MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3
SHA3-384 hash:	4d605fb04266750f858a7be19d01e9d53d22366285dfd22dce18944dae54545fe8da9c86855fcf81282b38140acb8203
SHA1 hash:	877000c837842c5f247eba608925fbe6b10cd362
MD5 hash:	a676e9d696d8d2db0eda1fba0f93ad7b
humanhash:	bluebird-zebra-three-yellow
File name:	cat.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'692 bytes
First seen:	2025-07-21 16:55:33 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:ofmdtioNaKE6bODOMkTfwf1J1at1vLB6jt577ZhZLBSCBwVKSuAFyhyZCe:ofqpFUDRP8ejtxZhZBy
TLSH	T1373142CD71E09153E540CE10F271454FB3AF6EC9A2B48E20E4833C2AD49A952FC3DAA7
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://89.116.20.194:81/x86_64	e25cb6a0329ab4129928491c960a9b6c42f42cf3bb6d1b89485217dd6f7d705a	Mirai	elf mirai ua-wget
http://89.116.20.194:81/aarch64	148368c139656907c8f6b266d81bcdc3b3319441f9988e9ef0f6e3350e726e59	Mirai	elf mirai ua-wget
http://89.116.20.194:81/m68k	7530b99c41379554d302646138d991d40ad2ffff31bceaf04493745bb1cde170	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mips	83bd516969f81d470c869f68fee62897f9da0ec9a278e60d8a0c0b45461e5eaa	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mipsel	a270f9fb39eb9caa67daf5557ef8f9c39e8dccdef8a60f41d34aec9b0ee251b7	Mirai	elf mirai ua-wget
http://89.116.20.194:81/powerpc	14a6adf2607a29cfeaff0e65612e1bfd5220c15bfb90edb3058cb6f5b9f61a06	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sparc	3c4d721eeb1a3ef68e983bcf20db27d01ded9a90eb12cb4ef358b89b4a1cc2ab	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sh4	42c8c3d999658ef740caabf3dbb91d3a6af70514740a7d36600e3dd4e001da48	Mirai	elf mirai ua-wget
http://89.116.20.194:81/arc	6862040c524ed7a5c79b2c2e64f194537b5fa38ed18c8cecbb60bbb4c7eb8b76	Mirai	elf mirai ua-wget
http://89.116.20.194:81/i486	796b967b81a51130d6f47328b2219861690c752be963d1a51be01595737a4f6d	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv4l	5ad2f330adc43117af5dba048185f94ebae7f4a49c89c04cb7263ec048534fec	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv5l	4f586b94ffdd1276d511378c0d2806ee203190b22c39065f236df3194ef9a66d	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv6l	2af131ebd0b08f6ee4fa518e41d5a513e8b16301d4a9e54e5da46680242703a5	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv7l	6f7a57d7a8935f0bfa58c74e65b796c27dff7608d7253d06ea00719fd06f6694	Mirai	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/0aee1e09-0169-4b97-bc01-9e6eb9368176

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3/

Verdict:

Malicious

Threat:

HEUR:Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3

Threat name:

Document-HTML.Trojan.Multiverze

Status:

Malicious

First seen:

2025-07-21 16:56:21 UTC

File Type:

Text (Shell)

AV detection:

12 of 23 (52.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=enl2pm2ykjwr5o73gk45x3jvgzcyesrk5tndc77vteigqjh2ssrq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion discovery linux persistence

Link:

https://tria.ge/reports/250721-vffdpscl9s/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Enumerates running processes

Modifies init.d

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.34

Link:

https://yomi.yoroi.company/submissions/2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2357a7b358526d1ebbfb32b9dbed353645824a2aecda317ff599106824fa94a3

(this sample)

Mirai

elf d9620dcfc4f10d7df37fe6a305bbfb0c8cd638e9665dee16e887eb8e1cccf670

URLhaus

https://urlhaus.abuse.ch/url/3586951/

Delivery method

Distributed via web download

Dropping

MD5 ed0faf89fa4d35bcf00539583fa8475e

Dropping

SHA256 d9620dcfc4f10d7df37fe6a305bbfb0c8cd638e9665dee16e887eb8e1cccf670

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample