MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781
SHA3-384 hash: 3a1a2bffe31a84b24cf7a4249ce4425024c11bb968fa782d6247127821953dafaa835ef0e1bc573e71f405dc94571969
SHA1 hash: d13d717d23b1e07fe2bf389199031217b89b42c2
MD5 hash: fec6541f3a7373b409cc6f5675a9a6ac
humanhash: maryland-queen-river-friend
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:548 bytes
First seen:2026-01-21 12:11:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:TeJKE+ITtNIkKEOTjKEkT1MXZTo80NgTJoNDTWz:gKiNIkKxKqjoy
TLSH T163F03AFD21A32EDB85145D4161710518D022E3E9D5A3CF88BF5D3827898C7287824BD9
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.170.95/goon.arm710ca4e5b561e13068d524bb4f0cf674af0bfc084b6aafc56e78495175e76c635 Miraielf mirai ua-wget
http://94.156.170.95/goon.arm655c5e82d75ade06a10267c0c36e9f9cb2ea30a9a0d6c55c1a1b2ee7a59220f59 Miraielf mirai ua-wget
http://94.156.170.95/goon.arm4f799100e8ada6abbd441f93054ef2c10765bb755807b3dca63da539329202766 Miraielf mirai ua-wget
http://94.156.170.95/goon.arm5b7d96798516fa85f5c8d0bc3100236c65771d665ca2b917b95e6f4bf8c98861b Miraielf mirai ua-wget
http://94.156.170.95/goon.mpslcef8a7a53921cf4078b74d06cc8f72e67f70d90734843b5a97cd78e027c22be0 Gafgytelf gafgyt ua-wget
http://94.156.170.95/goon.mips6c3da2dfa68f5ef38d0a76ef56686e1571e405fd34413c1ec3be57d30a97e37e Gafgytelf gafgyt ua-wget
http://94.156.170.95/goon.x86df04a1bb1503cf6cd82d28a2c49edc387f1968d50087f36f3a25c55072b721b5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash expand lolbin mirai
Link:
https://www.filescan.io/uploads/6970c2a55db9ae47708bb4cc/reports/91d0bea0-62d2-4d90-b1d0-e67ebdefb19a/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-21 11:55:04 UTC
File Type:
Text (Shell)
AV detection:
5 of 36 (13.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ah7uohij2p7qjoqotlqizihbwwuqtzxzrmy52yolmy3lppcwc6aq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260121-pdcxxacw3h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 01ff471d09d3ff04ba0e9ae08ca0e1b5a909e6f98b31dd61cb6636b7bc561781

(this sample)

Mirai

elf 10ca4e5b561e13068d524bb4f0cf674af0bfc084b6aafc56e78495175e76c635

  
URLhaus
https://urlhaus.abuse.ch/url/3761236/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cdd6da27a92ec1cc7ce07214d1479f04
  
Dropping
SHA256 10ca4e5b561e13068d524bb4f0cf674af0bfc084b6aafc56e78495175e76c635

Comments