MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8
SHA3-384 hash: 67147379330e9394c88e9a7ff405a9f371ad27ef3302ccc2696cc3d2506f7b6f93c0d7a4b74a45abeff4359a75b512d5
SHA1 hash: fc9d15c0c1b2f019c918706ad4691ede297f70a2
MD5 hash: 6c857079debaabddb4ccdcfa38d3106b
humanhash: illinois-mars-summer-nineteen
File name:tbk.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'925 bytes
First seen:2025-08-16 19:59:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:cwXZk71A2mkFms5OGNI7c4GNI7hN8NI7RbGKaYGKaExKaFOOOmZIQv4Qmxil/p5z:cUNkMUyvNRKNpNqNRv3Z9NbxZh/AHXu
TLSH T18C51AEDE60315FA27B295F06B9A2597CA143DBC521CB5B88FD4F2C394CAEA24F074A05
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://207.244.199.152/arm929cf9e8fdf4cfe0f5c9de3e3ef5c6ad070ca481cb3b9fbaff9176cb83cf2959 Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/arm53c6d883136783d01fbeff4a1e565c2a466afda20ef9af50a33411c45727b0e0d Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/arm661bf662cc38fbd8cf021b4e2eadb5b1170f2cbdd6087d84ed3153af1ab1d754d Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/arm7e13ad9d0efe2fc524189b97a14f6a6e418f319f5b697a4332d94ddf9e7bd4ded Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/mipsbb9c76d1be2784aec3ff807e47f62f87f73c03f63fbbc54d4d98585eda348dbb Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/mpsl5c922ae55396b31dee3fd10aef13d263c657060ac704d0c2401b3974d93729f3 Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/spc8254501b394b3065c5a118bf01a881a004ff2bda8bbb955093fe80e2d083fa09 Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/sh4ec360d88a2835d4c91ef7103e48492797269fa084913ecb728735a06d35afe6b Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/ppcdf05066b7cadbe05a8c6405195cba5033027e398e9a29f25de54ef3d75141da0 Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/x86_64c7d74f56d4c9f8ddc45517eeebfb1f07b66acd955b2723c0a0994dbb34dbc830 Miraielf geofenced mirai ua-wget USA
http://207.244.199.152/x863478189a49771d44287db1b81118e320b6eec9cf1aa2930f9b2e3dc41b60e965 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-08-16 06:11:19 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6c5envjtomepg5a3jiak5q6db72xgg25ajolr4g5its2dmrhns4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250816-yrdwsszlx7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f0ba46d5337308f3741b4a00aec3c30ff5731b5d025cb8f0dd44e5a1b2276cb8

(this sample)

Mirai

elf e2d760b83cbc49bb228a0ef2151859735f9a354b52521473fc3232bd42e59b03

  
URLhaus
https://urlhaus.abuse.ch/url/3604860/
  
Delivery method
Distributed via web download
  
Dropping
MD5 24928c09a34c2e91193e512905db68db
  
Dropping
SHA256 e2d760b83cbc49bb228a0ef2151859735f9a354b52521473fc3232bd42e59b03

Comments