MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0eef5bc2152e354f4650dc37092aca64aa5419fcbcb874f9605a26d3a5389999. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 0eef5bc2152e354f4650dc37092aca64aa5419fcbcb874f9605a26d3a5389999
SHA3-384 hash: ee85601cb64a2c10ba394c1655ca3a1399d7022eba6496847d781f58f63ed74ceee2fbb92f1f5a10ab0b5a5bd4d2ee48
SHA1 hash: 4af17c22f356e09346114a15317a35f27935a9ff
MD5 hash: d31a5728884170e6036524cb564f227b
humanhash: echo-kentucky-montana-gee
File name:lil
Download: download sample
Signature Mirai
File size:852 bytes
First seen:2026-07-01 02:16:15 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:dOXOsYxcysE+vhCFN0zvy/RQvZowHkaCRjCgB1CDFFCFCgBnY8CRJKCSosYX:kXCKysE2hi0ziQvZohaC1h1VZ+81Jo/X
TLSH T193018CC98044991040AE895D22976455F82183CE1A4B4B75FFAC693EAB88D04F136F94
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://129.121.114.124/82Yf3045b343fdc468cd99623a18639a0a70d38878490afe972c345ca5a38896fa5 Miraielf ua-wget
http://129.121.114.124/HqhCd126777fa2a74d017281d8b9a054d88dc5eb1424f80b278539ee3b351820ac4b Miraielf ua-wget
http://129.121.114.124/mnkk9377d9f02a48345858ba2ad213de0e42a6919b7ceb0101b25083cbb61f3ad641 Miraielf ua-wget
http://129.121.114.124/tJTB98d29e3e1965a2319a0242d0162d8f33e0bfedfc305a2af99b19e5cbdf15eec9 Miraielf ua-wget
http://129.121.114.124/XzsJ81d2ae507145f612d97819fd248f278e80b190332bd9520a76534ff3d0ac4cda Miraielf ua-wget

Intelligence


File Origin
# of uploads :
1
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader evasive mirai
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-07-01T14:10:00Z UTC
Last seen:
2026-07-01T15:54:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-07-01 02:17:35 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0eef5bc2152e354f4650dc37092aca64aa5419fcbcb874f9605a26d3a5389999

(this sample)

  
Delivery method
Distributed via web download

Comments