MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20
SHA3-384 hash: 4a6eac85062f22a3c005109b00d8ad47a514fd98efc278c06361b9a8fe38cf4dcec3ce55b1c91ee0a4370c0af5659cfd
SHA1 hash: 317652ccbdd7e8f9377790c47b6a2f343ef7e4d4
MD5 hash: 5d134a198d15fc55c1e2ecfa54804505
humanhash: venus-william-fix-earth
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'378 bytes
First seen:2025-12-13 23:58:59 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:qijmjByiaV6WB20InUXxTAPCI7ITC/h/L:qijW0NtNXzK
TLSH T1D061A6E5B431637031C88D7C711598986AABDDB9B0782B19B9E52C7280DCD1D331AB3E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.147.189/systemcl/arc1078f2fef9abdeda64bb97bd4c1e4ba9a6c8ee74a13eb8f29853b27ea5abd844 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/armbe58a44667b375703a76ad0c6ddca15d16aee9717d125919f20dce30763cc00e Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/arm558979f8f088f4a7ccb290972f63908b9f2aed2745965edec68713c3cd48288dd Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm6cda60790407bccd1f7e11f6b1ec2f299a5348392a1abfdfddaeae28e42bd284f Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm77dd8c3fe8594bd26a06d0df7438b4c06356b02767c5f246bcca9380549452261 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/i486n/an/aelf ua-wget
http://31.97.147.189/systemcl/m68kee69d2f047fb8bd98d96d1ff4fb41f5dbea8aa91d81b60819542c8de7eb80a62 Miraielf geofenced m68k mirai ua-wget USA
http://31.97.147.189/systemcl/mipsb38cac7dcd0b2f68f15499113658d15987de22ba225cea00a14e95a885adec75 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/mpsl6bcd18e09bdddc9823c1ebc6090640ed723eddb8d214958ee99d607da2e6d86b Miraielf geofenced mips mirai ua-wget USA
http://31.97.147.189/systemcl/ppc55bdaa3a8a9608985b07865783259092d37736f52066f94df42f2a4c9820b026 Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.147.189/systemcl/ppc440n/an/aelf ua-wget
http://31.97.147.189/systemcl/sh46d1e8f244ece4575dd4fa0e405b758ba2bf4b265cdf25eda7084d2d7bd3d1a83 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/spcab43916d8e693e404bcb5f0c732139dfae5b3e122a4ad12b6b97d35639cb7749 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/x865b1f2a4aae9074691cb6f36abffe7c155844f670b8fcf1c9106ca60201217bf3 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/x86_64970d48b9edbe3f7877701b695eec9e47f7f64409a951de973b4e40e72e0da785 Miraielf geofenced mirai ua-wget USA x86
http://31.97.147.189/systemcl/x86_32dc64fc3028969c469f2609a14428a2f85cb2e51b27c4194fb0d4b40822e85df8 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/693dfdcfcf690d27f3dece4d/reports/7eadd0a0-7130-4c0f-9489-bdf64ea8be4f/overview
Verdict:
Unknown
File Type:
unix shell
Link:
https://opentip.kaspersky.com/1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-13 23:59:15 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cv2qsyiqwd3llojjmvch3mrmu6w5j56mspsmpoxwj2hyark6xmqa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251213-31wv7abp4z/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1575096110b0f6b5b92965447db22ca7add4f7cc93e4c7baf64e8f80455ebb20

(this sample)

Mirai

elf d58acea96a43aced3c3f6946c7d659bc6dd0c1ff50bfee3619a40d7463333d9f

  
URLhaus
https://urlhaus.abuse.ch/url/3713672/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3724846/
  
Dropping
MD5 16db901e15bd0b78b7240078477fa42d
  
Dropping
SHA256 d58acea96a43aced3c3f6946c7d659bc6dd0c1ff50bfee3619a40d7463333d9f

Comments