MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a
SHA3-384 hash: ca424c66c709151f03ad533b799ce94f3c8396208c55594f3fdbfac9725618cab346c9b490b595ea377f8538047f1fa6
SHA1 hash: 666e97517cb64e14ed827c72cff3bfc9f8548eca
MD5 hash: 53b52a8307640fd4aa0e995673924e82
humanhash: blossom-enemy-emma-speaker
File name:cnVu.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'693 bytes
First seen:2026-03-01 07:44:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:Dz5PgNIWZIKtGnGXFHIHzcFUPikBruuDVZny:hDGiQFUPBUuO
TLSH T1A3310197501CD7128654CFD7F378800CC46DB4D564E2EF7EDCBD0E6988AE0443966B81
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://143.20.185.72/Ymlucw/narma58a9eb3e8afefce649b9cb85ea28b4431f88137a8398b48eaf5987228d58431 Miraielf mirai ua-wget
http://143.20.185.72/Ymlucw/narm530944a7b2d6e2a5e9e355dd9de15b2acc5bc0cd9a2fe242c2466b933167f92df Miraielf ua-wget
http://143.20.185.72/Ymlucw/narm643d6401f53bcd6640e3594b223094a7154339a6b5efaf97e8bfa29ad94e8fc19 Miraielf ua-wget
http://143.20.185.72/Ymlucw/narm746937002aa9b7dda939f7c1bd8aae78764349b9b2e49598859bfee57a9938afe Miraielf ua-wget
http://143.20.185.72/Ymlucw/nm68k3787283def2912d151197b284336427025596f3acd9cd41e6271910b00f2affb Miraielf ua-wget
http://143.20.185.72/Ymlucw/nmipsadfc440947f2f3ee41d020dcdba02af9f7261d2b95e35a883a12d6e271f3518e Miraielf ua-wget
http://143.20.185.72/Ymlucw/nmpsla5485cfa9d017187e5bf027fbf787d6c6008d395c7bde646274b12b0c52d5cef Miraielf ua-wget
http://143.20.185.72/Ymlucw/nppca38fedf7b8d31c7085f96cfd654093c922ba5096e668daa7088568bbc4a206ac Miraielf ua-wget
http://143.20.185.72/Ymlucw/nppc44034105f259d7faab6a80130e9fbb1e457611422261b9265d2ca418202cecb16bf Miraielf ua-wget
http://143.20.185.72/Ymlucw/nsh4eb8b9c919cece229e8052ba0c3c8911da1a8a0fb3051c92e8450a65a5f00ba55 Miraielf ua-wget
http://143.20.185.72/Ymlucw/nx48667a962d5dde9abb6c589f1a9da633831505d299a1bac6d905f5f9c8d02304667 Miraielf ua-wget
http://143.20.185.72/Ymlucw/nx68611b569ca04e01c1da7072841712a399dbb15bc67b1d0f6cb6ff037de5b62a23f Miraielf ua-wget
http://143.20.185.72/Ymlucw/nx86d4e89c548f8d38d565e71ca39f9844b4f8dccdad655ddddcb332a1c1c394e89b Miraielf ua-wget
http://143.20.185.72/Ymlucw/nx86_6425164acf2c66b91aaae08639711e705759b25eef6f57f3c3b20def81c002bd2a Miraielf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/69a3ee97c58f45aa750fabe6/reports/a443b908-96fe-4810-bf29-60e10425bce3/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a
Threat name:
Script-Shell.Trojan.Geninst
Create hunting rule
Status:
Malicious
First seen:
2026-02-27 04:58:14 UTC
File Type:
Text (Shell)
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcwz2fmcz4vwy5a33b66npidvxzb7jgockbvq4cu7cvigg6u2ffa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260301-jll8nadv3e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 38ad9d1582cf2b6c741bd87de6bd03adf21fa4ce1283587054f8aa831bd4d14a

(this sample)

Mirai

elf a58a9eb3e8afefce649b9cb85ea28b4431f88137a8398b48eaf5987228d58431

  
URLhaus
https://urlhaus.abuse.ch/url/3787940/
  
Delivery method
Distributed via web download
  
Dropping
MD5 887c762e6d00c43b3ecc6ce91a9ce0a0
  
Dropping
SHA256 a58a9eb3e8afefce649b9cb85ea28b4431f88137a8398b48eaf5987228d58431

Comments