MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83
SHA3-384 hash: b0bfa4a18535dfd686c1bf1be5f8c5793f5ef68547c0f457084c4a0ce7a4623dcc3263104874979322f1a90559acfca6
SHA1 hash: f70e2d2eec69e88c97a19ca83878154a3db97c0d
MD5 hash: cc2b722c7b34425da3073854cdfd09f5
humanhash: sink-mockingbird-indigo-lion
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:814 bytes
First seen:2026-01-07 15:34:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Fqj+2+FNI1FA+WiKT+piFq+Pton+zn+ih+ZxGJv0j+mA+xXAO:AyNITKJ7HWH
TLSH T159019B9E0174E3154618CE00705EDB18BA469AC1B2F4CFC4D885AA7BACDED11725CF8F
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://14.225.20.10/csk_arm3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e Miraielf mirai ua-wget
http://14.225.20.10/csk_arm57e27d70ef08cc6a380ac6e92d312d7d14a0063b8f0043333771923165dd9add5 Miraielf mirai ua-wget
http://14.225.20.10/csk_arm6dba31f9c022880707c1687a193cb1ebf6470ec3daaa642d9566d60874f77dc16 Miraielf mirai ua-wget
http://14.225.20.10/csk_arm78a807fe858d9a6b452905606c974b345b2fad130fd352bf064ff68d04a958103 Miraielf mirai ua-wget
http://14.225.20.10/csk_m68k7679266043c5ba20bddb70235b099d41f550bdb8586dffe0a30cd55461add399 Miraielf mirai ua-wget
http://14.225.20.10/csk_mips7343d71bb7d0045d816b73fabc1429b8a2a6006e10f68ef0bd250ad9dff904f0 Miraielf mirai ua-wget
http://14.225.20.10/csk_mpsl005f565b1a2472c5c6d34e9ce8ae2058e15b91265e2e55ace274f1386c8bc3b1 Miraielf mirai ua-wget
http://14.225.20.10/csk_ppc3ee5f789d89a5c220552cf24d5c232d4ee7ba29c5707bf449837bcdc41ddc49c Miraielf mirai ua-wget
http://14.225.20.10/csk_spc048cf68470501740ac2efc1b2c6b193760f99494570b90ba4f1d74b534aec5f6 Miraielf mirai ua-wget
http://14.225.20.10/csk_x86088b1ec37bd2bd85f5ed2371e19cb852049eb8cae03e27cd6b1f270548a8e0ae Miraielf mirai ua-wget
http://14.225.20.10/csk_x86_64fa49458eeb48ee164b9963f4aebcabc26862899c4dcf26a8979321587221623b Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/695e7cf71353192e0f8bdd48/reports/31848244-c1e1-402d-a2ae-8419d63e674a/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2026-01-07T12:41:00Z UTC
Last seen:
2026-01-09T11:10:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Backdoor.Linux.Mirai.hv HEUR:Backdoor.Linux.Mirai.h HEUR:Backdoor.Linux.Mirai.cw HEUR:Backdoor.Linux.Mirai.b
Link:
https://opentip.kaspersky.com/1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/32693973-b29f-41a6-9d94-1ced403b2902
Behavior Graph:
Download SVG
%3 guuid=2b5627f9-1800-0000-6de4-c42089110000 pid=4489 /usr/bin/sudo guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494 /tmp/sample.bin guuid=2b5627f9-1800-0000-6de4-c42089110000 pid=4489->guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494 execve guuid=7af7f1fa-1800-0000-6de4-c4208f110000 pid=4495 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=7af7f1fa-1800-0000-6de4-c4208f110000 pid=4495 execve guuid=b13f926d-1900-0000-6de4-c4208f120000 pid=4751 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=b13f926d-1900-0000-6de4-c4208f120000 pid=4751 execve guuid=5055d96d-1900-0000-6de4-c42090120000 pid=4752 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=5055d96d-1900-0000-6de4-c42090120000 pid=4752 clone guuid=2c1fab72-1900-0000-6de4-c42094120000 pid=4756 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=2c1fab72-1900-0000-6de4-c42094120000 pid=4756 execve guuid=36f7b6b0-1900-0000-6de4-c4201a130000 pid=4890 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=36f7b6b0-1900-0000-6de4-c4201a130000 pid=4890 execve guuid=ffd036b1-1900-0000-6de4-c4201c130000 pid=4892 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=ffd036b1-1900-0000-6de4-c4201c130000 pid=4892 clone guuid=ab8f9ab3-1900-0000-6de4-c42022130000 pid=4898 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=ab8f9ab3-1900-0000-6de4-c42022130000 pid=4898 execve guuid=d72f710c-1a00-0000-6de4-c420e8130000 pid=5096 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=d72f710c-1a00-0000-6de4-c420e8130000 pid=5096 execve guuid=3de8fb0c-1a00-0000-6de4-c420e9130000 pid=5097 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=3de8fb0c-1a00-0000-6de4-c420e9130000 pid=5097 clone guuid=6ac48e0f-1a00-0000-6de4-c420ef130000 pid=5103 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=6ac48e0f-1a00-0000-6de4-c420ef130000 pid=5103 