MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3
SHA3-384 hash: e001a66769778a16c300f1bc6a6e7861db64f80757e63a335f0087bafeb1b18f652d2cdd4e473395c02b6ee8c41d1cd0
SHA1 hash: c410c9ddda39c8180500b4dfcbb6b7b9231aa4fd
MD5 hash: 0c0bb9a80d5ea4f8936f894d24642dad
humanhash: johnny-mexico-paris-eighteen
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'479 bytes
First seen:2025-11-18 17:23:43 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 192:XG3mBcXOBqbQp83uzC12fNk7sZBgnAlePOZkePOZkJofI9sNwDyPGpiD9Ur8J4xk:XG3mBcXOBqbQp83uzC12fNk7sZBgnAla
TLSH T181D12EF6B48A52BCDD9FC83E515429BD508AB9CB26874D6887EE20767C89FCC5C409C3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x868d3700377e881e7ea2e629abca7c2207d4888b53ac4becc945bb06a6a238def4 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips8df88b9d94011e6719628b683f8819bdf9c820de9f69f0e3557e954fa27052fe Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc216c1fe4013d8e6a226268bb8f0ddcd86c76a6dfb3b43f59fb9d53681e9b33e5 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468n/an/aelf ua-wget
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i68641788139d7648f3575028597231d705cc9cd2a92ac29bd9ee4f8fee9d1fe5040 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64cfee5c898cdaf6b80e842642d7a761e3978ef95c48522c247cfa2b7ed4a20349 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsle7d10efe665c48875742fbb2e801d45c9bd8f5ff801bfd1b9d7737b7901eb3b4 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.armfc508da563689afd81fe2e869a23c466eecf24b5030cf6ef3ea8dd22358d0492 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5c3d7ec62233b511d43d850c716e4eeb8cde98c3c5ffac55644a2baed6de41751 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm63f119af8a38034d479b64c0df1e968455ebe9ac252e99d343cbda6da4fb95cfd Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm715598cecd0d6be2d9b5cd9812b55d409d80d080f51007d779f7e890dea5c2c8a Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc8576a00f145bae25947c3812fbd9cc8c801f6e734fea1885d3845ffee3bc7e5e Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spcda32f8b9d90fd290c41e0a5810512d6a63237af574cfb37a3a3475fede9fdc71 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k4cca40a378396d30956ac1732764cc02a5500699e8a5352f51220be1960ca981 Miraimirai opendir
http://194.87.245.7:8080/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4eaded8049ec850d0f92456846375d3677547adef18e7aa399064b92413be3e1a Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/691cac2096b510474f56575e/reports/d3dd309e-6b4e-48dc-a7c1-6c43c9042bb4/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-18T15:23:00Z UTC
Last seen:
2025-11-18T15:57:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-18 17:25:49 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=czlb7n5h767gl75eobgd43274ezhk4qzkea4sgmiicfbsq2xudjq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251118-vzrk3s1qbp/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
Deletes log files
Enumerates running processes
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai family
Mirai
Malware Config
C2 Extraction:
jhfhfdkhdfdk32.duckdns.org
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/16561fb7a7ff/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 16561fb7a7ffbe65ffa4704c3e6f5fe1327572195101c91988408a194357a0d3

(this sample)

Mirai

elf e9fe814f39493e6ce3bc783bfc9ff900a8caea2cf80c62fe5075e0fdaffbeb03

Mirai

elf 8d3700377e881e7ea2e629abca7c2207d4888b53ac4becc945bb06a6a238def4

  
URLhaus
https://urlhaus.abuse.ch/url/3711481/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3711516/
  
Dropping
MD5 089f45ae334e45c7b09ff4df1782e1cb
  
Dropping
SHA256 8d3700377e881e7ea2e629abca7c2207d4888b53ac4becc945bb06a6a238def4

Comments