MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa
SHA3-384 hash: a2fd3f4673e88ac5af9adfe107381fbe2ef93dd83ccd7c96702ba234e09ad0ff20d741c4f92b681634ff62a3a89ddd24
SHA1 hash: 557a7b44d7024971da1ed2b15ca2149657c498fb
MD5 hash: 5e9d65c17bc900d4574d9c9a5c08adcf
humanhash: jersey-stream-east-bulldog
File name:sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'432 bytes
First seen:2026-05-25 16:52:24 UTC
Last seen:2026-05-25 19:14:52 UTC
File type: sh
MIME type:text/plain
ssdeep 24:vPPuwy7wLNIW6wEzKwwgBw9HvYwAyWjwBMKPhyiLNIW1EzKTgo9HHjAyWaBMA:XqGAzPuHFNjIMaz5oHnbl
TLSH T1492129AD5C32D4FB9E099A41B1636406D14FE0F55378C228E8490D23A4AFF316D26AF9
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://85.239.151.41/gbhnj.armd7e7a36a49d4f9dc77413f69310c572c09523167e45d6ad0de0a2d449a28cd7d Miraiarm elf mirai opendir ua-wget
http://85.239.151.41/gbhnj.arm5ede275f0c055a98c48b1c89ad5df875296136b4472659ca74f68137b986c60e0 Miraiarm elf mirai opendir ua-wget
http://85.239.151.41/gbhnj.arm64002173ecdb571c78392c5d7f541d29da96b2b5e439b506b1524975b69eb7e7e Miraiarm elf mirai opendir ua-wget
http://85.239.151.41/gbhnj.arm7599163df3c7bfa0e5495a557fab7e27ae27f701d500c7a0d3e641c0a5d39b56d Miraiarm elf mirai opendir ua-wget
http://85.239.151.41/gbhnj.mips23569d2456ed3c7b435647eaa5ac12aa797eba408cbfbca57d5f61af45d713eb Miraielf mips mirai opendir ua-wget
http://85.239.151.41/gbhnj.mpsl513574a81074cd82b3a9f87d0c8c4fb2a4c99f4db44e14b1f4fa8413f2ad0577 Miraielf mips mirai opendir ua-wget
http://85.239.151.41/gbhnj.x86bdfb82c74f3b88c66a03c49e53eb74117025fab26adceffe483019973dd2f619 Miraielf mirai opendir ua-wget x86
http://85.239.151.41/gbhnj.arcb35229df8a3fa6327897e9269db8e7e59bfe9cea7e6f11eeb32a3d6decf1c937 Miraiarc elf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
108
# of downloads :
11
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a14a007861ee596e64b2ac2/reports/6bcb0ccd-0b63-4ff6-a73b-65094f981163/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-05-25T14:11:00Z UTC
Last seen:
2026-05-27T01:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-05-25 18:36:49 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hspcjulyugsuf435pmpeys2notx7icjjxvac5uagxbksgv7mykva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260525-xyzleahy8w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3c9e24d178a1a542f37d7b1e4c4b4d74eff40929bd402ed006b8552357ecc2aa

(this sample)

Mirai

elf d7e7a36a49d4f9dc77413f69310c572c09523167e45d6ad0de0a2d449a28cd7d

  
URLhaus
https://urlhaus.abuse.ch/url/3852981/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3dc77c4ec6c029c58c4a27d5efe5183a
  
Dropping
SHA256 d7e7a36a49d4f9dc77413f69310c572c09523167e45d6ad0de0a2d449a28cd7d

Comments