MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6
SHA3-384 hash: 49cdd4be0c6105f1c37184b7c8f5c3fb6a63ae94c2d19b93e22deeb5a9eb3d190fe0a8dea74a42cb4ef27966596ddff4
SHA1 hash: be25dcf07401560994feffbfe542f570c339cb85
MD5 hash: 61cdcd3c0fc32c0d296b43621956a669
humanhash: zulu-freddie-william-johnny
File name:sh.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'885 bytes
First seen:2025-05-06 14:52:31 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:2TiwT3ZjT/TxTSTsGTm6TTmWATXTBTlTmqTi6T3Z1TBTDT0TsoTm6lTmWKTJTTTQ:CB3Z/L9u5zUDNxDD3ZBNfILFmVvzc
TLSH T19A419DDF00FAB100486CEA4834538468E209D6D1B9C65FB8DCCC69B2FAD4D047834F45
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.144.76/bejv86396fdede30560378a9b000b21347b2e56f31dbab782888a3d81a1a6a3ffa3140 Miraielf mirai ua-wget
http://176.65.144.76/weje64d55e1475de697dc78e6c7500a60cd6d24e065d9c06ef6cfbd5825c5dda909e94 Miraielf mirai ua-wget
http://176.65.144.76/rrrdsl422b398e45f16ef5c00ec9568d5acfe877de7e5586b322cb4869ddb664b45f1a Miraielf mirai ua-wget
http://176.65.144.76/jfeeps24c6cc79119d0f8061dc273a076d14f6933775bd73e9c7ae7e1b5ce79882c79c Miraielf mirai ua-wget
http://176.65.144.76/drea4bb91c1a225b25ab31cde6d499a1875dcf7fed692f74b23e70b3619adeca39205 Miraibash mirai ua-curl ua-wget
http://176.65.144.76/vejfa585869103c4eb75857dbf60595c9784c43ebe1627e36d5ef05f1b650bc914450b Miraielf mirai ua-wget
http://176.65.144.76/efea6872d1c6fd7c586756bb7cadca36d1e5e7212ef68ad01975e39a5cbb057b7c007 Miraielf mirai ua-wget
http://176.65.144.76/efefa7b9f84a2b06b15ec53f3ebdcf1d2495d509f8fc9ddd919b48321dafbfac03e8c4 Miraibash mirai ua-curl ua-wget
http://176.65.144.76/eehah4e4d5f779e1a400c97da491d82351f4122ef2ce6aae278efe6889f0c0c74b2202 Miraielf mirai ua-wget
http://176.65.144.76/rjfe686d2e610c8f3a113f2dfcac5258a9965f3d7bcca0db848e9c2e000bf859711c3e8 Miraielf mirai ua-wget
http://176.65.144.76/vjwe68k9e34d4fb79c6e2d4207963034a2bb1d1fa7fb0a39efb057fa934ef7ac5d2aca3 Miraielf mirai ua-wget
http://176.65.144.76/efjepc33b99fe2bf135c3abaeddccf08477d2a2ed87e3583bbbcf2e175b1a0cfbf4029 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681a22e8432e243ac3e4a5edlinux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash busybox explorer lolbin mirai remote
Link:
https://www.filescan.io/uploads/681a225b46b92be261840961/reports/97f3f523-1836-4a78-85e0-70231302834e/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6/
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-05-06 13:53:53 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=622oecrwzrgohx7icpycivm3ohtjcut3cd74laoekeiigixnotla._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250506-r9d6yssqz4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f6b4e20a36cc4ce3dfe813f024559b71e691527b10ffc581c451108322ed74d6

(this sample)

Mirai

elf 396fdede30560378a9b000b21347b2e56f31dbab782888a3d81a1a6a3ffa3140

  
URLhaus
https://urlhaus.abuse.ch/url/3536313/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ee582be043b4b8b236083cf2bb18addd
  
Dropping
SHA256 396fdede30560378a9b000b21347b2e56f31dbab782888a3d81a1a6a3ffa3140

Comments