MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d
SHA3-384 hash:	a5f4fdbabf501775a6901665ed841316a2761746746599b97a74f745b692bb8a30d98f8c9dc04c34020d9ff691416fd9
SHA1 hash:	c9a0350ca0cf43d72768942afefb0079c8d7b4c4
MD5 hash:	4210691b5f7fb9b11a2ad20a423dc175
humanhash:	johnny-lake-two-emma
File name:	bins.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'154 bytes
First seen:	2025-10-15 15:33:38 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:t/dhrNIvgKOpbZpWFMH6NNI79fKXses8NNLd:tr5pCMa49fh6NNd
TLSH	T17821309F98513B8A4DD4FF897171480C7019D38B28E64BD9EDAD54BD81BD5183027B87
Magika	csv
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://23.177.185.39/garm	n/a	n/a	elf ua-wget
http://23.177.185.39/garm5	58b3a79908d27434eeca74e2c54476fb38b2b93b540abc04f7315bde694a914a	Mirai	arm elf geofenced mirai ua-wget USA
http://23.177.185.39/garm6	0c1313445a60d4b30b3f7f51f71a338ed42422d5f28e200a40ef259a40eeee4a	Gafgyt	arm elf gafgyt geofenced ua-wget USA
http://23.177.185.39/garm7	70116c88989dac84c982c6bcd364ee6f6a5b9dd22e8a295d209ce8cc72ab2124	Mirai	arm elf geofenced mirai ua-wget USA
http://23.177.185.39/gmips	7ad355b06d01dd98b4eb6edb6415cd4642d328a2925ec3cd70ebf6b871ffc04e	Mirai	elf geofenced mips mirai ua-wget USA
http://23.177.185.39/gmpsl	ba80287beeb7e1e12ee4af4cd70084a313da19733bc37bb52d8e79ecbc0b48ba	Mirai	elf geofenced mips mirai ua-wget USA
http://23.177.185.39/x86_64	7e02164c352397c011317df0cff9c6b3ec66eb749f5c68dcca67c3c6f50f86a6	Mirai	elf mirai ua-wget
http://23.177.185.39/arm	f6038ff963fc43473bd69ee8b571b6bcdc88d7bb3231ec5727e835232edee6a7	Mirai	elf mirai ua-wget
http://23.177.185.39/arm5	b5f97c4c0ff408de365da6735bf940d1a6a7f7465be68509db8e313f3dcf174f	Mirai	elf gafgyt mirai ua-wget
http://23.177.185.39/arm6	625c60b9a8b0347d5a3988d73bf19d9c5bc9bf126fa8720dd28c648edb4a0975	Mirai	elf gafgyt mirai ua-wget
http://23.177.185.39/arm7	ffe536b3d11dd297b8155ecf55695ef88518cc6e35976efed155b6328444bfb5	Mirai	elf mirai ua-wget
http://23.177.185.39/mips	2cae01a9c5ccb06c91d94ba45a9aaec9f804f60f9bf86cdf97daf5ceacae8f4f	Mirai	32-bit elf gafgyt mirai Mozi
http://23.177.185.39/mpsl	9b9764585122f6e0d842fb301963fed0cb6cba5a12740fec2c660d1f636bafd5	Mirai	elf gafgyt mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/68efbf14057c46a471cd8a37/reports/923ba35e-2b87-4e3d-8f33-ca1d133448c3/overview

Verdict:

Malicious

File Type:

text

First seen:

2025-10-15T08:47:00Z UTC

Last seen:

2025-10-16T18:24:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/a576d93b-9052-4974-b5a6-389cbcbccf70

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-10-15 13:41:59 UTC

File Type:

Text (Shell)

AV detection:

22 of 38 (57.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cqajpmyd5khdznucq7xh7lrxzyb6wjqgkgnoqd4passlttkavcgq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251015-sz3l8s1ydx/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/140097b303ea8e3cb68287ee7fae37ce03eb2606519ae80f8f04a4b9cd40a88d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.