MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e
SHA3-384 hash: f86469f452f480cea574a565b0def2991e8f86197a9e4e16f0948a2ba55ba747717fd93b4847c983e533209227a18721
SHA1 hash: b94dc3d5186d63266e9a4c18fcd2483430d78aea
MD5 hash: cbeaf840fe4661cb8e5585cc0c7c2941
humanhash: gee-november-romeo-salami
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'329 bytes
First seen:2025-10-31 22:05:15 UTC
Last seen:2025-11-02 09:58:43 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 192:kD3mBNkOBqYBp83rQC12MGk7sSagnA+bPOZ1bPOZ1CofI2dNwD/8Gpig2Ur8CpxA:kD3mBNkOBqYBp83rQC12MGk7sSagnA+z
TLSH T167D112F2B4C552BCDD9FC87A51642A7E118AB98B2A874D6487ED30657C89FCC1C419C3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x867d8febf72bd844795811c7fc98a0496dc63af1118467d837eaa1e47a13003182 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips8e6a37e26a72c4a2c451b9938b0f66467ea271c918ef359131b14fd42d6d933a Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc9906c6ccd68bdb2c306d6d90440d207495b9dca577723687a8f0724b8d77594a Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468n/an/aelf ua-wget
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686578b4937c28b8aeb6a4b5323d0bfdacfdb8697ba604eceb7d8f6f4fd48b4f790 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64b179ff392e82667bbecb7b0c7f56d85a66e0fe83a69c2cae5b7233a048a34626 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl1c1599838f97d75f99c21c4679b0f085c181ab6e5c827e0a6eec65bc3a28c7e5 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.armc60143fa2406fb490a086d3e4aa8c1bacf2a9678b15b8ba99b6b8586ae39ac08 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm59d669dcd3c4d00d50d102773bd5c7bda0c0ea56decf72c9cff0396ff36f98631 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm651dd12bbbf1a36de44c8ce4526e07a53b2f2c4bfaf4f5c370d97031d63ebb73e Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7ee4603bf1238cbbd00921cb6fdeef95a807fa83c3fe9df41956d7d62befec0b2 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc60733f6e07a9f75a816e04f6146f32b0f3f8c4cbf5a74b1e23b38315f9e5709b Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spcea7ec3d15b2f889f69141464e4d804e2a877e402ee5c7e17461bc6ede61d97f6 Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68kb4c096086786170dce3e416819bdc21ed440688d35e1845c90a5cf022c55f16a Miraimirai opendir
http://89.37.185.18/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh47e8fd2b5ffe3854f31e4e2d12e230a93fc3eefa4198b53aef43d4e52495f3708 Miraimirai opendir

Intelligence

File Origin
# of uploads :
3
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-31T19:21:00Z UTC
Last seen:
2025-11-02T04:39:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-31 22:08:36 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ecnywknzqpok2jz4suhmjrwxzjk77jvgoy75rb6yqg7etwr2z47a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251031-14ttwszngl/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
Deletes log files
Enumerates running processes
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
ewwfwedd.ooguy.com
adsdadadad.ddnsgeek.com
asdkdakd.kozow.com
1saadqdwdqd.camdvr.org
sdsksdkldsd.accesscam.org
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/209b8b29b983/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 209b8b29b983dcad273c950ec4c6d7ca55ffa6a6763fd887d881be49da3acf3e

(this sample)

Mirai

elf 90f0383b7cc582f86f382f49b1f70deda1efe6aadf304c9e42540a191955a11b

Mirai

elf 7d8febf72bd844795811c7fc98a0496dc63af1118467d837eaa1e47a13003182

  
URLhaus
https://urlhaus.abuse.ch/url/3692377/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1f9e8b59dad3f092fa5a1d7bff250afd
  
Dropping
SHA256 7d8febf72bd844795811c7fc98a0496dc63af1118467d837eaa1e47a13003182
  
URLhaus
https://urlhaus.abuse.ch/url/3693132/
  
URLhaus
https://urlhaus.abuse.ch/url/3693136/
  
URLhaus
https://urlhaus.abuse.ch/url/3693140/
  
URLhaus
https://urlhaus.abuse.ch/url/3693157/
  
URLhaus
https://urlhaus.abuse.ch/url/3693163/
  
URLhaus
https://urlhaus.abuse.ch/url/3693168/

Comments