MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814
SHA3-384 hash: af75f9f411a0da762eeac30190cd7b650db1a9c44772875180a63bdabb80bc05e33a2835087783fd5fb56d3f4acc5a7c
SHA1 hash: ed5c81ee877b12ac16f5075402d7ca61aa25bbd8
MD5 hash: fef6f039cab2f91aa243e03b43b53c9e
humanhash: fish-happy-early-river
File name:g.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:158 bytes
First seen:2025-07-28 20:22:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L6FLDjeMLRJK88BzSE8eU5EQkc6FT7SXeMLRJKTZFGBzSEyLTUWaC:L6FLXFl25Q16FTWXFleCISC
TLSH T1D2C08CCB94D0A20CC489FD48677A433FA042C7C521800F8DBA9E2472C88E801F025F0A
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.176.20.59/mpsle4acbf0a1448e928ea7714cf90692001c454b37d78b13a955f475568b36bbaec Miraielf mips mirai ua-wget
http://103.176.20.59/mips7cd5fb5b6d94ac2acf16f8904f6f307f47710df1d51129d55e70590a52dcf823 Miraielf gafgyt mips mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cb574f52-56ba-45aa-935e-7ef42168e1c5
Behavior Graph:
Download SVG
%3 guuid=2283e018-2200-0000-d679-3bff3f0b0000 pid=2879 /usr/bin/sudo guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888 /tmp/sample.bin guuid=2283e018-2200-0000-d679-3bff3f0b0000 pid=2879->guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888 execve guuid=dc01241c-2200-0000-d679-3bff4a0b0000 pid=2890 /usr/bin/rm guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=dc01241c-2200-0000-d679-3bff4a0b0000 pid=2890 execve guuid=cb9f6a1c-2200-0000-d679-3bff4b0b0000 pid=2891 /usr/bin/wget net send-data write-file guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=cb9f6a1c-2200-0000-d679-3bff4b0b0000 pid=2891 execve guuid=be9a9860-2200-0000-d679-3bffd70b0000 pid=3031 /usr/bin/chmod guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=be9a9860-2200-0000-d679-3bffd70b0000 pid=3031 execve guuid=4477d460-2200-0000-d679-3bffd90b0000 pid=3033 /usr/bin/dash guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=4477d460-2200-0000-d679-3bffd90b0000 pid=3033 clone guuid=e93c5461-2200-0000-d679-3bffdc0b0000 pid=3036 /usr/bin/rm guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=e93c5461-2200-0000-d679-3bffdc0b0000 pid=3036 execve guuid=10fa9161-2200-0000-d679-3bffde0b0000 pid=3038 /usr/bin/wget net send-data write-file guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=10fa9161-2200-0000-d679-3bffde0b0000 pid=3038 execve guuid=22a15fa2-2200-0000-d679-3bff6f0c0000 pid=3183 /usr/bin/chmod guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=22a15fa2-2200-0000-d679-3bff6f0c0000 pid=3183 execve guuid=edd3c5a2-2200-0000-d679-3bff700c0000 pid=3184 /usr/bin/dash guuid=9ceae01b-2200-0000-d679-3bff480b0000 pid=2888->guuid=edd3c5a2-2200-0000-d679-3bff700c0000 pid=3184 clone 58517d70-7b02-5fe6-86d3-049c9f17a9ed 103.176.20.59:80 guuid=cb9f6a1c-2200-0000-d679-3bff4b0b0000 pid=2891->58517d70-7b02-5fe6-86d3-049c9f17a9ed send: 132B guuid=10fa9161-2200-0000-d679-3bffde0b0000 pid=3038->58517d70-7b02-5fe6-86d3-049c9f17a9ed send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814
Threat name:
Script.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2025-07-28 20:22:26 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=35scxdorfl7f5jhr7kitxux3oxlzpmd4tcbjindlfykzrinmnaka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250728-y5q4aa1tev/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh df642b8dd12afe5ea4f1fa913bd2fb75d797b07c988294346b2e1598a1ac6814

(this sample)

Mirai

elf c6fdb738382126b065f348316f4ee1d716ae897c81f51ecc239e81a368905a18

  
URLhaus
https://urlhaus.abuse.ch/url/3591800/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e3b25806d489349f4faa86d73ad3cadc
  
Dropping
SHA256 c6fdb738382126b065f348316f4ee1d716ae897c81f51ecc239e81a368905a18

Comments