MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f
SHA3-384 hash: c2323cbdcd77ef0c9c947b4e4eae4831f953ebe673f62f0ff1904b235d5d878d638da043a65fc7940dba0c900688dac9
SHA1 hash: a6cceb87bab797ca2020e9d46c8dcca52e2f9286
MD5 hash: dd785e27219c1f9806b65547a304cb90
humanhash: whiskey-sad-princess-november
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:865 bytes
First seen:2025-03-20 23:58:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:kmIAUESqUEKNIl5zAUE30LKjUExeTtaKAUEycSEUEqCUE0/UEyjUEitfAUEGOsU6:Uln7xNI75BKgKytBlkEVDf8AZlZiHaR
TLSH T1A3113CCE6164A2710C4C9D69B26B952CA64A8FE0B2600F4DECCC48F2ADE8A59F155F48
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.32.162.27/arm41d3b34d7a0f6f2e6a32628d023db3ac881a708794e500232d5f66cc324455e51 Miraielf mirai
http://193.32.162.27/arm56b7d5e51c586f28a78bbdfa463eb7ae2ac3d6986a9ee510e284b39aff9b53c9c Miraielf mirai
http://193.32.162.27/arm63bfa09b37b7c4d211a6d7e007c1f461fbc13f9bee6a1fd8dece92a2d6418bba0 Miraielf mirai
http://193.32.162.27/arm7e993c4b0c2014b2ddfa7225eae86ff92ec27b85704e032bc42dbd1568747a236 Miraielf mirai
http://193.32.162.27/sh40b1ae0d6db25ceccef1b8df07e541d80f88fdb34be77f48c91b2e93d986f0711 Miraielf mirai
http://193.32.162.27/ppc7772f5a031cc2605d121d65d1097c6d8d2c374149892e94b8b145d817dc28e2e Miraielf mirai
http://193.32.162.27/mips4718246775cb5b4eae3ff9b6ed336b36b4df8ee67a899e75d09b973add656ed4 Mirai32-bit elf mirai
http://193.32.162.27/mpsl199424835915fde5b14725ed07a5199c334449553c16b4c93402130e08109957 Miraielf mirai
http://193.32.162.27/spc059dee77e389d2422f46e38313c53957f721887b558583463f2e8defe6e7c90e Miraielf mirai
http://193.32.162.27/x86_64779f8bd17f5d0e3bfe934ff0e1d88170fb132bfc95f08df0d7cb596d6e4de5cf Miraielf mirai
http://193.32.162.27/m68k7ccf8d7d334003db786235e4ee85082351e12fc16ab075079d72a4272587c6ae Miraielf mirai
http://193.32.162.27/x8687a615294a558a422ef80245b169fbd224f1537a678a77b97150d3cc0c6ea75d Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67dd5c969388e75d078f147clinux22vpnfull_triage
Tags:
trojan mirai virus html
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/67dcabcf1dd35ee4a0e9f178/reports/5511c826-ab4c-4f7a-9bc5-e665b2eef5a4/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2025-03-20 23:59:12 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tu2cuzwoquxpx7zzu4dxr7npsmgjkvamxkxjaouehw7tqrzrihq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250320-31r71avkt3/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4e9a15336742977dff9cd383bc7ed7c9864aaa065d57481d421edf9c2398a0f

(this sample)

Mirai

elf 1d3b34d7a0f6f2e6a32628d023db3ac881a708794e500232d5f66cc324455e51

  
URLhaus
https://urlhaus.abuse.ch/url/3459041/
  
Delivery method
Distributed via web download
  
Dropping
MD5 61c521f6fb1121684f07b8085f18d331
  
Dropping
SHA256 1d3b34d7a0f6f2e6a32628d023db3ac881a708794e500232d5f66cc324455e51

Comments