MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5
SHA3-384 hash: 6ca7184bb17208e97ed2ba44fcdda3f3400e117dbca783c74e6cef535c80cabe2fa45f727fd5a8888f3a3138a19a9158
SHA1 hash: 2378848d25c7a61cec2dc9cc7e36739d7df156f4
MD5 hash: 583ec7348c3817d757ee5844f665f293
humanhash: seventeen-fruit-nineteen-minnesota
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'004 bytes
First seen:2025-04-20 14:53:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:wiVUXxCWEUbNI9kxwAUIySKxWHUWyFULPCUNoeVUb6UJxRI4qKAUKJeUwx7+cAUd:rmv5bNIqcCKxzeHNU3Z1xlmv5goHA
TLSH T11D1138CE105869E0481ECDC3329D482922858FE0F09A6BB9768E98B369C5B24F941FC8
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.115.12/bot.armc4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm5705a79e4e5255b67ac7cb7228b74dfefc679b2bbf15236dff2507447d99fbc1c Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm6904d5285d634fea62e0aeb0853de78de8166c9a38f8d2cfa20c60bf59312bb5f Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.arm7a75dd62515d52472d1bc732109342df8e5e784cb9276eb107d99f03b370b38ce Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.m68k3d555df2f9df800a642c54abab97f58972cef1002c3fb726ef31d84ce6639fcf Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mips1e933eaca08ad804d1e35157c95176727ae64a87056f3688a521782687a55a95 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.mpslb7307c083b9fdfde53c6adbc55654368c051b390755a9c0b766dda122036f574 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.ppc1c935eac666882c1e64fcf7091909d6e1c8dd977c4ba28a4369494781595091e Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.sh45c4907709725e1ff6b7ada33854fe67e7059645233a752c75c7f52f7e77dbe34 Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.spcn/an/aelf mirai moobot ua-wget
http://94.156.115.12/bot.x86c0ea92acc7aa2ce377c2f86f58f2ec12b20e51cf7c23191887c5072b84c561ac Miraielf mirai moobot ua-wget
http://94.156.115.12/bot.x86_641bf9fa0c8c8eb7513470a0006724a3b21785c81ee74eb0017afce2d44aef27e6 Miraielf mirai moobot ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68050a9a2203b3e10cd1e5b2linux22vpnfull_triage
Tags:
downloader mirai virus html
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-04-20 14:54:15 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75cxzrfzbrocrtufcb5tq3657nfh3vbmtrabvfmyurwog22duw2q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250420-r9xnas1q16/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ff457cc4b90c5c28ce85107b386fddfb4a7dd42c9c401a9598a46ce36b43a5b5

(this sample)

Mirai

elf 616e2826d4c027924809731e7eacbcbf8b0cc3023afad78e7833e70b8c0c3197

Mirai

elf c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c

  
Dropping
MD5 36e8177ee200fb5a316af4e51f25a87d
  
Dropping
SHA256 c4a7bd323df62e4d4df684b3456a100064232aeef67e498dfc853c5b7d5e931c
  
URLhaus
https://urlhaus.abuse.ch/url/3519775/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3519804/

Comments