MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114
SHA3-384 hash: de1b4e30327c527669f262f2e48759b6b150ca9e28b167bb0b2e18589214eaf05deb1223a15f0be113dfa7d138d39cc6
SHA1 hash: 2f9e67dcfb929225871544c7c1384fa21ec06030
MD5 hash: ccd00817818f3824859c35979c9f4287
humanhash: cup-eighteen-july-saturn
File name:jack5tr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'223 bytes
First seen:2025-08-15 07:14:22 UTC
Last seen:2025-08-15 20:21:11 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v2JG69buPFapygG8/QGsRa/mzKSFoPqGeAIzs:v2JG69bauygGuQGsRa/m+SFoPqGeAIw
TLSH T1D541C4C6314205782CFA9AABF1B6091474A0D46620D4BFC04BDDBDE54C4DE9C3F89B46
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.170.123.154/main_x86a0ccf01085eb405c50b0c1a51f36985cd6eefad18af97457a6326a017330654e Miraicensys elf mirai ua-wget
http://103.170.123.154/main_mips3c6d6a22468987107d98c1451170e99fb92408ded879695922e1f03ff580c9d4 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_arcn/an/aelf ua-wget
http://103.170.123.154/main_x86_646385a8df2c6bf5402c4679201b81cdfd5b06446274fc52386f2495abf98da81f Miraicensys elf mirai ua-wget
http://103.170.123.154/main_mpsl6d90cbc1b7cc9c7eea03eadcf45c4364a35d3bea0ed3f720bbfa22f3347b5b18 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_arm5827d073fda589556e3376c5768171b6d25a7df4e94ad1e67d7dda7a7d17a7f6 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_arm5796b9fa1a7ccd4018b121908774b1fbd673efed969e170d599952c02527994d9 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_arm6a62b53404f8834fc0dc7e1e7a79fcbd1ae22031892cb13e5726c6492dc5d0f49 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_arm7399c0ffdb6bdc660f8b3694a618ad5b1ebe0ca20817ba5fc7b2662aa434ff817 Miraicensys elf mirai ua-wget
http://103.170.123.154/main_ppcfcf3b24fdfdb4accaf97252bf21989bfa350d2f126fece3f1d2f6b989dca029e Miraicensys elf mirai ua-wget
http://103.170.123.154/main_spcn/an/aelf ua-wget
http://103.170.123.154/main_m68k9995f6d2f8fdb21e6a615f3c41cb802dad1d381bba87a4d18e422eb3c016db0c Miraicensys elf mirai ua-wget
http://103.170.123.154/main_sh4c58938c52830eb07bdafc504064faaa6175b38a59b0a291b6ffc9750d9214a7e Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-08-15 07:14:33 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2vu47scmq5y55fszjbjvdzkzwgmubpfjfjnscjmiuq5ep6aweka._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250815-h294zsvj13/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Traces itself
Mirai
Mirai family
Malware Config
C2 Extraction:
botnetszx.duckdns.org
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 26ab4e7e42643b8ef4b2ca429a8f2acd8cca05e54952d9092c4521d23fc0b114

(this sample)

Mirai

elf a0ccf01085eb405c50b0c1a51f36985cd6eefad18af97457a6326a017330654e

  
URLhaus
https://urlhaus.abuse.ch/url/3604001/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3604003/
  
Dropping
MD5 9a1267c9a715bd23174914716e79b508
  
Dropping
SHA256 a0ccf01085eb405c50b0c1a51f36985cd6eefad18af97457a6326a017330654e

Comments