MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4
SHA3-384 hash: a3fbdcc35badd3278a8b3df5b20b4a2173747b8d5337e7f9f7607a3f4cfae97c9d5d4c470e7db55c0c13c272f2d5f695
SHA1 hash: cac7b41c8b7d67f127673da79d4e21ec261f6fa7
MD5 hash: f326b5185f1671a67f4de9d9e7738b92
humanhash: virginia-delaware-blossom-social
File name:jack5tr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'976 bytes
First seen:2026-02-25 20:44:09 UTC
Last seen:2026-02-26 07:47:59 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vryd/sd/sg/szld/s7ZM/sXG/sHDD/s9IHZ/sJ/s7h/so/s+/sbyeH:vGGGnRG7tXREWHK62PJF
TLSH T14B41C4CA27D16435ACB69973F3BA0614358098C914F06E445AFD78F854ACD24BDD4EC3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.116.52.44/x86c3ef7574153f0c3bf9dd4d75f4526b2f1600e7163c312eebc31090b2546dafcb Miraielf ua-wget
http://103.116.52.44/mipsb3a24cb6355026c0a5c8d0516bc9bfb0ece76a4870958277df2fd6aebcf97476 Miraielf ua-wget
http://103.116.52.44/arcn/an/aelf ua-wget
http://103.116.52.44/x86_6461a093eba0b6f69662b6c385ebbb3566f483d90a1000f27cc62674fa1cb67bc4 Miraielf ua-wget
http://103.116.52.44/mpsl035d44ff97ce79ee9847878983532ff0343188ab6c48e16b21a69ed154984f52 Miraielf ua-wget
http://103.116.52.44/arm4004df497ed5b01618e4cc6ae8004532f25418b116837f6df31cb73d4cd173b4 Miraielf ua-wget
http://103.116.52.44/arm57cdf9b7eb8e2e7d3348c078254983128382e292b94fc93ddc34ec57ff171b506 Miraielf ua-wget
http://103.116.52.44/arm660e246f7766e7a1cd0d9dd64af84c5510fdbd978377bb860909ee272f5a904cd Miraielf ua-wget
http://103.116.52.44/arm730c0498fd35cef1aff07d42d50219be22124dcf39eee05fa603f8cd1cdf6ed0f Miraielf ua-wget
http://103.116.52.44/ppc93d61719977e8fa9079eb13a5e3d6d15c0cce2a5209fbbb40c07433d5c9665f9 Miraielf ua-wget
http://103.116.52.44/spc268ca9e3b4cc912a7e177ff52c711398af1d926c31b28ba303ed72be15de1d45 Miraielf ua-wget
http://103.116.52.44/m68k176038a6d13f6de54a869aae84110b837d50f10439bbb4cd4041c4ef7e1a1797 Miraielf ua-wget
http://103.116.52.44/sh4284beacfb87f61dc15d3558bab24ffc9a07181d7345295f58e79080610452605 Miraielf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
55
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/699f5f2697feb4afd65af57f/reports/e0c06e77-e140-4492-89f1-1b89e00af6f1/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-02-25 20:44:24 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eo2kwnk2jbolp5rg6xq7dc6xlauipzb42uorznejtm4zgokw37ca._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260225-zja1lsfs6b/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (413889) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
botnet.domain.com
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 23b4ab355a485cb7f626f5e1f18bd7582887e43cd51d1cb4899b39933956dfc4

(this sample)

Mirai

elf c3ef7574153f0c3bf9dd4d75f4526b2f1600e7163c312eebc31090b2546dafcb

  
URLhaus
https://urlhaus.abuse.ch/url/3779631/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8076e5367e53a39c5b29585367850e4b
  
Dropping
SHA256 c3ef7574153f0c3bf9dd4d75f4526b2f1600e7163c312eebc31090b2546dafcb

Comments