MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32
SHA3-384 hash: 4e4ad13e0f5c71f84ab5280570f38fb16c9139ff53fd64d0e9d4e1db26f5cef516a6e99954e15c80905631e93ed14a1a
SHA1 hash: 94fac6ad34c81d9305bb03d398a8f6855106ef8e
MD5 hash: 2abe4731615b3c32110c2cb056dd4d26
humanhash: mirror-lithium-lima-four
File name:76d32be0.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'027 bytes
First seen:2026-01-15 12:09:51 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vd1WQ1d+jwQ1dCOCRQ1dk0Q1dB0Q1do8Q1ddkQ1dmwZQ1dsr7sQ1dnXKQ1dNvOTh:v1OpU3MXBYOruV
TLSH T1724115CA21558F303CEE589BBFFA5C4A74D0A09B9DC12E1159E834E9448DF083F89A93
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.49/bins/armdb38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm5d76f8bd1b486b69682eff485b41f47848d7cd72b4c1e20fabd44b37325d384b8 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm637555ca6e9f94fae07e92ebabe3b25d1b353b993ce4166742a684e10f7e22a14 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm77a21c878989a083a2c39dad51219ce926cc986f901896f6e716e9da2316242c7 Miraielf mirai ua-wget
http://130.12.180.49/bins/m68k5d25dc191ac20f5b6710d0ce69289f443919a6bf91297f133a412cb238d25f25 Miraielf mirai ua-wget
http://130.12.180.49/bins/mipsf57e5a1a788a3043a2888072361f85d67bc95c1fff1ef4cfb2f993f418dd21c7 Miraielf mirai ua-wget
http://130.12.180.49/bins/mipsel4b31ab02ed3e3f6074f999c9d573a5db483674b8259a3ce1be473d62a9432684 Miraielf mirai ua-wget
http://130.12.180.49/bins/ppc2dd93b0159210e8eed77ffc3664cd5e49cb64e37d0bf0b35a778c4a6785fdb2a Miraielf mirai ua-wget
http://130.12.180.49/bins/sh42f63ee7135c9b247ad92809e8b468a652b13854082adeed64aae3fc2ba307815 Miraielf mirai ua-wget
http://130.12.180.49/bins/spc31efdd5ef3c08cb46e45b9c6321eec40f389b434b8cf0023a3c5bc61d5d518f9 Miraielf mirai ua-wget
http://130.12.180.49/bins/x86433b22d173d940f1cfc9a1231404d93bb76e16a2fed7dcddf3c5a99a99ce3beb Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/6968d94b3dd9d20950558e4f/reports/c01df0a7-2e78-4cd6-868c-aa6c3ff39658/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-01-15 12:04:23 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=doauig4c555v7ensnxciryci2gpak2cvuecy35vm3sh7p6qhrmza._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:hajimari antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260115-pch3jad18e/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (385319) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1b81441b82ef/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1b81441b82ef7b5f91b26dc488e048d19e056855a1058df6acdc8ff7fa078b32

(this sample)

Mirai

elf db38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4

  
URLhaus
https://urlhaus.abuse.ch/url/3758551/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8119c8263c6196dcdc6780a0ac9d51e
  
Dropping
SHA256 db38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4

Comments