execve guuid=367b9aa7-1a00-0000-6de4-c4206d140000 pid=5229 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=367b9aa7-1a00-0000-6de4-c4206d140000 pid=5229 execve guuid=06b4e2a7-1a00-0000-6de4-c4206e140000 pid=5230 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=06b4e2a7-1a00-0000-6de4-c4206e140000 pid=5230 clone guuid=72dc76a8-1a00-0000-6de4-c42070140000 pid=5232 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=72dc76a8-1a00-0000-6de4-c42070140000 pid=5232 execve guuid=e12f11f2-1a00-0000-6de4-c42071140000 pid=5233 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=e12f11f2-1a00-0000-6de4-c42071140000 pid=5233 execve guuid=beb3a7f2-1a00-0000-6de4-c42072140000 pid=5234 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=beb3a7f2-1a00-0000-6de4-c42072140000 pid=5234 clone guuid=01bf19f4-1a00-0000-6de4-c42074140000 pid=5236 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=01bf19f4-1a00-0000-6de4-c42074140000 pid=5236 execve guuid=78fb113f-1b00-0000-6de4-c4207c140000 pid=5244 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=78fb113f-1b00-0000-6de4-c4207c140000 pid=5244 execve guuid=8cb65c3f-1b00-0000-6de4-c4207d140000 pid=5245 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=8cb65c3f-1b00-0000-6de4-c4207d140000 pid=5245 clone guuid=54ba0b40-1b00-0000-6de4-c4207f140000 pid=5247 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=54ba0b40-1b00-0000-6de4-c4207f140000 pid=5247 execve guuid=fddbfb9d-1b00-0000-6de4-c42080140000 pid=5248 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=fddbfb9d-1b00-0000-6de4-c42080140000 pid=5248 execve guuid=2e504c9e-1b00-0000-6de4-c42081140000 pid=5249 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=2e504c9e-1b00-0000-6de4-c42081140000 pid=5249 clone guuid=936ccf9f-1b00-0000-6de4-c42083140000 pid=5251 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=936ccf9f-1b00-0000-6de4-c42083140000 pid=5251 execve guuid=4aa65eeb-1b00-0000-6de4-c42084140000 pid=5252 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=4aa65eeb-1b00-0000-6de4-c42084140000 pid=5252 execve guuid=6fea98eb-1b00-0000-6de4-c42085140000 pid=5253 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=6fea98eb-1b00-0000-6de4-c42085140000 pid=5253 clone guuid=2df622ec-1b00-0000-6de4-c42087140000 pid=5255 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=2df622ec-1b00-0000-6de4-c42087140000 pid=5255 execve guuid=64b92937-1c00-0000-6de4-c42096140000 pid=5270 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=64b92937-1c00-0000-6de4-c42096140000 pid=5270 execve guuid=d8387f37-1c00-0000-6de4-c42097140000 pid=5271 /usr/bin/dash guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=d8387f37-1c00-0000-6de4-c42097140000 pid=5271 clone guuid=08a12238-1c00-0000-6de4-c42099140000 pid=5273 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=08a12238-1c00-0000-6de4-c42099140000 pid=5273 execve guuid=e36f88be-1c00-0000-6de4-c420ac140000 pid=5292 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=e36f88be-1c00-0000-6de4-c420ac140000 pid=5292 execve guuid=61f805bf-1c00-0000-6de4-c420ad140000 pid=5293 /home/sandbox/csk_x86 net guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=61f805bf-1c00-0000-6de4-c420ad140000 pid=5293 execve guuid=7c7e61bf-1c00-0000-6de4-c420af140000 pid=5295 /usr/bin/wget net send-data write-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=7c7e61bf-1c00-0000-6de4-c420af140000 pid=5295 execve guuid=8310110a-1d00-0000-6de4-c420b2140000 pid=5298 /usr/bin/chmod guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=8310110a-1d00-0000-6de4-c420b2140000 pid=5298 execve guuid=928f950a-1d00-0000-6de4-c420b3140000 pid=5299 /home/sandbox/csk_x86_64 net guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=928f950a-1d00-0000-6de4-c420b3140000 pid=5299 execve guuid=935fd30a-1d00-0000-6de4-c420b6140000 pid=5302 /usr/bin/rm delete-file guuid=0b6abefa-1800-0000-6de4-c4208e110000 pid=4494->guuid=935fd30a-1d00-0000-6de4-c420b6140000 pid=5302 execve 1620c7c4-e93d-516f-a8e7-a70e9d4dc287 14.225.20.10:80 guuid=7af7f1fa-1800-0000-6de4-c4208f110000 pid=4495->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 134B guuid=2c1fab72-1900-0000-6de4-c42094120000 pid=4756->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=ab8f9ab3-1900-0000-6de4-c42022130000 