MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10fc366fd3891698f918a76feadf8e07142464719d1cc208dd920d2cf9038257. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10fc366fd3891698f918a76feadf8e07142464719d1cc208dd920d2cf9038257
SHA3-384 hash: 3d4e65a8a74fad9861a1ee973cf67f24b7e31f7a3bdebe1ca836bdc44a68665ebc0a6ef547e25815a8c0ea50943e3425
SHA1 hash: 520cde31f1da4a6c2a954e877c5b56eb44e49bce
MD5 hash: c3f01ae4acd98f296bf4905280a2d309
humanhash: idaho-muppet-jupiter-failed
File name:thinkphp
Download: download sample
Signature Mirai
Create hunting rule
File size:2'750 bytes
First seen:2025-12-03 06:54:43 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vO9Us9tUR9m9Yhy97qL9t95969VC9X9NX9MK:vO9d9tUR9m9Yw9M9t95969k9X9l9MK
TLSH T18A5184CF51DAA7F0DDB55D9171E94804ACC2F297B4D7DE42E9E824A88C8ED8071D0EC9
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.210.88//Yboats.x862d7aad4cd9f534449106df11d19e3aed6a65db961acdd232885aee5cde939131 Miraielf ua-wget
http://158.94.210.88//Yboats.mips151ac329ae310dfb04c56227b1dbd901bee5ba48700702c568b8989010ff726d Miraielf mirai ua-wget
http://158.94.210.88//Yboats.mpsl6184c95af0c3d0bb886b0298184a6d05657d8a5737a272e256f0c8be71cbe2db Miraielf mirai ua-wget
http://158.94.210.88//Yboats.arm2cec0b417608931a403cfe5b028bb36d7308fce48c7b6ebf6dd6b5e5ea4fda0d Gafgytelf gafgyt ua-wget
http://158.94.210.88//Yboats.arm5f16f375df54b3c485164167423f7278339a1f7d87f9384be20a1dfb57e131d89 Miraielf ua-wget
http://158.94.210.88//Yboats.arm6a30d85f2dfd1b463fcc0c7feb9c912e55590c7ec02837b526cd1298010533860 Miraielf mirai ua-wget
http://158.94.210.88//Yboats.arm772b307a2d81e94f93e41c15f04a62d4d84a76d2d3b807ed76db9b533b41bd4c2 Miraielf mirai ua-wget
http://158.94.210.88//Yboats.ppc32315ee27ad49dc1519356e0b107fbd7db8269cbf6f283648056d6459160af5e Miraielf mirai ua-wget
http://158.94.210.88//Yboats.m68k9c05f063af0c3b63e7bd4b990303914a24722d6ec637aaf282faf050b9ae4166 Miraielf mirai ua-wget
http://158.94.210.88//Yboats.spc63f12222899ed2a303643d9d674a6375680eb5bcab4fb2959789b6be44bd505a Miraielf mirai ua-wget
http://158.94.210.88//Yboats.i686n/an/aelf ua-wget
http://158.94.210.88//Yboats.sh4a41516a742c34feb6fcc2814a4539b74a817c78699935b515fb51f333f29a139 Miraielf mirai ua-wget
http://158.94.210.88//Yboats.arcn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/692fdecf581354efeadb2e35/reports/aae38c52-4649-46c4-b55c-21ff1c808ca6/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/10fc366fd3891698f918a76feadf8e07142464719d1cc208dd920d2cf9038257
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10fc366fd3891698f918a76feadf8e07142464719d1cc208dd920d2cf9038257/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cd6dm36treljr6iyu5x6vx4oa4kcizdrtuomecg5sigsz6idqjlq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251203-hpwe3awmcl/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 10fc366fd3891698f918a76feadf8e07142464719d1cc208dd920d2cf9038257

(this sample)

Mirai

elf f3d62ef5384d652eada72ac38603793a332e7ae74def72f6d20c5c5afe6e87df

Mirai

elf 2d7aad4cd9f534449106df11d19e3aed6a65db961acdd232885aee5cde939131

  
URLhaus
https://urlhaus.abuse.ch/url/3669696/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5912a2cca11d4aad7350dc2d9c216411
  
Dropping
SHA256 2d7aad4cd9f534449106df11d19e3aed6a65db961acdd232885aee5cde939131

Comments