MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1
SHA3-384 hash: 6f776ab5ad3df83596ddd3501c45a58093eddaf81afbbdf6897a06ae60858b04c5813493f67c8409879860b26b5e6a4e
SHA1 hash: 457da2576f6df3cd34a29686e6692c1f87493517
MD5 hash: e6e185fc70105bade98c2b7bad840b7a
humanhash: moon-mike-table-whiskey
File name:jihe.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:840 bytes
First seen:2025-11-21 23:03:21 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:GErXCkaNIl5emc0LKJPaCNSarX6MA417rXOf2OyzQBo:PS7NI7BfKR/MIsODv
TLSH T11A01EDCD34A02273D594DE807863FC5AA248D6D829C03F5DACED18B2D6F49147B15F6C
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.84.79/arm77d8bcafd55ab9b45f9a43e24267bdfbbe53b300995b8981f06494ff28c98f40 Mirai32-bit elf mirai Mozi
http://87.121.84.79/arm577d8bcafd55ab9b45f9a43e24267bdfbbe53b300995b8981f06494ff28c98f40 Miraielf mirai ua-wget
http://87.121.84.79/arm677d8bcafd55ab9b45f9a43e24267bdfbbe53b300995b8981f06494ff28c98f40 Miraielf mirai ua-wget
http://87.121.84.79/arm7188ff4ffd6a3e30c8c6ae5a9aad54900093a97be0d190cfaf72a53b1517a124c Miraielf mirai ua-wget
http://87.121.84.79/ppch64n/an/aelf ua-wget
http://87.121.84.79/ppc8adf00a7b5338d10d3ff26b62c316eb94630d156a37577304b42768e1a5ac952 Miraielf mirai ua-wget
http://87.121.84.79/mipsf95c9af2e7be1e2edc8d123e38a25fcbdd4eb1f159f918e1dc4bc55eaf0676f4 Miraielf mirai ua-wget
http://87.121.84.79/mipsel002bcdc0de4dd55ee92084bbd631d0e94055972a512668545cee1a2cc369f16b Miraielf mirai ua-wget
http://87.121.84.79/spppcn/an/aelf ua-wget
http://87.121.84.79/x868e3639760b99df53e460e2b3a0659117eb52fb6b11481c1aefd1b54745eb660d Miraielf mirai ua-wget
http://87.121.84.79/m68kd4b39a2508d321d19451fec03c2ab58c605901fe2af2f2314171303d49d13e8e Miraielf mirai ua-wget
http://87.121.84.79/i4864869a84ee81ee91a5bb0e04f5ad6ef7e421c9ffbff22298e93f2c28a80942d35 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6920eff27d011c9c3a484489/reports/943fbc82-681f-4d27-a75c-26b2ae673a04/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-21T20:22:00Z UTC
Last seen:
2025-11-22T10:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f881e2f8-574b-41ff-8f72-d12f33656ec1
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 23:04:21 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dk5duyturhqhmvi75tancugjuq6bikywfaqe5c64xwpswx344tqq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251121-22dwbs1pfn/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1aba3a627489e076551fecc0d150c9a43c142b1628204e8bdcbd9f2b5f7ce4e1

(this sample)

Mirai

elf 77d8bcafd55ab9b45f9a43e24267bdfbbe53b300995b8981f06494ff28c98f40

  
URLhaus
https://urlhaus.abuse.ch/url/3713740/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fc7d9f63ff8580290e4c4cf108878174
  
Dropping
SHA256 77d8bcafd55ab9b45f9a43e24267bdfbbe53b300995b8981f06494ff28c98f40

Comments