MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e
SHA3-384 hash: 3d075f779b460a45882d102ffa13f0ead17ddb2fca21c9b249fc1534158a56ad91df808c11a6e479c3162c6685a0ebe4
SHA1 hash: 94a34ce0c396d1a7947b1715d4a572207d775103
MD5 hash: 474ab0eadb71cd1734e67ad0b5d74ead
humanhash: stairway-south-xray-lithium
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:702 bytes
First seen:2025-11-06 12:19:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:7u6oRYB8XOp3dKU2hCUKAMk8QdqxoXhyp/A5V0+/I/PN7R3C9:ToWBGhBh9Mk8QoWhyp/A5V0+/I/V7Ru
TLSH T15301C0DDD681D7A04816287DB1C3C109F467C3E817E21E14BC0D56747A8C4CCF832A35
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.45/duck/arm14883298489d57b2242533f561769e8f21737126e8560c4b9955dc701478c23e Miraielf mirai ua-wget
http://42.112.26.45/duck/arm582ee72be70e8dce122910449268514083943892258ea9b9d21068e03286d03f8 Miraielf mirai ua-wget
http://42.112.26.45/duck/arm75a469ba94c55f39fdf0656a0a1b98c988d699569397587d8e1141a0d928b9eea Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-06T10:57:00Z UTC
Last seen:
2025-11-06T11:57:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/59f7ef27-ce07-4925-8b6a-6651e98a64f8
Behavior Graph:
Download SVG
%3 guuid=2a7e7223-1900-0000-9f59-25955e140000 pid=5214 /usr/bin/sudo guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215 /tmp/sample.bin guuid=2a7e7223-1900-0000-9f59-25955e140000 pid=5214->guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215 execve guuid=f0fa742e-1900-0000-9f59-259560140000 pid=5216 /usr/bin/rm guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=f0fa742e-1900-0000-9f59-259560140000 pid=5216 execve guuid=021aaa2f-1900-0000-9f59-259561140000 pid=5217 /usr/bin/wget net send-data write-file guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=021aaa2f-1900-0000-9f59-259561140000 pid=5217 execve guuid=e6188369-1900-0000-9f59-259562140000 pid=5218 /usr/bin/chmod guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=e6188369-1900-0000-9f59-259562140000 pid=5218 execve guuid=11e7c369-1900-0000-9f59-259563140000 pid=5219 /usr/bin/dash guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=11e7c369-1900-0000-9f59-259563140000 pid=5219 clone guuid=0367476a-1900-0000-9f59-259565140000 pid=5221 /usr/bin/rm guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=0367476a-1900-0000-9f59-259565140000 pid=5221 execve guuid=f5b6846a-1900-0000-9f59-259566140000 pid=5222 /usr/bin/wget net send-data write-file guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=f5b6846a-1900-0000-9f59-259566140000 pid=5222 execve guuid=7673eea5-1900-0000-9f59-259569140000 pid=5225 /usr/bin/chmod guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=7673eea5-1900-0000-9f59-259569140000 pid=5225 execve guuid=5f9b77a6-1900-0000-9f59-25956b140000 pid=5227 /usr/bin/dash guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=5f9b77a6-1900-0000-9f59-25956b140000 pid=5227 clone guuid=94996ba7-1900-0000-9f59-259571140000 pid=5233 /usr/bin/rm guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=94996ba7-1900-0000-9f59-259571140000 pid=5233 execve guuid=12aed5a7-1900-0000-9f59-259572140000 pid=5234 /usr/bin/wget net send-data write-file guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=12aed5a7-1900-0000-9f59-259572140000 pid=5234 execve guuid=f1b1d109-1a00-0000-9f59-259573140000 pid=5235 /usr/bin/chmod guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=f1b1d109-1a00-0000-9f59-259573140000 pid=5235 execve guuid=8972850a-1a00-0000-9f59-259574140000 pid=5236 /usr/bin/dash guuid=7eae1026-1900-0000-9f59-25955f140000 pid=5215->guuid=8972850a-1a00-0000-9f59-259574140000 pid=5236 clone 7e1f030a-193f-5ef8-b58f-206d09d04b13 42.112.26.45:80 guuid=021aaa2f-1900-0000-9f59-259561140000 pid=5217->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 135B guuid=f5b6846a-1900-0000-9f59-259566140000 pid=5222->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 136B guuid=12aed5a7-1900-0000-9f59-259572140000 pid=5234->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 136B
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-06 12:20:19 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4iq7nw72gmapirxazgynksobjwkg7rbuqyfqs5dda2rdxm27cv7a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/251106-phwkta1mhx/
Behaviour
Reads runtime system information
Writes file to tmp directory
Checks CPU configuration
Reads process memory
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e221f6dbfa3300f446e0c9b0d549c14d946fc434860b09746306a23bb35f157e

(this sample)

Mirai

elf 14883298489d57b2242533f561769e8f21737126e8560c4b9955dc701478c23e

  
URLhaus
https://urlhaus.abuse.ch/url/3619887/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5f0836883726a5171919a4389cf221ff
  
Dropping
SHA256 14883298489d57b2242533f561769e8f21737126e8560c4b9955dc701478c23e

Comments