MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616
SHA3-384 hash: 99d85171ea9bb2cc65da1ed0e755c41ad68edb7baede1609eb641034ae4b4cfb7984d279c99ba79cb753dcaff06f3a8a
SHA1 hash: ebecc3127700a6d2c23c7acfcc1c8fcfd249f685
MD5 hash: 16f67ca4f26708e2661e9f26009a43d5
humanhash: uranus-lemon-burger-music
File name:cat.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'680 bytes
First seen:2025-08-11 19:24:58 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:jTUZQvw9LlGbofEzdgnRngPwZdzzYfKCazEjYfO:+XV3ZFcv
TLSH T12F3165CDD3609ED2C643CE60B871D3C493ED95CBAAD2CBB4A48B1C61D89E9407C39B25
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.248.150.68:82/x86_64bf2f6cabef911ce9831a056876f3485179d29f64f94d02c9601950ada1eea3e7 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/aarch6485033f3b22af2fdc9cd0e8dccb0350628e2a98ef5dfc2acad2621cc481cf568c Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/m68k0576fc5bd59a62492f6ebfa86e9be02890bf83f9c391564c82a144295a16cde7 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/mips64564934bc88c767a620213b33829cdf1361db7ada1799e76306d12dbc05df3c Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:82/mipselbcbcc0b663134ebe7c0feaec5da883ab249255cfc1375541a0382f5750366c71 Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:82/powerpc731933d3e5649c2cac0a63ebeefa8186e8415e0ee16ecad80486411855a41ce1 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/sparc417fc3f02b669350c771c6f89cdf972bc7c4f7aadffab70c049dcc1e74fdb008 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/sh423a263ce9804c6e1f1c0d681023beec6f4cd062c3810c95eb1d75f0beef826d0 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/arc22f6a8e385478f2c1a8c7c1c6457d0ce15cb798c3db0c45d1d3b09888eb127ad Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/i486609c613644b804b43bdd234a2632eb6c7c55e32d33ac04297a480490af890f95 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/armv4l83717b1a81eb951d04eb5e9d8895ecd6068a006f92cae3a9946271ea9f98ca94 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/armv5l9709a102b3295ea95f9644ce482c23506bbbf9b74c5266f8df314bbeed841112 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/armv6lcf8bce30ad4d70cfd8d3e31ab1d85984bfad438637054d7df517091bda20ebbc Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:82/armv7l9ff44ee748d44d241bf2ca3ad2824cd3a7c9f33b3c354dcc5db26e20c3640173 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.683.7850.22683.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 19:30:46 UTC
File Type:
Text (Shell)
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyg6zl2xtww5ofv5yjc6yqkqu3y7pndwfkbqw6ue3dap5u5xqyla._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/250811-x6kgfshk7v/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Enumerates running processes
Modifies init.d
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 160decaf579dadd716bdc245ec4150a6f1f7b4762a830b7a84d8c0fed3b78616

(this sample)

Mirai

elf bf2f6cabef911ce9831a056876f3485179d29f64f94d02c9601950ada1eea3e7

  
URLhaus
https://urlhaus.abuse.ch/url/3600953/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fca96b2cfef2ac864a61d4deed308fb7
  
Dropping
SHA256 bf2f6cabef911ce9831a056876f3485179d29f64f94d02c9601950ada1eea3e7

Comments