MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6
SHA3-384 hash: c724a7d96bdb96c7887cadf250cbdc1e382b5db52bfa60897f8fd5c36bc429e3737da703c9dd171a369603323d2f08f0
SHA1 hash: b4d5c24b3221c04a11921bcab3d41e751f4a94dd
MD5 hash: 70c4a4c39d9eed962df02ae476754a0d
humanhash: eighteen-salami-blossom-zebra
File name:buf
Download: download sample
Signature Mirai
Create hunting rule
File size:669 bytes
First seen:2025-03-07 02:51:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:LfWUj2emgfWAkT+HzfWVJQ0fWRaLBHTyofW2NITt9DzfWbTW8:LWUj2yWAkCzWVJQgWRaLBHTyMW2NIp9a
TLSH T1B0014FA9006EFF43C0DCAF0A7A66F1BBB1304299001B1B88FDD514ACA88C952A275FD5
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.5/splmips46894ab0365d99a0bb377497478ebabe75c295d6119ab5dce7c7c1ea90086efa Miraielf mirai
http://176.65.134.5/splmpslf135cf3046be829d6f1b7ef020c5dd9eca385aed561d782f8b4d03220a2a833d Miraielf mirai
http://176.65.134.5/splarm0c173caa930b8d384c6ae942987c9c0f51371f12f585a0e34d3b4e13d89f5b5b Miraielf mirai
http://176.65.134.5/splarm5c7bf13560d86a03a4b2d614105f2f45340652ebaad205c82194af27448b9b8ff Miraielf mirai
http://176.65.134.5/splarm6f2128b77af9e414b09f8427f9b1efee438971b7a99478031cb81eb99df1831e1 Miraielf mirai
http://176.65.134.5/splarm78312daded7f34a6803e7ed28ad921c93020cb2c865d669bb4a528e7a9c94ee01 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ca8adec668b65489bfa359linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin
Link:
https://www.filescan.io/uploads/67ca5f634a3011c802c9f678/reports/fa19c29a-c4d8-4ac4-8549-8ff146a252b3/overview
Verdict:
Malicious
Labled as:
Downloader/Shell.Generic
Link:
https://www.hybrid-analysis.com/sample/e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-07 05:47:22 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ztg6y3i3qmbzrztsp5775l4kwboh32cskojoqvhho4toafvx7ta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250307-gg2fnsvvf1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e6666f6368dc181cc73393fbfff57c5582e3ef42929c9742a73bb93700b5bfe6

(this sample)

Mirai

elf 79249b96f1add929645d0f4366803f0f5b4632bd9e58ab2a90233ca06f9f1645

  
URLhaus
https://urlhaus.abuse.ch/url/3458302/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3458319/
  
Dropping
MD5 da2c72919a44944d8accdd663ceb0f89
  
Dropping
SHA256 79249b96f1add929645d0f4366803f0f5b4632bd9e58ab2a90233ca06f9f1645

Comments