MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5
SHA3-384 hash: 2e0cd0bfd09910c5a3c1c6dd836ee005e091556076c47e6343bb8ac07c3db3dbd754feb1ce4d6b57560e3a03e84e7dff
SHA1 hash: 8b13279859374e8bae26434e1f8f5ec5557beae2
MD5 hash: f00625057cc1d478848d5093691704a1
humanhash: eighteen-item-salami-ohio
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:786 bytes
First seen:2026-02-10 03:44:41 UTC
Last seen:2026-02-10 06:45:00 UTC
File type: sh
MIME type:text/plain
ssdeep 12:4p63iRTNNIl5Pq0LKm4igOPRKeMBFK3r0SO5RVtSq0ARXclc:niLNI7JKh2Tk7l53tB0Axb
TLSH T1A80165CE65925142CE01AF08A86258C49148F3CDFB7B4BDCECDA997AC5DDF443814F86
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.168.95.235/bins/arm5ba7f554de9ee85c6d5345bf2744fc1f6cd8864e837829a618e21872c1ceb142 Miraiarm elf geofenced mirai opendir ua-wget USA
http://83.168.95.235/bins/arm5a0cfd62f4abd6944485d1924ad0e95ae78fbf64d32da83329d14cacaaba567f6 Miraiarm elf geofenced mirai opendir ua-wget USA
http://83.168.95.235/bins/arm6d35419e4673a9973c3f930e4cbefa218805ffaa2d72419c6641926a52fd3801d Miraiarm elf geofenced mirai opendir ua-wget USA
http://83.168.95.235/bins/arm7c59f8237fbdd01c1a13b5fbc6ad5068eb6360c3ec4085555237bf72186544588 Miraiarm elf geofenced mirai opendir ua-wget USA
http://83.168.95.235/bins/m68k590f5bca4e6acde0e5bc16af42b42ba6619d84bfd6625bb1763acfb0c875fe47 Miraielf geofenced m68k mirai opendir ua-wget USA
http://83.168.95.235/bins/mips79bfbf828db74659af5a05b6f46bb713f6fa83bf5b55e9bc2142b4677fcac3a3 Miraielf geofenced mips mirai opendir ua-wget USA
http://83.168.95.235/bins/mipsel4dc25d6a9ce69e2a2a6b04ac5c6f4cd7bb7dbe275e3aeffc3eb5c01950b4d2cb Miraielf geofenced mips mirai opendir ua-wget USA
http://83.168.95.235/bins/ppcc9e36574baef4a61603b766ce73a4430001161e14f89f5d618882225c3d96258 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://83.168.95.235/bins/sh48b25a749630b4c7728da8b2c5fab2b686a455b92675abd67507184e6d813e47e Miraielf geofenced mirai opendir SuperH ua-wget USA
http://83.168.95.235/bins/spceade6b7f8090eee9d51b04e065e4784cb1460d774d214d5583d18a1e064a0be7 Miraielf geofenced mirai opendir sparc ua-wget USA
http://83.168.95.235/bins/x868338addea025bc71a19ea5e983b218cad0b39a3a51ebe6f26f403453713e3ea3 Miraielf geofenced mirai opendir ua-wget USA x86
http://83.168.95.235/bins/x86_64c7ba5c58c1fecd81a472a5d7461c314fa3326c64a3cce240e7931bdc2e9c128c Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/698aa9d0981ff1d38a4f4055/reports/f447216d-c22d-4abe-8eb5-0de462dfd2e7/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3o5j4oyr2vd4ia5hbwfiqswigdqjl2kb7dribm6wdwjpuwdgpkq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260210-ea79jabv6f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 06ddd4f1d88eaa3e201d386c544256418704af4a0fc714059eb0ec97d2c333d5

(this sample)

Mirai

elf 5ba7f554de9ee85c6d5345bf2744fc1f6cd8864e837829a618e21872c1ceb142

  
URLhaus
https://urlhaus.abuse.ch/url/3775305/
  
Delivery method
Distributed via web download
  
Dropping
MD5 75925fe8c86c606a31fae1dcc09afac0
  
Dropping
SHA256 5ba7f554de9ee85c6d5345bf2744fc1f6cd8864e837829a618e21872c1ceb142

Comments