MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c
SHA3-384 hash: e788a6793091712f8107bdd17a6c96c7a3796b2be64d61a8fa44159b281f99225d21140053d6fca63cefb7cb584cb7c3
SHA1 hash: 616ba5783796491dd7831fcb049263d7dac3fbfc
MD5 hash: 0123625513d3035049d2b8b2fcb4d227
humanhash: aspen-white-echo-berlin
File name:9vmpsi8t.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'830 bytes
First seen:2025-11-16 02:47:47 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vYnYLOY27RWYrV6WYjM9UlYUpBoLYPADWNJY27HUY6H+YxKWYuzOYBaWYVWkDYEB:vI0UQ6L0k4Ug8En
TLSH T1FC51068D13B124B91FF1DFAEA3A85A80748546A5D4C99F004FCD7EB8255FE8071A8F82
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.232.121.145/dl/stwhchoj.x866955dfef696f8a75747109115f0ac96f4a3134079f55de31aedddeac5e0ff6f9 Miraielf geofenced mirai opendir ua-wget USA x86
http://103.232.121.145/dl/stwhchoj.mipsa3bedf990ef4de72ab74a8fcce0551c9d8dcb843952b4778227723a6a271ec32 Miraielf geofenced mips mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.mpsl84a2687e01249ae1465c7ca5e05546cbaf0914ab1012042d23f09ed97a26acdd Miraielf geofenced mips mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.arm5171a0e99b495b7f0bb54a5c2a81aa8196dae6131cc828eb34af337183db2c6b Miraiarm elf geofenced mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.arm594bb47119f811edc4971a70b2ea6e32810d37892491b37171b72d57f84c34f21 Miraiarm elf geofenced mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.arm6b1506568603578b37401ecb2e78f2ee2cde83e2f4e8023de7b70324985ae98d2 Miraiarm elf geofenced mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.arm79ff161e29f2f9355502c417b6a710c549e14a1363999f9bd3a4290d67398387b Miraiarm elf geofenced mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.ppc74b334a27a04c94b6336155ee713c8ee13bb8c2aaf81615a42d30aecab1f08e4 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://103.232.121.145/dl/stwhchoj.m68ke5a024ff727cd73dc84892fe3b6c037e15542e40aa6597023c00fc13f084c804 Miraielf geofenced m68k mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.sh4c223ec394b058e2c003cd249379bd34ed276d90b6f4e596988f118598130513a Miraielf geofenced mirai opendir SuperH ua-wget USA
http://103.232.121.145/dl/stwhchoj.spc96db90dba72935e07b7909300c69e77a5b49b182b72060a333c02607b43ebb00 Miraielf geofenced mirai opendir sparc ua-wget USA
http://103.232.121.145/dl/stwhchoj.arc5ec63b5eb77001ce8381db1d09b8610ace8fa60f1315ef41a360ba29345d98dd Miraiarc elf geofenced mirai opendir ua-wget USA
http://103.232.121.145/dl/stwhchoj.x86_6424180c83de2f26716b01a7bf0ccc5f8cc752d933efc8cd35f1ec98c240469d26 Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69193b8a0c70fbf813ac0f5a/reports/d87a8868-02b6-4992-91ab-cd1a28781259/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-11T22:13:00Z UTC
Last seen:
2025-11-16T10:19:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-11-12 02:31:49 UTC
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhsrogv644sia6f7kahlnkgvu2md2rt5h47a7kipwqfajktkjuwa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:demons antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/251116-daqtta1lhr/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (259604) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/19e5171abee7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 19e5171abee7248078bf500eb6a8d5a6983d467d3f3e0fa90fb40a04aa6a4d2c

(this sample)

Mirai

elf 6955dfef696f8a75747109115f0ac96f4a3134079f55de31aedddeac5e0ff6f9

  
URLhaus
https://urlhaus.abuse.ch/url/3709681/
  
Delivery method
Distributed via web download
  
Dropping
MD5 67479765df041356505341501764c356
  
Dropping
SHA256 6955dfef696f8a75747109115f0ac96f4a3134079f55de31aedddeac5e0ff6f9

Comments