pid=4898->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=6ac48e0f-1a00-0000-6de4-c420ef130000 pid=5103->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=72dc76a8-1a00-0000-6de4-c42070140000 pid=5232->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=01bf19f4-1a00-0000-6de4-c42074140000 pid=5236->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=54ba0b40-1b00-0000-6de4-c4207f140000 pid=5247->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 135B guuid=936ccf9f-1b00-0000-6de4-c42083140000 pid=5251->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 134B guuid=2df622ec-1b00-0000-6de4-c42087140000 pid=5255->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 134B guuid=08a12238-1c00-0000-6de4-c42099140000 pid=5273->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 134B e22a25d0-6c98-5792-9e9c-b205c3cd098e 46.3.112.9:53 guuid=61f805bf-1c00-0000-6de4-c420ad140000 pid=5293->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294 /home/sandbox/csk_x86 dns net send-data zombie guuid=61f805bf-1c00-0000-6de4-c420ad140000 pid=5293->guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294 clone guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294->e22a25d0-6c98-5792-9e9c-b205c3cd098e con 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B fa89e68f-2ccc-502f-b4db-42649241c9fb xoclo.fordvungtau.com.vn:55555 guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294->fa89e68f-2ccc-502f-b4db-42649241c9fb send: 13B guuid=31f86cbf-1c00-0000-6de4-c420b0140000 pid=5296 /home/sandbox/csk_x86 guuid=278b53bf-1c00-0000-6de4-c420ae140000 pid=5294->guuid=31f86cbf-1c00-0000-6de4-c420b0140000 pid=5296 clone guuid=7c7e61bf-1c00-0000-6de4-c420af140000 pid=5295->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 137B guuid=ada57cbf-1c00-0000-6de4-c420b1140000 pid=5297 /home/sandbox/csk_x86 guuid=31f86cbf-1c00-0000-6de4-c420b0140000 pid=5296->guuid=ada57cbf-1c00-0000-6de4-c420b1140000 pid=5297 clone guuid=ee0dd640-2000-0000-6de4-c420b8140000 pid=5304 /home/sandbox/csk_x86 guuid=31f86cbf-1c00-0000-6de4-c420b0140000 pid=5296->guuid=ee0dd640-2000-0000-6de4-c420b8140000 pid=5304 clone guuid=776523c2-2300-0000-6de4-c420ba140000 pid=5306 /home/sandbox/csk_x86 guuid=31f86cbf-1c00-0000-6de4-c420b0140000 pid=5296->guuid=776523c2-2300-0000-6de4-c420ba140000 pid=5306 clone guuid=928f950a-1d00-0000-6de4-c420b3140000 pid=5299->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300 /home/sandbox/csk_x86_64 dns net send-data zombie guuid=928f950a-1d00-0000-6de4-c420b3140000 pid=5299->guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300 clone guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300->fa89e68f-2ccc-502f-b4db-42649241c9fb send: 13B guuid=bc93d20a-1d00-0000-6de4-c420b5140000 pid=5301 /home/sandbox/csk_x86_64 guuid=58b3bd0a-1d00-0000-6de4-c420b4140000 pid=5300->guuid=bc93d20a-1d00-0000-6de4-c420b5140000 pid=5301 clone guuid=8ebfe20a-1d00-0000-6de4-c420b7140000 pid=5303 /home/sandbox/csk_x86_64 guuid=bc93d20a-1d00-0000-6de4-c420b5140000 pid=5301->guuid=8ebfe20a-1d00-0000-6de4-c420b7140000 pid=5303 clone guuid=a82eac89-2000-0000-6de4-c420b9140000 pid=5305 /home/sandbox/csk_x86_64 guuid=bc93d20a-1d00-0000-6de4-c420b5140000 pid=5301->guuid=a82eac89-2000-0000-6de4-c420b9140000 pid=5305 clone guuid=46b27208-2400-0000-6de4-c420bb140000 pid=5307 /home/sandbox/csk_x86_64 guuid=bc93d20a-1d00-0000-6de4-c420b5140000 pid=5301->guuid=46b27208-2400-0000-6de4-c420bb140000 pid=5307 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83/
Verdict:
Malicious
Threat:
Backdoor.Linux.Mirai
Link:
https://tip.neiki.dev/file/1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-01-07 15:35:19 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=douwykqzgcnib257dxb7skybzfqbik5lsvwswq6kxvnrvasgbobq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260107-szvlmaaz5b/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1ba96c2a19309a80ebbf1dc3f92b01c960142bab956d2b43cabd5b1a82460b83

(this sample)

Mirai

elf 3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e

  
URLhaus
https://urlhaus.abuse.ch/url/3660301/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a24271cc9adeea9bbb5cf657542c6cf7
  
Dropping
SHA256 3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e

Comments