MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5
SHA3-384 hash: c5c2c358d1223a8cc96651d74a3d4abe6528541a0ea7c0fc2b7a19903e8a140366d4485c0979851c4677a00f3ad28bc6
SHA1 hash: ed04c6ca6a718f99687653c8307944a9ae2aa56f
MD5 hash: 45a3f5fe77526aab11ea46fc2525bae0
humanhash: eight-mango-mobile-dakota
File name:usr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:152 bytes
First seen:2025-12-21 15:14:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZVb8NBzSa+ANjaqzkDxAjdVZVCONBzSa5Ap91:L6VbkPjQD6Vxyb
TLSH T13EC08CDF20272641D408EE2021A1301AB281CEC336B00B0E9BC82033F8CE610BB4CE20
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmips2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl3cd8a62933ca2ee92f4a556c9d59ae1679070eec6343b38d6ef6f75cf5190ced Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69480f2de126b9ff438ad128/reports/e44a93d5-3ebd-47ce-9c70-86fd01925543/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T13:47:00Z UTC
Last seen:
2025-12-21T15:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/89e12698-782e-4ac7-a8db-23a233f0056b
Behavior Graph:
Download SVG
%3 guuid=4a148185-1a00-0000-5ee3-4ae57e0c0000 pid=3198 /usr/bin/sudo guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202 /tmp/sample.bin guuid=4a148185-1a00-0000-5ee3-4ae57e0c0000 pid=3198->guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202 execve guuid=8f477488-1a00-0000-5ee3-4ae5840c0000 pid=3204 /usr/bin/wget net send-data write-file guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=8f477488-1a00-0000-5ee3-4ae5840c0000 pid=3204 execve guuid=7561db8f-1a00-0000-5ee3-4ae58b0c0000 pid=3211 /usr/bin/chmod guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=7561db8f-1a00-0000-5ee3-4ae58b0c0000 pid=3211 execve guuid=f45d8590-1a00-0000-5ee3-4ae58c0c0000 pid=3212 /usr/bin/dash guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=f45d8590-1a00-0000-5ee3-4ae58c0c0000 pid=3212 clone guuid=06729791-1a00-0000-5ee3-4ae58e0c0000 pid=3214 /usr/bin/wget net send-data write-file guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=06729791-1a00-0000-5ee3-4ae58e0c0000 pid=3214 execve guuid=2c8aad96-1a00-0000-5ee3-4ae58f0c0000 pid=3215 /usr/bin/chmod guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=2c8aad96-1a00-0000-5ee3-4ae58f0c0000 pid=3215 execve guuid=58120997-1a00-0000-5ee3-4ae5900c0000 pid=3216 /usr/bin/dash guuid=49d92088-1a00-0000-5ee3-4ae5820c0000 pid=3202->guuid=58120997-1a00-0000-5ee3-4ae5900c0000 pid=3216 clone f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=8f477488-1a00-0000-5ee3-4ae5840c0000 pid=3204->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=06729791-1a00-0000-5ee3-4ae58e0c0000 pid=3214->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:18:22 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6mome5oywsx2a3774vy7fmx5hnwp753muk4cpoq25cc4vz6uitsq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmntzsskay/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f31cc275d8b4afa06fffe571f2b2fd3b6cfff76ca2b827ba1ae885cae7d444e5

(this sample)

Mirai

elf 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

  
URLhaus
https://urlhaus.abuse.ch/url/3739346/
  
Delivery method
Distributed via web download
  
Dropping
MD5 84dd56e920d221a25a41f0e25fbd213d
  
Dropping
SHA256 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

Comments