MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db
SHA3-384 hash: 25672af7011acfd4ae48d05e9cb4454767a830e6d80466ef1a33b4d7991eed7757a541b36a5af94d009edff814426cb0
SHA1 hash: ae2fc487aa8c3c12c39a86c886185b6f5c2b31a6
MD5 hash: f9284c56de0e4c642c03b71c98d0559f
humanhash: mirror-enemy-connecticut-zulu
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'017 bytes
First seen:2025-12-09 06:39:11 UTC
Last seen:2025-12-10 03:08:35 UTC
File type: sh
MIME type:text/plain
ssdeep 12:+fCVva+lfCAut+lfCeNI0sA+lfCDVKJEH+lfCm+lfCcPwPzJ+lfCD8Mgb+lfCH+j:qIv9b3NI/AKhcTSIZPeBpTKFG3xn
TLSH T1C5119D893270610470A98D04B29BA608D277A6B1EAFD1E15FCCCBC3BCDC9609B10CF0B
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.149.4/bins/Demon.armn/an/aelf ua-wget
http://176.65.149.4/bins/Demon.arm52df8a7ceba4b1648f689d6fcee1ee41d0ca9d7bdc611a65c6c3d80c17ca89cf0 Miraiarm elf geofenced mirai ua-wget USA
http://176.65.149.4/bins/Demon.arm6432420c135f443d59d76544b0d73e8eb530d9eae7648f7e838015fc706b1eb85 Miraiarm elf geofenced mirai ua-wget USA
http://176.65.149.4/bins/Demon.arm7997433271601e11425f3111cedeaf929a79b978d76fb6f5f399a0a03585aa40c Miraiarm elf geofenced mirai ua-wget USA
http://176.65.149.4/bins/Demon.m68kebee38f02beecf097992c4ea94e6b3dcf860349c4ba6b336bdc9c34f9dce7fd9 Gafgytelf gafgyt geofenced m68k mirai ua-wget USA
http://176.65.149.4/bins/Demon.mipsf60e4dfdc819a1ff12064faabbfd14a1ddf90ff5af5d9098718e5e611f0c8066 Miraielf geofenced mips mirai ua-wget USA
http://176.65.149.4/bins/Demon.mpsldfb90637ed3fa4e0d49aa81b02d16858a43c61a1541cd359f22b76dc06c97540 Miraielf geofenced mips mirai ua-wget USA
http://176.65.149.4/bins/Demon.ppc0dad2706685517f94f0c628f83fad5da211a30ea0621a032a467c958bd2efb66 Gafgytelf gafgyt geofenced mirai PowerPC ua-wget USA
http://176.65.149.4/bins/Demon.sh4b3af2b24fce06e94f7484946a35ee51944676105381934eb74681958ed0b03d2 Gafgytelf gafgyt geofenced mirai SuperH ua-wget USA
http://176.65.149.4/bins/Demon.spcn/an/aelf ua-wget
http://176.65.149.4/bins/Demon.x8687512d3762057f799ed76d9310d94c8ae3798623259cff636a68001958b7ed47 Miraielf geofenced mirai ua-wget USA x86
http://176.65.149.4/bins/Demon.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6937c414ff25e40750d8c546/reports/bf23d689-0216-4304-8955-d993da92fe86/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-09T01:06:00Z UTC
Last seen:
2025-12-09T07:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c4651d1c-1810-4078-9257-eb6a9eea5d00
Behavior Graph:
Download SVG
%3 guuid=e9278d74-1700-0000-e16f-f359ca0c0000 pid=3274 /usr/bin/sudo guuid=f77a2877-1700-0000-e16f-f359d40c0000 pid=3284 /tmp/sample.bin guuid=e9278d74-1700-0000-e16f-f359ca0c0000 pid=3274->guuid=f77a2877-1700-0000-e16f-f359d40c0000 pid=3284 execve guuid=3bea9977-1700-0000-e16f-f359d60c0000 pid=3286 /usr/bin/wget guuid=f77a2877-1700-0000-e16f-f359d40c0000 pid=3284->guuid=3bea9977-1700-0000-e16f-f359d60c0000 pid=3286 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-09 03:21:59 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=67wifko5nbovjc4wq5xxc4hafocb2qmu5jh5gfqzrdl7ueucbdnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251209-herdcscz7g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f7ec82a9dd685d548b96876f7170e02b841d4194ea4fd3161988d7fa128208db

(this sample)

Mirai

elf 2df8a7ceba4b1648f689d6fcee1ee41d0ca9d7bdc611a65c6c3d80c17ca89cf0

  
URLhaus
https://urlhaus.abuse.ch/url/3729595/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9b3bdf7a629acb1828876ff343a243fe
  
Dropping
SHA256 2df8a7ceba4b1648f689d6fcee1ee41d0ca9d7bdc611a65c6c3d80c17ca89cf0

Comments