MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70
SHA3-384 hash: 0cab41ee53dcbfb80dceec590bfcbe0ab2d06ba50359af6a6472842af1497bde988b774ebc19020e3b31f02494eb7583
SHA1 hash: 9894bf52ba5ca68212926a3feac26a961fb0e940
MD5 hash: 8eb345749d53d5ae47c618a4602c614d
humanhash: blossom-potato-butter-saturn
File name:payload.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'243 bytes
First seen:2025-08-14 12:35:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:oAXE7AyIAYB2AWq61AezUA268TA8UAdyAKRWKRhRTAkeAtqN:oAXaAyIAYB2AZ61AezUA268TA8UAdyA3
TLSH T10821EECD3011A651D733D9963A7AE584D29AC9E173C63F1294F40BB2C8FB8147E16ED4
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.84.206/bot.i586dd7b5ff03e0c19d58e782af5018e74decc749a6aae2abdfbe206bb25bc957738 Miraielf geofenced mirai ua-wget USA x86
http://87.121.84.206/bot.x86_64bee859c845b6173792e6a4bf1ee022d07c2961ce4b24f476467ae8a8e829ba33 Miraielf geofenced mirai ua-wget USA x86
http://87.121.84.206/bot.armv7l3d2197fffcf40449c05f9b4dbd995534d8ea7d0954dcae563322ccbf67929352 Miraiarm elf geofenced mirai ua-wget USA
http://87.121.84.206/bot.armv6ldc1af8891eb57e666c9f557eda3e13437bfba6318f57f9b5f804d2572a9ba625 Miraiarm elf geofenced mirai ua-wget USA
http://87.121.84.206/bot.armv5ldf317ed945c90663d3f8f09a4635bf32b0be6541290ecba00f652e5dfddfa2ed Miraiarm elf geofenced mirai ua-wget USA
http://87.121.84.206/bot.armv4ldd45aee965195b4619ffda8983139257b8f0fb64cf0203091ebac1f47350b3f2 Miraiarm elf geofenced mirai ua-wget USA
http://87.121.84.206/bot.mipsd86af0078d1a699458ae413e37d63e282afd0baf901a6301df94f298b08a9c57 Miraielf geofenced mips mirai ua-wget USA
http://87.121.84.206/bot.mipsel062cd9129c330fc60df4e3309111e1880d6ec7f42bb9f6ed9e726594c2fd31b9 Miraielf geofenced mips mirai ua-wget USA
http://87.121.84.206/bot.powerpc535487e33529e06bb242110e92ccfe5a28d6bf6dbe8e219bfd5a61447555bcf8 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://87.121.84.206/bot.sparcn/an/aelf ua-wget
http://87.121.84.206/bot.sh4d3e525108eb28977ee90502585c6d5c8d7d8714c3834c3be8b90dec9eef6eefc Miraielf geofenced mirai SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-13 23:37:47 UTC
File Type:
Text (Shell)
AV detection:
20 of 38 (52.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2ftld4sy7njpoc5bsbmbam3anhxrmaplp4qim7jpnuhrt2tvzya._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250814-pssa5sgn3w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3e8b358f92c7da97b85d0c82c0819b034f78b00f5bf90433e97b6878cf53ae70

(this sample)

Mirai

elf dd7b5ff03e0c19d58e782af5018e74decc749a6aae2abdfbe206bb25bc957738

  
URLhaus
https://urlhaus.abuse.ch/url/3602426/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c58247f2135b420c8fb1cebb7e0d4489
  
Dropping
SHA256 dd7b5ff03e0c19d58e782af5018e74decc749a6aae2abdfbe206bb25bc957738

Comments