MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028
SHA3-384 hash: 4c5f58dc94faa4a1a4c63b0d524546116826d9b3390d51586f38afdff9015fbc01c5ffdc2569a7aa25501e7720d40bad
SHA1 hash: 3aca634007f43a54298dd3a2cdc71430abc6676c
MD5 hash: 16c9e11209e59c90985c648311bda506
humanhash: autumn-colorado-friend-butter
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'241 bytes
First seen:2025-08-11 12:59:03 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:hENEC+dllNnial0jZLZYPqDjliJlGMYq8S7GkUMp3XiolSxzlcdHA:/C+dllNial0jZLZYPqDjliJlGBqfCkpy
TLSH T17C21E2CE03A9595088584DC13196C124AECDCAD63C614FAAA0CE4CF360C9E20BB34FD9
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.42.88.217/HBTs/top1miku.arcn/an/aelf ua-wget
http://89.42.88.217/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/top1miku.i686n/an/aelf ua-wget
http://89.42.88.217/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.systemd-jdn/an/aelf ua-wget
http://89.42.88.217/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/6899e9329ef4d2ff7cf62af4/reports/1523a91a-a738-499d-b1d1-adf2e19f7930/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8c7bcb88-00dd-4ff9-9995-292f5ea809aa
Behavior Graph:
Download SVG
%3 guuid=20426480-1600-0000-3b9b-ec32940c0000 pid=3220 /usr/bin/sudo guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223 /tmp/sample.bin guuid=20426480-1600-0000-3b9b-ec32940c0000 pid=3220->guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223 execve guuid=f91f8e84-1600-0000-3b9b-ec32980c0000 pid=3224 /usr/bin/busybox net send-data guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223->guuid=f91f8e84-1600-0000-3b9b-ec32980c0000 pid=3224 execve guuid=47ee81b9-1700-0000-3b9b-ec32930e0000 pid=3731 /usr/bin/chmod guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223->guuid=47ee81b9-1700-0000-3b9b-ec32930e0000 pid=3731 execve guuid=2640eeb9-1700-0000-3b9b-ec32950e0000 pid=3733 /usr/bin/dash guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223->guuid=2640eeb9-1700-0000-3b9b-ec32950e0000 pid=3733 clone guuid=418afeb9-1700-0000-3b9b-ec32960e0000 pid=3734 /usr/bin/busybox guuid=4dbc4584-1600-0000-3b9b-ec32970c0000 pid=3223->guuid=418afeb9-1700-0000-3b9b-ec32960e0000 pid=3734 execve 04c56e7c-282b-5750-bed9-7d1d59974342 89.42.88.217:80 guuid=f91f8e84-1600-0000-3b9b-ec32980c0000 pid=3224->04c56e7c-282b-5750-bed9-7d1d59974342 send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028
Threat name:
Document-HTML.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 07:57:05 UTC
File Type:
Text
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=43ddoazfxrxo3d4g7tggfplhvnhkgdd6nv2nudcoev64m2tp4aua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-p79tqsbp7w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e6c6370325bc6eed8f86fccc62bd67ab4ea30c7e6d74da0c4e257dc66a6fe028

(this sample)

Mirai

elf ebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f

  
URLhaus
https://urlhaus.abuse.ch/url/3592540/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3e45f23b6342b789ad0d22c33558d36c
  
Dropping
SHA256 ebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f

Comments