MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb
SHA3-384 hash:	f33fcd37a09386b9185b5998c0a662c79b878f85b2852bfd3e868e7a882c741448ce55252ff497a94b19ecdaf2172dff
SHA1 hash:	5bbaaa0e2865a1157da9bb1f8bdcb01ab28f8bfb
MD5 hash:	4c786fa2b3aaf134f650ff41bf6f7336
humanhash:	steak-maine-comet-twenty
File name:	6354
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'880 bytes
First seen:	2026-02-09 12:50:10 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:QO0u9YIt2PPqlmtmKTe8kw+ryPyP70HHHOHwD+:h0/It2M/loKP46b
TLSH	T11541BB5D7424CCB03C59CD3D6AC62609A88A475FD1177A48716F982E3F34168F1E86F9
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	smica83
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://ru.h8f8.help/usr/7233474	331e0594ad32ae744a256b1e3b0c24b37ab86d127773a3f95418a5cf6b929f58	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

37

Origin country :

HU

Vendor Threat Intelligence

No detections

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/915cd0d1-40f6-46b1-9aad-f752b1b3143b

Score:

6%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aijv253yzfxdbgdzxdixm7vgu7qmdhottmcpqi47yimhqe6pzhfq._file

Result

Malware family:

n/a

Score:

6/10

Tags:

antivm defense_evasion discovery linux privilege_escalation upx

Link:

https://tria.ge/reports/260209-p23hgabs5a/

Behaviour

Process Discovery

Reads runtime system information

Writes file to tmp directory

Checks CPU configuration

Reads CPU attributes

UPX packed file

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Enumerates running processes

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

sh 02135d7778c96e309879b8d1767ea6a7e0c19dd39b04f8239fc2187813cfc9cb

(this sample)

elf f66cd21389c4ea7ae1f2dd63d69c715a0b26dfbdbea1c610183c1794fd61b675

elf 331e0594ad32ae744a256b1e3b0c24b37ab86d127773a3f95418a5cf6b929f58

Dropping

MD5 b310b897b846a1bf93bde4f66994e847

Dropping

SHA256 331e0594ad32ae744a256b1e3b0c24b37ab86d127773a3f95418a5cf6b929f58

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample