MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db
SHA3-384 hash: e301530a511350dabe8b12753537f5bbedebe1fe4318796b9e4b3cbb8ff786c118de985695665b76e1ce0460a1f7f909
SHA1 hash: 296e6c2635d73f80a4570572d7931142952f8445
MD5 hash: 1001553eb864669e320c3ddf28f9eb43
humanhash: eighteen-fillet-mars-maryland
File name:cat.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'680 bytes
First seen:2025-08-14 06:50:59 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:jcDu/4Z9kUGMffcf/za/ufUPZdswYgZCaMD929NQp:ivEmZr2N4y
TLSH T1D43144CDF361DED2C642CEA0B871D3C493AD96CA2A92CB34E44A1C69DC5E9407C35725
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.248.150.68:83/x86_64ba94cc3a52c4c22fd41d6560e76de38c9f4dc23556d08324e3a36636b207a83c Miraielf mirai ua-wget
http://87.248.150.68:83/aarch64eca06d83a2394126e886631634305ab4a5b4525c6fc62271c5574ea8b7208837 Miraielf mirai ua-wget
http://87.248.150.68:83/m68kc549ee8f3adcebf73cb210176052aab4cd89eb4cd935688dff2c01b03ed7d554 Miraielf mirai ua-wget
http://87.248.150.68:83/mips4c31553e32259787287f685cf90b661a41c6fca534cd2d3df2d8cbdfce98a7b2 Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:83/mipsel55a408bf4c1a1602404b7a14dc391da30c3ab5e3263f816ffa700a7e12ac5f6a Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:83/powerpc5f213d7a0b57184eab74100cf4696ad2cd9a96ca42a94f3d926654534f44ef78 Miraielf mirai ua-wget
http://87.248.150.68:83/sparca269ab4064e830d26775745e24c7bd1f365977ce7e6a4db5b6fa08955afc9a1c Miraielf mirai ua-wget
http://87.248.150.68:83/sh4a9464ea2abb53e2a67eb7c49daa39628909ba8e1d9134c245e29ad2fa81ed2ab Miraielf mirai ua-wget
http://87.248.150.68:83/arcb02922859b7879b3e17d89e0913dd525ceb241ec0601e89e015c35b7d1fd9ef4 Miraielf mirai ua-wget
http://87.248.150.68:83/i486a366d17645f3fbe651c3c14ec83b0027897a46cd5dc7ec24c62a0addf92b08c5 Miraielf mirai ua-wget
http://87.248.150.68:83/armv4ld49cd2aae04c2cdea6a236a1cda14a35107b69b4f767b65cd9349d7fa3bb4c8b Miraielf mirai ua-wget
http://87.248.150.68:83/armv5lfbf3fdd467d0d6f1ed08999e9bf419fb7a6bf20e160c891da9335f7f5b224a8c Miraielf mirai ua-wget
http://87.248.150.68:83/armv6l8db7282427298887b5b1d55f5d032d91531e969d2d0b484477f42153bd5c72f6 Miraielf mirai ua-wget
http://87.248.150.68:83/armv7l0ecda603c0897934aba4639459793e423d4f75f6af466f71327f72142a0ab8d4 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.683.14280.9407.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-14 00:04:04 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=edsc46nuicj4qmwgmxltehmjurowwwamlb3rxutzi4q6lajda3nq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
linux
Link:
https://tria.ge/reports/250814-hmsw6azkx6/
Behaviour
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 20e42e79b44093c832c665d7321d89a45d6b580c58771bd2794721e5812306db

(this sample)

Mirai

elf ba94cc3a52c4c22fd41d6560e76de38c9f4dc23556d08324e3a36636b207a83c

  
URLhaus
https://urlhaus.abuse.ch/url/3602375/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ea0334234022f7ebc1940c5cdb4a6d92
  
Dropping
SHA256 ba94cc3a52c4c22fd41d6560e76de38c9f4dc23556d08324e3a36636b207a83c
  
URLhaus
https://urlhaus.abuse.ch/url/3603025/
  
URLhaus
https://urlhaus.abuse.ch/url/3603031/

Comments