MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376
SHA3-384 hash: 6f8b2517d3539170f498b6a72bc79cba7679aae0735632e46f8f99759480a860a69ad1f8fae0bba163c37489400d96c8
SHA1 hash: b0df7321dad06f9d56679185a40de76b6f1b47a5
MD5 hash: a3214236e26193d635524affdd27e31d
humanhash: fifteen-sink-august-november
File name:d.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:243 bytes
First seen:2026-04-22 09:44:20 UTC
Last seen:2026-05-19 09:25:27 UTC
File type: sh
MIME type:text/plain
ssdeep 6:L6FGoFdihd0XnD6FGaxAjFdihrNI4jD6FG3GjFdih7FaKLK5:qsWXnmAjsrNIQhGjs7cKLK5
TLSH T174D0A7E6D1332BC304198E08F5E1CCB0A192D08C0283BFDC6FFC281F027D8043A10A09
Magika shell
Reporter BlinkzSec
URLMalware sample (SHA256 hash)SignatureTags
http://208.84.100.209/arm58bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80 Miraielf mirai ua-wget
http://208.84.100.209/arm6n/an/aua-wget
http://208.84.100.209/arm7f94e7cf6e5f9005f3579e5373d049e417297e4cc267c41e2c63d2a2126552b5c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
54
Origin country :
AE AE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-34.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2026-04-22T06:49:00Z UTC
Last seen:
2026-04-22T20:17:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ff62202a-0fb0-4e89-aea5-5d42dd183702
Behavior Graph:
Download SVG
%3 guuid=8ea47954-1b00-0000-bc0d-9d15f50d0000 pid=3573 /usr/bin/sudo guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576 /tmp/sample.bin guuid=8ea47954-1b00-0000-bc0d-9d15f50d0000 pid=3573->guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576 execve guuid=890d9456-1b00-0000-bc0d-9d15fa0d0000 pid=3578 /usr/bin/rm guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=890d9456-1b00-0000-bc0d-9d15fa0d0000 pid=3578 execve guuid=c7951757-1b00-0000-bc0d-9d15fc0d0000 pid=3580 /usr/bin/wget net send-data write-file guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=c7951757-1b00-0000-bc0d-9d15fc0d0000 pid=3580 execve guuid=54ae9b76-1b00-0000-bc0d-9d154f0e0000 pid=3663 /usr/bin/chmod guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=54ae9b76-1b00-0000-bc0d-9d154f0e0000 pid=3663 execve guuid=77c70577-1b00-0000-bc0d-9d15500e0000 pid=3664 /usr/bin/dash guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=77c70577-1b00-0000-bc0d-9d15500e0000 pid=3664 clone guuid=172f1577-1b00-0000-bc0d-9d15510e0000 pid=3665 /usr/bin/rm guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=172f1577-1b00-0000-bc0d-9d15510e0000 pid=3665 execve guuid=d2828477-1b00-0000-bc0d-9d15530e0000 pid=3667 /usr/bin/wget net send-data guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=d2828477-1b00-0000-bc0d-9d15530e0000 pid=3667 execve guuid=c5505b87-1b00-0000-bc0d-9d15660e0000 pid=3686 /usr/bin/chmod guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=c5505b87-1b00-0000-bc0d-9d15660e0000 pid=3686 execve guuid=1effa087-1b00-0000-bc0d-9d15690e0000 pid=3689 /usr/bin/dash guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=1effa087-1b00-0000-bc0d-9d15690e0000 pid=3689 clone guuid=2358ae87-1b00-0000-bc0d-9d156a0e0000 pid=3690 /usr/bin/rm guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=2358ae87-1b00-0000-bc0d-9d156a0e0000 pid=3690 execve guuid=18a3ea87-1b00-0000-bc0d-9d156c0e0000 pid=3692 /usr/bin/wget net send-data write-file guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=18a3ea87-1b00-0000-bc0d-9d156c0e0000 pid=3692 execve guuid=3b78c4a5-1b00-0000-bc0d-9d15bf0e0000 pid=3775 /usr/bin/chmod guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=3b78c4a5-1b00-0000-bc0d-9d15bf0e0000 pid=3775 execve guuid=961e2fa6-1b00-0000-bc0d-9d15c10e0000 pid=3777 /usr/bin/dash guuid=b2fa4156-1b00-0000-bc0d-9d15f80d0000 pid=3576->guuid=961e2fa6-1b00-0000-bc0d-9d15c10e0000 pid=3777 clone d7b17489-721c-5937-8627-980c00fecda3 208.84.100.209:80 guuid=c7951757-1b00-0000-bc0d-9d15fc0d0000 pid=3580->d7b17489-721c-5937-8627-980c00fecda3 send: 133B guuid=d2828477-1b00-0000-bc0d-9d15530e0000 pid=3667->d7b17489-721c-5937-8627-980c00fecda3 send: 133B guuid=18a3ea87-1b00-0000-bc0d-9d156c0e0000 pid=3692->d7b17489-721c-5937-8627-980c00fecda3 send: 133B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-04-22 09:42:24 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=basjxtzfi4hvn2j2o3t6ea6ovj4x4ik6q3ajditzx4p7y77qin3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260422-lqreaacw8j/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 08249bcf25470f56e93a76e7e203ceaa797e215e86c091a279bf1ffc7ff04376

(this sample)

Mirai

elf 8bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80

  
URLhaus
https://urlhaus.abuse.ch/url/3828592/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b5b808c18cfed0634f394d35376e90be
  
Dropping
SHA256 8bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80

Comments