MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828
SHA3-384 hash: fca783a7659a5366658662158bb855ede0cc8acfcb111f211ceb79a2f909d8dd6c80437d9c479042ba5e571842a7a01c
SHA1 hash: 5906efa26c32078cfd0705d60deb95f63ea58f0f
MD5 hash: 46b93daddf1ecac2229de53036bc6c39
humanhash: ceiling-uniform-asparagus-sixteen
File name:lil.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:961 bytes
First seen:2025-04-01 16:36:45 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:A5WejSWWI204SWgSWSSWRSWJHQSWvoSWbzSWASWiSWXmSWmv:gfjS6Z4SlS3S6SIQSioSOzSZSZSFSLv
TLSH T17C11308E5172B0018B94DF103192DAC9A119C3C1B6555F6AFE992FB6EAC4A0078BDF4A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.201:8080/bejv86398dee1e2b95913ce168d5f5e8b5e297fd076ea23cdf741fb128b23fe533cf77 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/weje6498a1fb8e1286c1f2ac2fadbb5f70b88eb1951756459ce4c34e7212248ae87193 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rrrdsld2e47ce08383edf9a149066c6ba9251dd6693309a4deee21b1c82684dea1e372 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/jfeeps70cbf441b22213e9f00d5018574ff0f07f078a4c1b937b26acdbd9fde22050f5 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/drea4ba09b38de6fdc0070a5de7936d38d91b4bf5f7ae7946c742ab540f39a5797e51 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vejfa56745dcd40d1713b1600ca407b521ea93d06e6149b22bc7664f86dd642a1f3a69 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efea69ee8890752bdb16935d0cc7e392d79ab9ae03ff2da2b7ca8eac9ee1d9d8f2704 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efefa7eeaa3a16026a21071a0ee3d9d50d007bd651c415084ae04ac09f8badc510cba1 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/eehah429fe29d299360cb012648b21347f4e811634c5ce45401d7879c93b2ae795d781 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/rjfe6868e2c4eeecb718f448c67a284cb4bcdb05e069dc57edfa7151394ae9f8510d2e3 Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/vjwe68k5a6aee063f958111c044bfaf10110f55cbaa8bdab7e8bd2e6384e8b34dd711fc Miraielf geofenced mirai ua-wget USA
http://176.65.134.201:8080/efjepcedc3727bdbeea2c6bbee75ce8683dc5834253016056ad44a0885b29201b0a64e Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.683.26219.6800.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ec18f3855e5ec5240ba9c2linux22vpnfull_triage
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67ec1646631830704a8d6b9b/reports/dc19edf5-80cb-41a3-a1f4-2a5c4243c422/overview
Result
Verdict:
UNKNOWN
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-03-30 14:46:37 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gy3g7cp63iy5oa33tz4htarjvm7cqtdcbphdfrf4jg3r6tij7aua._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250401-t4wj6avl14/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 36366f89feda31d7037b9e78798229ab3e284c620bce32c4bc49b71f4d09f828

(this sample)

Mirai

elf 398dee1e2b95913ce168d5f5e8b5e297fd076ea23cdf741fb128b23fe533cf77

  
URLhaus
https://urlhaus.abuse.ch/url/3498282/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c359501b5be22c3a52f08e76e0f0e0af
  
Dropping
SHA256 398dee1e2b95913ce168d5f5e8b5e297fd076ea23cdf741fb128b23fe533cf77

Comments