MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b
SHA3-384 hash: a2f8cf5f0db06bd816d147e86e16dbb7b9c16c1714234f940f0d94936857b45d02779e4bbf2cf0ef56cd3a9e5d81d821
SHA1 hash: 7205fc9c7f29df8b1f7eebce9a8fba5b606836af
MD5 hash: e2b0f4c97d543edaa126e0a941c1418b
humanhash: dakota-london-pip-hydrogen
File name:basic
Download: download sample
Signature Mirai
Create hunting rule
File size:1'337 bytes
First seen:2025-03-02 16:46:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:o+xmQLCMhnMHV5X3aRyTkQEk6ZIyRBSpPQ1yV+O:okVGS6V5HaRUnO2IS+UV/
TLSH T15321FDCB08D6C7E1CDD6552070A9CC65779BF7877CA31A1A9FA900B0CD458C17AC8AD5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.147.13.230/Yboats.x8691cc660252d715a05c0a4978049f6da9dfed222f24bc81d30fc8a692a2350510 Miraicensys elf mirai
http://83.147.13.230/Yboats.mips40243b6a611a1d3e7f9b0de8bb2411e4f6a5b773adec2208ebb830fed5201ac0 Miraicensys elf mirai
http://83.147.13.230/Yboats.mpsld54e5102bc7216dd7eabc6ed65351f4e89fe4fb5315de4ea7be8d596475ebb5b Miraicensys elf mirai
http://83.147.13.230/Yboats.armc78f6c75175a6807af694e1e7fada1752d2f75ac034bae2ca2af56de12816cdd Miraicensys elf mirai
http://83.147.13.230/Yboats.arm5725731b14e7f70481f2c1fe7aaf6a1a6451cda2e83b1253b26511bf85378207f Miraicensys elf mirai
http://83.147.13.230/Yboats.arm6840fb6b83ee9bd96ac35d42d6a7a387414078c34b8f516c105a657593e263f73 Miraicensys elf mirai
http://83.147.13.230/Yboats.arm76393da324e211907bd040b7b75a0c9975ef18edac2241ce8c09a7a92a804890e Miraicensys elf mirai
http://83.147.13.230/Yboats.ppcb2df141acf83316ddb3cc379ba670275ace58dc1205e6ce75f9d8162cb8bb342 Miraicensys elf mirai
http://83.147.13.230/Yboats.m68b2df141acf83316ddb3cc379ba670275ace58dc1205e6ce75f9d8162cb8bb342 Miraielf
http://83.147.13.230/Yboats.spceffb69893beba12497bab7f34d35e34b6b42dc7ab35cd6bd6f58b34aed3e6941 Miraicensys elf mirai
http://83.147.13.230/Yboats.i686b239971ce019997f089bb1c8c21b8ab2abafddd0b30bc9f2cd9cc882791ec425 Miraicensys elf mirai
http://83.147.13.230/Yboats.sh4743e13adb624151962e836710320c7944b87b8a2a10b2bb2f9bc1aada64c5df1 Miraicensys elf mirai
http://83.147.13.230/Yboats.arc4bd47f2ad2d89f4e034c979a2a258f8ba622d629aca35c535db455da81471a70 Miraicensys elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c48c9cc668b65489be689clinux22vpnfull_triage
Tags:
trojan agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin mirai remote
Link:
https://www.filescan.io/uploads/67c48b9de95d0f9029e272fc/reports/a289193f-1164-4291-b37c-b05cc0d055cb/overview
Result
Verdict:
MALICIOUS
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b/
Threat name:
Script-Shell.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-03-02 16:48:10 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=62wwjvusm4ichahabljdo5fmfnp5xxktwromzallbgcpozpnyi5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250302-va45waywcz/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f6ad64d69267102380e00ad23774ac2b5fdbdd53b45ccc816b0984f765edc23b

(this sample)

Mirai

elf 91cc660252d715a05c0a4978049f6da9dfed222f24bc81d30fc8a692a2350510

  
URLhaus
https://urlhaus.abuse.ch/url/3463209/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bfef1b45b1e2962eabed72a91c6f13a9
  
Dropping
SHA256 91cc660252d715a05c0a4978049f6da9dfed222f24bc81d30fc8a692a2350510

Comments