MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb
SHA3-384 hash: 08b234ee823f9f08fefde6950066abe26ec5fd8db4c42421032f7b3ad3ab223cd69ce9ca1ffb82b6192d7d64f6d3affd
SHA1 hash: 20ea2e71cc3e1d4e8f27c339cabd7ee430a46498
MD5 hash: 0cea26ec7ea3360ad9983854e7ee76d6
humanhash: mango-lamp-cat-beer
File name:c
Download: download sample
Signature Mirai
Create hunting rule
File size:834 bytes
First seen:2025-12-02 05:59:07 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:+q7MCGq5MiQWq7iMv1I7qAmlqqGVzdoFqRGkP9qjWpKWq47LsnWq+LA6YX+v:h062+x2tfA
TLSH T12001E5E9016B32D41AE5D93DB43B9D5170509A7B19714E85B8D43CF1C2C4D97B036F47
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.232.112.221/xd/bips64c2ff39ba543c54d533f2f21fcbeab062a06aff289ce6a9325c6e4f7482992d2a Miraielf ua-wget
http://213.232.112.221/xd/bipsad38d1ea2dfb6b37002c01f443a0774b7d4c229a40acc99681dd96535248396c Miraimirai
http://213.232.112.221/xd/bipselfc8347124a121e0eab2cec1e397509d54f1f85b22c16294740a6f5d505a85ec6 Miraielf ua-wget
http://213.232.112.221/xd/cameraSpy9a1007f0bfd6e5f41b1d20d8e18266b64987e45e36cb28cfe157ad74d9729201 Miraimirai
http://213.232.112.221/xd/dropbear50630e366f508bf9259f0216aa4eb568a5bee5f6124a48b360a057c038c24e86 Miraimirai
http://213.232.112.221/xd/sshd2280dc465356dbae199d9bffe33b45676283eb5ab0f39a9e9a23a72359f74750 Mirai32-bit elf mirai SSHDoor
http://213.232.112.221/xd/i686dab585e0ae32b3008c7a8dc5361cd87c99109288aedec4492332091d65068e58 Miraielf ua-wget
http://213.232.112.221/xd/powera6c6489d1f844db3c842b57c361535065a3082b42155769b03fa66c2031bdcb3 Miraielf ua-wget
http://213.232.112.221/xd/realpowerbdf59f4a8ab5cbb846a5464d4d5c52fa45eeac71843f47205b3d1861bdffb655 Miraielf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive expand lolbin mirai
Link:
https://www.filescan.io/uploads/692e8680fb57498b31681d0c/reports/44d6cc33-50a3-4a22-898f-f19fd913051a/overview
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb/
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-02 05:50:44 UTC
File Type:
Text (Shell)
AV detection:
6 of 36 (16.67%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6yuy4wwdzyhyxfyrhjxhf52uovcyahwiyho3dhnkw5ga3xqmm35q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/251202-g68laa1rdq/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f6298e5ac3ce0f8b97113a6e72f7547545801ec8c1ddb19daab74c0dde0c66fb

(this sample)

Mirai

elf ad38d1ea2dfb6b37002c01f443a0774b7d4c229a40acc99681dd96535248396c

  
URLhaus
https://urlhaus.abuse.ch/url/3722862/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d7a3d496d1be68df580e64ac7ebbad3d
  
Dropping
SHA256 ad38d1ea2dfb6b37002c01f443a0774b7d4c229a40acc99681dd96535248396c

Comments