a77b090000 pid=2427 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=f673f253-2100-0000-61e9-63a77b090000 pid=2427 execve guuid=f62a3c54-2100-0000-61e9-63a77c090000 pid=2428 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=f62a3c54-2100-0000-61e9-63a77c090000 pid=2428 clone guuid=062f4354-2100-0000-61e9-63a77d090000 pid=2429 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=062f4354-2100-0000-61e9-63a77d090000 pid=2429 execve guuid=87b1275f-2100-0000-61e9-63a792090000 pid=2450 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=87b1275f-2100-0000-61e9-63a792090000 pid=2450 execve guuid=cbfe675f-2100-0000-61e9-63a794090000 pid=2452 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=cbfe675f-2100-0000-61e9-63a794090000 pid=2452 clone guuid=ecb2785f-2100-0000-61e9-63a795090000 pid=2453 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=ecb2785f-2100-0000-61e9-63a795090000 pid=2453 execve guuid=961b4a6a-2100-0000-61e9-63a7b3090000 pid=2483 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=961b4a6a-2100-0000-61e9-63a7b3090000 pid=2483 execve guuid=82da376b-2100-0000-61e9-63a7b6090000 pid=2486 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=82da376b-2100-0000-61e9-63a7b6090000 pid=2486 clone guuid=b436466b-2100-0000-61e9-63a7b7090000 pid=2487 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=b436466b-2100-0000-61e9-63a7b7090000 pid=2487 execve guuid=cd6b6a77-2100-0000-61e9-63a7d1090000 pid=2513 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=cd6b6a77-2100-0000-61e9-63a7d1090000 pid=2513 execve guuid=98afcd77-2100-0000-61e9-63a7d3090000 pid=2515 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=98afcd77-2100-0000-61e9-63a7d3090000 pid=2515 clone guuid=a0bce177-2100-0000-61e9-63a7d4090000 pid=2516 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=a0bce177-2100-0000-61e9-63a7d4090000 pid=2516 execve guuid=6ae2e083-2100-0000-61e9-63a7ed090000 pid=2541 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=6ae2e083-2100-0000-61e9-63a7ed090000 pid=2541 execve guuid=dfc24d84-2100-0000-61e9-63a7ee090000 pid=2542 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=dfc24d84-2100-0000-61e9-63a7ee090000 pid=2542 clone guuid=6f635c84-2100-0000-61e9-63a7ef090000 pid=2543 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=6f635c84-2100-0000-61e9-63a7ef090000 pid=2543 execve guuid=eeab5e8f-2100-0000-61e9-63a70a0a0000 pid=2570 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=eeab5e8f-2100-0000-61e9-63a70a0a0000 pid=2570 execve guuid=0665ac8f-2100-0000-61e9-63a70c0a0000 pid=2572 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=0665ac8f-2100-0000-61e9-63a70c0a0000 pid=2572 clone guuid=6c93b58f-2100-0000-61e9-63a70d0a0000 pid=2573 /usr/bin/wget net send-data guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=6c93b58f-2100-0000-61e9-63a70d0a0000 pid=2573 execve guuid=e746d79b-2100-0000-61e9-63a7240a0000 pid=2596 /usr/bin/chmod guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=e746d79b-2100-0000-61e9-63a7240a0000 pid=2596 execve guuid=f1ad719c-2100-0000-61e9-63a7260a0000 pid=2598 /usr/bin/dash guuid=42c2a609-2100-0000-61e9-63a7f1080000 pid=2289->guuid=f1ad719c-2100-0000-61e9-63a7260a0000 pid=2598 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=1b4d160a-2100-0000-61e9-63a7f3080000 pid=2291->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=1bda961a-2100-0000-61e9-63a70f090000 pid=2319->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=d6f51027-2100-0000-61e9-63a725090000 pid=2341->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=bb1a4e32-2100-0000-61e9-63a73f090000 pid=2367->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=e0e6473d-2100-0000-61e9-63a759090000 pid=2393->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=84389548-2100-0000-61e9-63a76f090000 pid=2415->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=062f4354-2100-0000-61e9-63a77d090000 pid=2429->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=ecb2785f-2100-0000-61e9-63a795090000 pid=2453->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=b436466b-2100-0000-61e9-63a7b7090000 pid=2487->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=a0bce177-2100-0000-61e9-63a7d4090000 pid=2516->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=6f635c84-2100-0000-61e9-63a7ef090000 pid=2543->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=6c93b58f-2100-0000-61e9-63a70d0a0000 pid=2573->9df19bce-d755-5940-91ff-d0e847757959 send: 138B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 17:16:53 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xn2iyxmcuonsd2kpz7qplctqftonkzljqm5ftfpno3ybap6mmmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dddba462ec151cd90f4a7e7f07ac538166e6ab2b4c19d2ccaf6bb78081fe6319

(this sample)

Mirai

elf b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

  
URLhaus
https://urlhaus.abuse.ch/url/3620259/
  
Delivery method
Distributed via web download
  
Dropping
MD5 663e52546a0f5939ef042ca709302382
  
Dropping
SHA256 b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

Comments