MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46
SHA3-384 hash: 5e972c20790f5e809ee730fa15b6c08ae5f3cb64d370b4ddacec728108a45f534755c3d74c34c34c35f1bf33338d8fc6
SHA1 hash: fab8562ee856c7aa665d54c5e4135908d7b1626b
MD5 hash: aba76bad8ab0e1818f993a1fc1c92562
humanhash: green-skylark-moon-hot
File name:jack5tr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'976 bytes
First seen:2025-06-21 19:51:27 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vfyd/sN/sk/s7ld/s8anlM/syWfG/sPzD/sFMHZ/sJ/szh/sgsk/s2w6/sDieH:vKG2z5GzB7RcCHK6egsz2w9F
TLSH T1134154CE21B147712CA6DD6BF3BE051C7581988518D0EED45CEC79FC648CF047194A43
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.20.102.84/x86ce6595654dcd1cf8e6802e0538b82d06a3c44ec488bcf9e3331bc74bad6ad017 Miraicensys elf mirai ua-wget
http://103.20.102.84/mips1696726d9e61fdb92483cd792fe78121f10e6f46489fce7e78f975cc132d10cf Miraicensys elf mirai ua-wget
http://103.20.102.84/arcn/an/an/a
http://103.20.102.84/x86_649e892c7701dabb3f4f898ecf9b49c764fa217d0510776a1c79f73034445905f6 Miraicensys elf mirai ua-wget
http://103.20.102.84/mpsl04d9d3b365ade8ea025dc8e7bb3dc5624ea89185435263b00cb96d238cf76ba2 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm2a1784fe8e62a215af8edbf16a1be72eb97436e5b314014fc67c69e063f82628 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm5718c9d1905c62a6fed982fb0d52366417cc88c50482d924d8521c62c0cf01eba Miraicensys elf mirai ua-wget
http://103.20.102.84/arm6b78a40c5cfe60dac573574bc6d166596fe6053f24646bbf65468d8272bf82f90 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm7ed3f02939036caf9222d47af47e32a1cab1d8fb3e8614f0281f3e2bc768f444b Miraicensys DEU elf geofenced mirai ua-wget
http://103.20.102.84/ppc00d5063c4ed84d4fd055d039da489c07e0cd10f9f7c52332cd2b5695145ffe3b Miraicensys elf mirai ua-wget
http://103.20.102.84/spcae7f4dd7ff7cc7f64216b92e26366797247a61e47e0524433284613304b14e78 Miraicensys elf mirai ua-wget
http://103.20.102.84/m68ka1b3a375a2a86d3ca87efb0ad6821d48958b020ca2240440f091a67441d6ae0b Miraicensys elf mirai ua-wget
http://103.20.102.84/sh480f711fa14fe135a23c1d31064d83545f41f3df1e0c8c88ec0442ec7b8eb9d34 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68570d4d32ed47a3a8d67413linux22vpnfull_triage
Tags:
mirai ddos
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-06-21 19:52:31 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcht7anjz7344gq7lqowqezj3qgrg5fecv2zxjsn3maodupvjnda._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250621-yk4hwack7v/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (165731) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
mdnsucchim.ddns.net
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 388f3f81a9cff7ce1a1f5c1d681329dc0d1374a415759ba64ddb00e1d1f54b46

(this sample)

Mirai

elf 761263114964e351708bd3eb11b19cfece37ec9fbc997d71fb44824e022a445e

  
URLhaus
https://urlhaus.abuse.ch/url/3569010/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3569032/
  
Dropping
MD5 e55d1b3ea5a432abbf2dc9229da3378d
  
Dropping
SHA256 761263114964e351708bd3eb11b19cfece37ec9fbc997d71fb44824e022a445e

Comments