MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f
SHA3-384 hash: 43532a6ad2da36d475f89f6efe7d6acd64802f010da488f31b9a8704e6c8a4187fcb68131d7db384dc95b7332c969d1b
SHA1 hash: 657d20299370e705949ab6c812e4a53b164d06ba
MD5 hash: 700b1dd6a8a269d1f1137c2ceb32c775
humanhash: oxygen-minnesota-lamp-solar
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'089 bytes
First seen:2025-09-27 17:21:27 UTC
Last seen:2025-09-28 15:26:40 UTC
File type: sh
MIME type:text/plain
ssdeep 12:A+x+5+paL+5+JNIQQA+5+SvK2H+5+AKA+5+Q+5+M+5+n5+5+XH+5+RcA+5+t3A+5:SNIRKOShtRZdv
TLSH T1A71147F90019910818086B10705A09396EFBF7E6A1369EF5547FE423B9CB5A07B25F3B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget
http://213.209.143.44/UnHAnaAW.i5863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68d81d1e674d5fd6aa0e772b/reports/da371a9e-eb8b-4896-9e62-aae4f04d112e/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-27T14:27:00Z UTC
Last seen:
2025-09-27T14:27:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl HEUR:Exploit.Linux.CVE-2017-17215.a HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Mirai.au
Link:
https://opentip.kaspersky.com/fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-27 17:22:29 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7oobqv55nycvixoqpcqq562spbhsakyeljjdwblm2fxsltiarn7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250927-vw8p7agl7v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fb9c1857bd6e05545dd078a10efb52784f202b045a523b056cd16f25cd008b7f

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3532737/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments