MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea382e20ccd7f1909e432fecf9ce41594a3a49e9a1a692433a982d2a778312b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash: 2ea382e20ccd7f1909e432fecf9ce41594a3a49e9a1a692433a982d2a778312b
SHA3-384 hash: 50296f5edbffa76409fe1a5db8b4905e7fc69cfa143dc2770f071064cae288be1c30aa14ff807fb78e5eea6d8371c639
SHA1 hash: 5632776e1f14abdeb2cf348e14fc5c47e3e224c7
MD5 hash: 837e17f7f0c271785f3cec21142334e2
humanhash: florida-march-saturn-avocado
File name:adb.sh
Download: download sample
Signature Mirai
File size:1'914 bytes
First seen:2026-06-22 04:47:29 UTC
Last seen:2026-06-22 22:31:40 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:a7l1WcWh0GOlQVUR/Th/TG0vHV1EwkjrWxKZdFx3tnIEucsn:a7fWVh0GOlQVUR/l/awHV1E5jrWxKZd+
TLSH T11C410BD6200107E64F1BCD68FEAA5CDD460E41EEB25B8675CBC0C829F85C6283CB5A86
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://64.89.162.139/nz/nz.x86c544eee59638d1d3441f2626e2023dfc92c7c44ed88bdb08bef0ea097eb8728f Miraielf mirai opendir ua-wget x86
http://64.89.162.139/nz/nz.mipsecd77437663c82b46b518c398a5dbe2c41c132822aa1d1a6c0fa8b3a94e32707 Miraielf mips mirai opendir ua-wget
http://64.89.162.139/nz/nz.arcb6879f66c164afdb98d084b660bcf9e2297d70c1fe616007da9538f5d48cd6b2 Miraiarc elf mirai opendir ua-wget
http://64.89.162.139/nz/nz.i468n/an/aelf ua-wget
http://64.89.162.139/nz/nz.i686e79f3b7ebc19d82946535e4521866d5658ef41111c9bc162330c470b19680877 Miraielf mirai opendir ua-wget x86
http://64.89.162.139/nz/nz.x86_64800ffd8e69478a788f8c22cb7b7968e63ab7b460d6d88fdab8a9f5d49766efcf Miraielf mirai opendir ua-wget x86
http://64.89.162.139/nz/nz.mpsl416cb81120c61d0727cd1920a83513c3c46b5e36dac19db7b2137a5024730bc4 Miraielf mips mirai opendir ua-wget
http://64.89.162.139/nz/nz.arm7b81b5ac951a02eefd5e0e401aabc2bb463365ed69dbd862c719bcb28646b33e Miraiarm elf mirai opendir ua-wget
http://64.89.162.139/nz/nz.arm586279b40d44922be8ab094828cd4a18bc74fbb8f45f0573bccc89890ae2f110f Miraiarm elf mirai opendir ua-wget
http://64.89.162.139/nz/nz.arm6bf24bb11d0dbdacf7e077a68f9db56e563a2c32287194f7c63c7f1a061aa177a Miraiarm elf mirai opendir ua-wget
http://64.89.162.139/nz/nz.arm758401f02567784b8db27ca0b0c2d01fc037c1b7c02ed269ce0d446eeda1aebbb Miraiarm elf mirai opendir ua-wget
http://64.89.162.139/nz/nz.ppc85d2eac1764a73f08fada318703215b8958d59226c7adb1832f15922f2ad3c2d Miraielf mirai opendir PowerPC ua-wget
http://64.89.162.139/nz/nz.spc0c5636e105c7572c4a64c6aef2564f67304f5d8c17b466d2ad7bc630d0a65956 Miraielf mirai opendir sparc ua-wget
http://64.89.162.139/nz/nz.m68k7ca44fd4dafbab0d887e95504b9ee69f0ba2b9fad8d9e656917557980d681532 Miraielf m68k mirai opendir ua-wget
http://64.89.162.139/nz/nz.sh4e8f4b4cd88fa898539e4ccc2c2de14df5bdc78b5e2dae1053725574169dfaa68 Miraielf mirai opendir SuperH ua-wget

Intelligence


File Origin
# of uploads :
2
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-22T01:54:00Z UTC
Last seen:
2026-06-23T23:27:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Threat name:
Linux.Trojan.Vigorf
Status:
Malicious
First seen:
2026-06-22 04:48:27 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2ea382e20ccd7f1909e432fecf9ce41594a3a49e9a1a692433a982d2a778312b

(this sample)

  
Delivery method
Distributed via web download

Comments