MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a
SHA3-384 hash: a13d0348b095bc2f3ad908408fb6980fc283bd8ccd881b27badfa2406cfd60bb0783e7f23c8c99a162e7874c5c17bc40
SHA1 hash: 04071febe2dc17e366a5967264c92ece56cb2e2d
MD5 hash: cc669ef227f5f5415e1b3899cbf63e97
humanhash: chicken-ink-oxygen-happy
File name:sensi.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'763 bytes
First seen:2025-09-22 12:04:05 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vEpUMiUemOKWUpXAUBUId3bU3UhUbmUGMn:vEpUrUeVKWUpXAUBUgrU3UhUaUtn
TLSH T1DC31A2CA60A3933E2D959B9771E88567B3D1D04A60FD6F01E9E87BA4C88CF103040E63
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://147.45.125.103/d/akido.x8672f6b497c68c8cfa36232ae83580136efcf26dd43093c120a37543862e124cc3 Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.mips4bba91c0ac5d035f6271cf07470727026e6fb90a3017628c5989b25aaca14c66 Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.mpsl3d2ab7162d99fd8950b63c63a4f13ebfebdf374e51d76e750378b64d269b1bda Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.arm4n/an/aelf ua-wget
http://147.45.125.103/d/akido.arm549591358d37d51b4ba21682890dcf60d95538bfcc5af9b178eef7111762906dd Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.arm621c5bb09886a944d07c704c841a179a0d60cc2cbfd24cc146bdbb12af3a102a7 Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.arm73341169ea1940dbe12ffbab89350299799f5b191b671a67c57d026eb9905945c Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.ppc359a8213195b92d258040c1f79b5241424fcb424f58f69ea8fe96fc2b31e649a Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.m68kf9605f2ba53a900bbd1761c45af1d13dd4be29fad12e612a0c1a22e39810387f Miraielf geofenced mirai opendir ua-wget USA
http://147.45.125.103/d/akido.sh440752037dd394b67b11fd14f03ab90025cf0a3814e4d0b4830a6c9352f49ca8a Miraielf geofenced mirai opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-22T03:20:00Z UTC
Last seen:
2025-09-22T03:20:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-09-22 09:04:16 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5f6lwdxoygavpyjsgbjqgjwo4xqyiwzo2wlwe2lfug463l24afa._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:mirai family:redline botnet:lzrd antivm botnet defense_evasion discovery infostealer linux upx
Link:
https://tria.ge/reports/250922-n8p1aabl7z/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads system network configuration
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (190926) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
RedLine
Redline family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/574be5d87776/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 574be5d877760c0abf099182981936772f0c22d976acbb134b2d0dcf6d7ae00a

(this sample)

Mirai

elf 72f6b497c68c8cfa36232ae83580136efcf26dd43093c120a37543862e124cc3

  
URLhaus
https://urlhaus.abuse.ch/url/3629022/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fb36195c4a9b6b1b99cd6b5ebda2ce76
  
Dropping
SHA256 72f6b497c68c8cfa36232ae83580136efcf26dd43093c120a37543862e124cc3

Comments