MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f
SHA3-384 hash: ae55dbd0a95a75ec63ddcaf9cdcc7072a4b2cc3c3836293df0d882681b45afa5461b99e14658f010ef4c2fd4e9e2327f
SHA1 hash: d22021e08853763f0fb8fcc3fe1b94d4faa991b4
MD5 hash: 83f87e1abfc0ce9f34724db3bf2d7e30
humanhash: zebra-ohio-december-oven
File name:s
Download: download sample
Signature Mirai
Create hunting rule
File size:2'252 bytes
First seen:2025-04-18 13:38:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:4k5CEA0ZZ2kw4kwj07kwgkwEkwkkwkkw0kw+kwkggkwkkwjZakwOkw8j:tCEA0NIAAUM4o2u48GT
TLSH T1D341B1EF01AC4557E480CDAEB6E38894F5CD85CD28C9CA4E245F0532B9CCA5E3C94F6A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://82.24.200.45/tt/mipsd1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6 Miraielf mirai ua-wget
http://82.24.200.45/tt/mipsel62ffefdd46f5f0bd15fd87927fc6a55a17d6477c56f6cc72b42d47b4459759ab Miraielf mirai ua-wget
http://82.24.200.45/tt/armv4l34bf22669c899430ece4cf3272594d75c29d8bdb1ebb26b2bf0f997f9980fdbf Miraielf mirai ua-wget
http://82.24.200.45/tt/armv5l7c2198f1d618c12cd7c30328f2c0821d1b0c948adba0b437c529a8272c8d612c Gafgytelf gafgyt ua-wget
http://82.24.200.45/tt/armv6l55173c8faa1f6bc92874c55fd280be21f7e581c1076ac50f238ff1c97b9f3a9f Gafgytelf gafgyt ua-wget
http://82.24.200.45/tt/armv7lae3d740fc5a9fac12d1ef7c9204a0e25574d095a803baa988e093b8f577fb3bc Miraielf mirai ua-wget
http://82.24.200.45/tt/sh4eb7bd4e06be210a01b24de7683bc769b46699e685734fb19131b194dbafa22d7 Gafgytelf gafgyt ua-wget
http://82.24.200.45/tt/sparcac2d50248dc2a39a5c1ffaceaa71fc3914526beb7ff7c8e334855258b4fab2bd Miraielf mirai ua-wget
http://82.24.200.45/tt/riscv3277b63db3ecf5222275cc98a68606b7d5313528e695b193257a601b7d30d837ba Miraielf mirai ua-wget
http://82.24.200.45/tt/powerpc34a82b5e1ed69e37297a81462f93764622b69e53a49f0987bce2da4b8aac705a Miraielf mirai ua-wget
http://82.24.200.45/tt/armv4eb14f18f18dcf6196d11f6d2be53bf18291d8c60ab174f58068444766dbac34d75 Gafgytelf gafgyt ua-wget
http://82.24.200.45/tt/arcdab7fc4d48eb479c2c58e1fbd10dcec31b8ace12091be9b81eac08dc085e12fe Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68025bfa280f5f89a0d155delinux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox evasive lolbin remote
Link:
https://www.filescan.io/uploads/68025603e9c1e257979cdef4/reports/d0d70b3a-256e-446c-a085-5c0bef580a66/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-18 13:42:19 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qywvddo6w46p6qiovzhboto6ncqdwp4kk3zwl2u44wunbqrvfhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250418-qzrhvsxmt7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ec316a8c6ef5b9e7fa08757270ba6ef34501d9fc52b79b2f54e72d468611a94f

(this sample)

Mirai

elf d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6

  
URLhaus
https://urlhaus.abuse.ch/url/3516913/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9e87e6552b22865382efe2097dd065fa
  
Dropping
SHA256 d1a427ef9e41471f5fd77327509ade82a1baed34b58a01dd41ed01d815a9d7d6

Comments