MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650
SHA3-384 hash: da50096c008b9bc25dc07f9e9c0571d387e6b6e6ec00660aae5c54f77696ecf280d9cf52f58f91db5693a03d843f27ef
SHA1 hash: 01f133edfc71234d793a8d11ca7580d197b15f84
MD5 hash: 65d6f499200b2a9712a600acffd00d86
humanhash: freddie-bakerloo-nine-hotel
File name:iot.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:250 bytes
First seen:2025-09-17 15:17:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:GRFSdkCGN3zSICLKijLEYmC8SdoU7GBzSEyLTUW45XSdooBzSE8eU2QIPARFSd9e:SSta0LKi+SwIGXShHQxFSDdhanICTn
TLSH T171D05B8D61712FB18410EECC75674965510BC7CDF4581F1EE44888378098931F594FC7
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://64.188.8.180/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai ua-wget
http://64.188.8.180/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai ua-wget
http://64.188.8.180/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai ua-wget
http://64.188.8.180/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.8504.8963.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68cad1385ebd1d861ec4d037/reports/6243f0c6-b058-4928-87e2-33a0d62fffff/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-17T12:52:00Z UTC
Last seen:
2025-09-17T12:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/27caf343-fe70-40e1-a658-a0f075d8d2be
Behavior Graph:
Download SVG
%3 guuid=3c91c5d8-1900-0000-7ca4-6f547e0d0000 pid=3454 /usr/bin/sudo guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462 /tmp/sample.bin guuid=3c91c5d8-1900-0000-7ca4-6f547e0d0000 pid=3454->guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462 execve guuid=2ace9eda-1900-0000-7ca4-6f54870d0000 pid=3463 /usr/bin/wget net send-data write-file guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=2ace9eda-1900-0000-7ca4-6f54870d0000 pid=3463 execve guuid=ed41cef5-1900-0000-7ca4-6f54be0d0000 pid=3518 /usr/bin/chmod guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=ed41cef5-1900-0000-7ca4-6f54be0d0000 pid=3518 execve guuid=570925f6-1900-0000-7ca4-6f54c00d0000 pid=3520 /usr/bin/dash guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=570925f6-1900-0000-7ca4-6f54c00d0000 pid=3520 clone guuid=5472bff7-1900-0000-7ca4-6f54c60d0000 pid=3526 /usr/bin/wget net send-data write-file guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=5472bff7-1900-0000-7ca4-6f54c60d0000 pid=3526 execve guuid=45c3fc12-1a00-0000-7ca4-6f54010e0000 pid=3585 /usr/bin/chmod guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=45c3fc12-1a00-0000-7ca4-6f54010e0000 pid=3585 execve guuid=56d65613-1a00-0000-7ca4-6f54040e0000 pid=3588 /usr/bin/dash guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=56d65613-1a00-0000-7ca4-6f54040e0000 pid=3588 clone guuid=b508db13-1a00-0000-7ca4-6f54080e0000 pid=3592 /usr/bin/wget net send-data write-file guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=b508db13-1a00-0000-7ca4-6f54080e0000 pid=3592 execve guuid=11e2e22c-1a00-0000-7ca4-6f54500e0000 pid=3664 /usr/bin/chmod guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=11e2e22c-1a00-0000-7ca4-6f54500e0000 pid=3664 execve guuid=a28d5f2d-1a00-0000-7ca4-6f54510e0000 pid=3665 /usr/bin/dash guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=a28d5f2d-1a00-0000-7ca4-6f54510e0000 pid=3665 clone guuid=14d91f2e-1a00-0000-7ca4-6f54550e0000 pid=3669 /usr/bin/wget net send-data write-file guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=14d91f2e-1a00-0000-7ca4-6f54550e0000 pid=3669 execve guuid=9de9eb43-1a00-0000-7ca4-6f546f0e0000 pid=3695 /usr/bin/chmod guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=9de9eb43-1a00-0000-7ca4-6f546f0e0000 pid=3695 execve guuid=74b13044-1a00-0000-7ca4-6f54700e0000 pid=3696 /home/sandbox/x86 net guuid=91e766da-1900-0000-7ca4-6f54860d0000 pid=3462->guuid=74b13044-1a00-0000-7ca4-6f54700e0000 pid=3696 execve 8edd4ccf-0a06-5311-990b-64f0702ebcd6 64.188.8.180:80 guuid=2ace9eda-1900-0000-7ca4-6f54870d0000 pid=3463->8edd4ccf-0a06-5311-990b-64f0702ebcd6 send: 131B guuid=5472bff7-1900-0000-7ca4-6f54c60d0000 pid=3526->8edd4ccf-0a06-5311-990b-64f0702ebcd6 send: 131B guuid=b508db13-1a00-0000-7ca4-6f54080e0000 pid=3592->8edd4ccf-0a06-5311-990b-64f0702ebcd6 send: 131B guuid=14d91f2e-1a00-0000-7ca4-6f54550e0000 pid=3669->8edd4ccf-0a06-5311-990b-64f0702ebcd6 send: 130B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=74b13044-1a00-0000-7ca4-6f54700e0000 pid=3696->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dd7dca53-1a00-0000-7ca4-6f54ae0e0000 pid=3758 /home/sandbox/x86 guuid=74b13044-1a00-0000-7ca4-6f54700e0000 pid=3696->guuid=dd7dca53-1a00-0000-7ca4-6f54ae0e0000 pid=3758 clone guuid=6698d453-1a00-0000-7ca4-6f54af0e0000 pid=3759 /home/sandbox/x86 net send-data zombie guuid=74b13044-1a00-0000-7ca4-6f54700e0000 pid=3696->guuid=6698d453-1a00-0000-7ca4-6f54af0e0000 pid=3759 clone guuid=6698d453-1a00-0000-7ca4-6f54af0e0000 pid=3759->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=6698d453-1a00-0000-7ca4-6f54af0e0000 pid=3759->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-17 14:57:06 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eathwwbjy2pbwpsbydtzedeviijgxpgktdoufe36lqr5dtqhczia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250917-sph5va1xby/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 20267b5829c69e1b3e41c0e7920c9542126bbcca98dd42937e5c23d1ce071650

(this sample)

Mirai

elf 01b801099ef5f07ed95f7b8d9a88adbeefd3e28eef4b52f5d0a63f802ac4f04c

Mirai

elf 527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630

  
URLhaus
https://urlhaus.abuse.ch/url/3625676/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1f32b0c991c5792a99612ba4d577d7d8
  
Dropping
SHA256 527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630

Comments