MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377
SHA3-384 hash: b319809bab8441bc4c3d3278339bae25d752aaecfd009c69a931110f692795ebe0e4280a60c7b90ceee3d11c6bb5189f
SHA1 hash: 3460404cc3dc70f5b02d886f33090af5bb9155bd
MD5 hash: c3d4c82ded4123915fce702893c4b299
humanhash: beryllium-bravo-cola-nevada
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:765 bytes
First seen:2025-05-03 09:12:43 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:6fK31j+JfK3LLq+JfK3hNIl5zA+JfK3q0LKj+JfKZOs+JfKVC+JfKf/+JfKkSE+j:GK31yK3LLxK3hNI7PK3xKyKZkKV5KfGY
TLSH T1DE01ADDD2761668A0A0C8E1970BA0E855B4A93C1F974CF19AC4C98F76CD5E05B05CFBF
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.248.238.54/arm6f6b15d1480dcd4eb3339bfe5210a58694433f7d62fa38b4d4ab729810ec301b Miraielf mirai
http://161.248.238.54/arm59f8d153c1085b0e95550fc4e5565253c5e67ec00787ba1e8361ee9509c689e23 Miraielf mirai
http://161.248.238.54/arm666379a88fb87bf7d23187ba8479f26322ff3e3547b3986d09ab8bffd2f1f064f Miraielf mirai
http://161.248.238.54/arm79f3155bea08d56448740c4777a9e83a10ee28f619e7e1c9175122e6422100f1f Miraielf mirai
http://161.248.238.54/m68kn/an/aelf mirai
http://161.248.238.54/mips11307d83209bca0e6faa99051785a69b08369c33603fcaf9f8e2603c37146612 Miraielf mirai
http://161.248.238.54/mpsl952c4a054a4efd75cc6fb16ee0015c61005ec5beaf6158bf0fe4baee9eab43b5 Miraielf mirai
http://161.248.238.54/ppcn/an/aelf mirai
http://161.248.238.54/sh4n/an/aelf mirai
http://161.248.238.54/spcde7a5d186f6479d750e25924643899efa46b62832ab17affa562abe7931bc2d8 Miraielf mirai
http://161.248.238.54/x86c30a4fd2a4d30dd2a85af8c15754c5ede1a824b8dbe0254d6e4d5474cb4a060e Miraielf mirai
http://161.248.238.54/x86_645c279f4fc7c31f9c35ab244de3d2841b610d24b88286a6b28760a313ec093627 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6815e3f04355f44aee68f381linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6815de250b64e174c415b621/reports/f148d721-0bb8-42ac-b0f4-9b3635a9abd8/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-03 08:51:38 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ktzh47pqwroqbjwo3dum57oi6ene4jeigxrdwa75s5vdbwrun3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250503-k6srlsgj9z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f2a793f3ef85a2e8053676c74677ee4788d2712441af11d81fecbb5186d1a377

(this sample)

Mirai

elf ddeae35a2a8b20daa32258e2b249482952841f4e6d7752dfc9ace10d1bd626ae

  
URLhaus
https://urlhaus.abuse.ch/url/3533646/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a8ece7f8c43f3f6b3adfb3cbe91bf0e7
  
Dropping
SHA256 ddeae35a2a8b20daa32258e2b249482952841f4e6d7752dfc9ace10d1bd626ae

Comments