MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49
SHA3-384 hash:	cfe331c9729107031f24c870cbcc449e1e941099fbf1f395a204741352c0b3a59d7762d31247305088dac92808483e6f
SHA1 hash:	675ec3d0779c63410d41680f56e09cc74d682a32
MD5 hash:	44c9389c1c03d2307151f973c337bc2a
humanhash:	muppet-artist-mike-sad
File name:	run.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'926 bytes
First seen:	2026-02-14 05:58:44 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:7S2JMBnbiBJuuZAEvEnEYPEhEmdbbwaFJUfyFhM3w:7S2JMBnbiBJuuZAAc1yLbbwuFhM3w
TLSH	T1FC516D9A12205FB5D708C94EF7F0B934664FA0C3EBDE9704AB420B6C8EC9D4C3685E60
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnaarch64xnxn	8ee25ba8e786dbf18d846454331c9bc2116be4ed9f113847913eaf4e69096627	Mirai	arm elf geofenced mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxni386xnxn	8ae6cadcf9bbc69f3ff03e1ac345aa3035215596c92ca5571443e2b1064ad6bf	Mirai	elf geofenced mirai ua-wget USA x86
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnloongarch64xnxn	b36f3499dd7b752fed1259d89db0c7a78e38d50abb4cbf8b5aa2adb27dbb5493	Mirai	elf geofenced mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnm68kxnxn	fb8c72ecc903de60a315a647996b49b9132d1d367b84e7b38de67325217d55fa	Mirai	elf geofenced m68k mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnmicroblazexnxn	37370273ab5fec76fdefb0830ba0301f9c9ddfa9cf58913d39fe665295d5f53c	Mirai	elf geofenced mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnmipsxnxn	b1368d7136320bb92735a43f6c6612efe03f9a7ef2d65e7eb9a5851ddf7e7e23	Mirai	elf geofenced mips mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnor1kxnxn	8b1a1d4407401b388b58e1830406bd6efad4a91a82ab5f27a911fc2cb9ebcfe6	Mirai	elf geofenced mirai ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnpowerpcxnxn	84401833b9107cc6c2c378194f3ed1c3f2c8e24abec0c892f85e22170e0b3a7b	Mirai	elf geofenced mirai PowerPC ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnriscv32xnxn	6566fcfa7146aa2216c1d1ad0dc62e65265c40294f1d3993312a7df88ad70047	Mirai	elf geofenced mirai RISC-V ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnriscv64xnxn	8b67445cce8d0c0729abe7b3e3bfd93cfaa3121d264218b3792470c7ab187ce9	Mirai	elf geofenced mirai RISC-V ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnsh2xnxn	052b47c2bb452ee21bbe4c1687b03bd596dec5daa58ff2b4a50b517b1a5c1ddd	Mirai	elf geofenced mirai SuperH ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnsh4xnxn	76c2fd1f54711c66d37ebe3bfad62895dff1809fb811654e601cf0291298c16f	Mirai	elf geofenced mirai SuperH ua-wget USA
http://87.106.146.195/bins/xnxnxnxnxnxnxnxnx86_64xnxn	009e60e4db5dccf9d96b4b5b496d592c8cd20f1380c9c80799ad9be17d6900bc	Mirai	elf geofenced mirai ua-wget USA x86

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm evasive mirai

Link:

https://www.filescan.io/uploads/69900f3c2ffccda0976f9deb/reports/a3e86bae-dc30-401a-afbd-75b6e150f62a/overview

Verdict:

Malicious

File Type:

text

Detections:

HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/03c83e07-7bac-4c7d-b8de-8789aab5a250

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2026-02-14 05:59:39 UTC

File Type:

Text (Shell)

AV detection:

8 of 24 (33.33%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cugift2cmt6rvpqhhqwx2jzc3k3sn45puqfo2beqr4bhvjxn3neq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260214-gpv9mahx7d/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/150c82cf4264fd1abe073c2d7d2722dab726f3afa40aed04908f027aa6eddb49

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.