MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f999632fc3cbe98f59b6f982ae09fdf4db2d005fbb53d62a026e240be1c7071a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f999632fc3cbe98f59b6f982ae09fdf4db2d005fbb53d62a026e240be1c7071a
SHA3-384 hash: 0197202e920fb3a788295c9d740a834d68398fdf09c76bdd472e9592b186c77695840c21ca36ef7412ac80a2222002ac
SHA1 hash: 8270adf01941759c6b7f10d7571807a6c1e9838c
MD5 hash: 75c1f59852c44c84e1838243c764b6d6
humanhash: fanta-edward-rugby-leopard
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'212 bytes
First seen:2025-03-26 11:22:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3DD+7UI704D+CI3D+xIkTD+NI8D+fSI/D+hIwD+aI/D+5I4D+xNIlIFD+fIGDZ:VD+7t7RD+X3D+mkTD+i8D+fH/D+2wD+i
TLSH T11121418E42A9EF019E3FDF24F816C13C654394D0E8BE6B42E558CBA1A2DA1207144BB7
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.144.232/hiddenbin/boatnet.x862fe3a266bca6857ed49b9806c22de43e2b777845a05a14f2f71dcc7baf0489f9 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.spc9af1e86f080d506ed2724b99126088c8701cb9e531a05e52f7921f359b5253a8 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.sh449936ea5385356c81ce0ee83af1daefe94299237535478755dc081aa435f5358 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.ppc1def12e2655f63be3d84172001b2a354fcf2e75bb526d6074cccd354571f5e94 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.mpsl0a385ff56080540ab31b80eed9baffddf8c1f2c45a5de163267db4d1c0f49269 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.mipsecc794a86dcc51b1f74d8b1eb9e7e0158381faadaf4cb4ee8febd4ba17fd2516 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.m68kbe29f4d93d3e068fc6b8b3d42d745bf7f269c090a5dbb1a6e65414da484a3790 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.arm79a1bf6864b775e72f94e6ee81ea30fcefd54dd631f20dd7998200196fa25226a Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.arm64acfe226a8de01231bec0aace38cfaaed7437d1440eefe98941279315850605d Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.arm5547e4850b5d3c979af6caabcfb10d226cc596b00b73833d79857ba5bd23f9b5b Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.arm4n/an/an/a
http://176.65.144.232/hiddenbin/boatnet.arm7ed4b2a380c896c7dd770246fc76b1005878553d684568577fd217a6305ebc14 Miraielf mirai
http://176.65.144.232/hiddenbin/boatnet.arc1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf mirai
http://45.11.229.181/Sakura.sh880f0707a935add7e62c5fff13bf8dc5969ab2c2e72c9cd16114f83b3eeeb1ce Gafgytgafgyt sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67e3e3aecb6d38a89f3e548blinux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67e3e3ac631830704a87b2e6/reports/7243ddf7-ebe6-4f8f-8325-6d9896fe968d/overview
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f999632fc3cbe98f59b6f982ae09fdf4db2d005fbb53d62a026e240be1c7071a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f999632fc3cbe98f59b6f982ae09fdf4db2d005fbb53d62a026e240be1c7071a/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-26 11:23:23 UTC
File Type:
Text
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7gmwgl6dzpuy6wnw7gbk4cp56tns2ac7xnj5mkqcnysaxyoha4na._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250326-nha4faxm14/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f999632fc3cbe98f59b6f982ae09fdf4db2d005fbb53d62a026e240be1c7071a

(this sample)

Mirai

elf 50c5b6c971c503240b91787d31f9314ded38d4f2700ff90deb032478b30aa0c5

  
URLhaus
https://urlhaus.abuse.ch/url/3491014/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8e34b3d0e2d3e101fbad8d822f59b63c
  
Dropping
SHA256 50c5b6c971c503240b91787d31f9314ded38d4f2700ff90deb032478b30aa0c5

Comments