MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f
SHA3-384 hash: 18a17ab53b8af13d73b0cc369edaf45c3748501043d0c02ca21dba87cdefb4222e04714ca8fc8356046e9eea7f5e792c
SHA1 hash: fd44875f9f5db9aaec98371a11d315af1e763ee5
MD5 hash: 55c2af4324297a6c383746844fbeb8d5
humanhash: texas-oxygen-tango-montana
File name:f.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:154 bytes
First seen:2025-12-21 15:14:16 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZVb8NBzSa+ANjaxPQvJRDxAjdVZVCONBzSa5Ap9J6n:L6VbkPjkAD6Vxym
TLSH T171C08C9F20272641D108AE2021A13819BAA1CAC226B00B0E9BE82033F8CEA00B70CE20
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmipsdcb690747a11527c5ad9919521ffd27a29563f24c19df3d7f9218fdea6e88622 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl0cffd5f3473dde6aecb03030cb95efa81c7e1a1bc218528dc318348af422c8cc Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69480eec3f8fdbf8e94d9f62/reports/80a0a743-316c-4516-bab2-8bea2806ea1c/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T12:34:00Z UTC
Last seen:
2025-12-22T22:43:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/970aa8ca-a45b-4116-b09d-2e0124a20739
Behavior Graph:
Download SVG
%3 guuid=1b04764c-1700-0000-f732-aba0d40f0000 pid=4052 /usr/bin/sudo guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061 /tmp/sample.bin guuid=1b04764c-1700-0000-f732-aba0d40f0000 pid=4052->guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061 execve guuid=19dbde4e-1700-0000-f732-aba0e10f0000 pid=4065 /usr/bin/wget net send-data write-file guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061->guuid=19dbde4e-1700-0000-f732-aba0e10f0000 pid=4065 execve guuid=2a789253-1700-0000-f732-aba0f50f0000 pid=4085 /usr/bin/chmod guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061->guuid=2a789253-1700-0000-f732-aba0f50f0000 pid=4085 execve guuid=4c0ae453-1700-0000-f732-aba0f70f0000 pid=4087 /usr/bin/dash guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061->guuid=4c0ae453-1700-0000-f732-aba0f70f0000 pid=4087 clone guuid=9b456754-1700-0000-f732-aba0fb0f0000 pid=4091 /usr/bin/wget net send-data guuid=d567a04e-1700-0000-f732-aba0dd0f0000 pid=4061->guuid=9b456754-1700-0000-f732-aba0fb0f0000 pid=4091 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=19dbde4e-1700-0000-f732-aba0e10f0000 pid=4065->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=9b456754-1700-0000-f732-aba0fb0f0000 pid=4091->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:18:21 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ohvyaas4vuhedl7s2i6d3xjhgrmgyduvxperf76fcfuezfqmy7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmm8fsskaw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e38f5c0012e568720d7f9691e1eee939a2c36074adde4897fe288b4264b0663f

(this sample)

Mirai

elf 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

  
URLhaus
https://urlhaus.abuse.ch/url/3739344/
  
Delivery method
Distributed via web download
  
Dropping
MD5 84dd56e920d221a25a41f0e25fbd213d
  
Dropping
SHA256 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

Comments