MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f
SHA3-384 hash:	25a1fd57c1d089f4bf4b73ab103be50489339c46185451eea297bb58dd06f6f4e79504730b6529879040a4c8c201fc3e
SHA1 hash:	640930a63ae133645d1470f0bb23ad32143b881e
MD5 hash:	e5123d2ecf439f66c1abb7daae3210a3
humanhash:	montana-fish-carbon-december
File name:	acurl.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	677 bytes
First seen:	2025-11-19 08:32:42 UTC
Last seen:	2025-11-20 01:25:29 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:KhI5W3CtI1/TbNZ7BwqL7Zg1npLO4C7Z62kC7ZOzliAEEZ7Znzqld7ZhoJiw7Zl1:KOQyS1bbzBbW1npLO6vLliANzql5oJt1
TLSH	T11D01F78C81466E53260DCD56B393442D117EE7CDB5DE2BD0FEC8EAEC86C078E6019AD6
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://183.81.33.194/arm	39ccf5403edb501d79b7d765ec915f3bf78840ecc9ae4ded56e205a539b33ff1	Mirai	32-bit elf mirai Mozi
http://183.81.33.194/arm5	37630084dd10bbd25b42984dd63fbc1cd05714615a31f1b1dd90a86b8e7100d1	Mirai	arm elf geofenced mirai ua-wget USA
http://183.81.33.194/arm7	ca4bd50228d92ac1266506b2ac7fb5636638bd6f3e8ae710fc373c41189ada26	Mirai	arm elf geofenced mirai ua-wget USA
http://183.81.33.194/mips	08fe033056f2f363637df7eaa1395592cb81e9fe81cd47c0ebd4179dae842f31	Mirai	elf geofenced mips mirai ua-wget USA
http://183.81.33.194/mpsl	1722e1c45b9505351948ded6293528b5baeeba06c892f13ba028e49fb0611797	Mirai	elf geofenced mips mirai ua-wget USA
http://183.81.33.194/arc	06693d6a05d2458d13aa8de434f5651a933ca8ffc1eee7a7ce0e3fe3c087db54	Mirai	elf mirai
http://183.81.33.194/aarch64	bcfc9d2b50bf532f047d666f88c4fa2de9410b40d8a339c840cce3fb69037ec9	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive mirai

Link:

https://www.filescan.io/uploads/691d80d214feed3357ae0422/reports/6eb6dab2-ee68-43ec-9f02-7642704a8c46/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-18T23:55:00Z UTC

Last seen:

2025-11-20T23:49:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/8bfa1676-dd30-40e2-8456-43a1439add0e

Behavior Graph:

Download SVG

Score:

83%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-11-19 03:50:05 UTC

File Type:

Text (Shell)

AV detection:

7 of 36 (19.44%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bgttbi2wzsvz4wfgumar4becqjwy5mxsjunzy5tbdzige3ikmv7q._file

Result

Malware family:

n/a

Score:

9/10

Tags:

antivm credential_access defense_evasion discovery linux

Link:

https://tria.ge/reports/251119-kf28cshn8w/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads process memory

Creates a large amount of network flows

Deletes log files

Enumerates running processes

File and Directory Permissions Modification

Deletes system logs

Executes dropped EXE

Renames itself

Unexpected DNS network traffic destination

Contacts a large (13458) amount of remote hosts

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.31

Link:

https://yomi.yoroi.company/submissions/09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 09a730a356ccab9e58a6a3011e0482826d8eb2f24d1b9c76611e50626d0a657f

(this sample)

Mirai

elf 39ccf5403edb501d79b7d765ec915f3bf78840ecc9ae4ded56e205a539b33ff1

URLhaus

https://urlhaus.abuse.ch/url/3711680/

Delivery method

Distributed via web download

Dropping

MD5 ee47c39eaec4a0d16d33095620acba41

Dropping

SHA256 39ccf5403edb501d79b7d765ec915f3bf78840ecc9ae4ded56e205a539b33ff1

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample