MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2
SHA3-384 hash:	25a2c162f12794bb8ddd0a3cd00fe53ae18138b0419a9ff47e069ff0c6822169722c4026cbd55f1c3ee5e6099e648a90
SHA1 hash:	9d046f42fb14be440a561827e8f3c87d716b37da
MD5 hash:	0599f734ecc5d30b8c22285722fae4e5
humanhash:	saturn-oven-early-cold
File name:	bins.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'034 bytes
First seen:	2025-10-19 20:41:17 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:nvoNQZNC4ifN+q+D+4+Etk+kl+/J3+C/+S+Vz+c+r/X:64E+q+D+4+E++kl+/h+E+S+N+c+L
TLSH	T1A211E7CD1020A33A0C8CED6EB57242252553D5E666620B39B7C428325684A5CFCF8F8D
Magika	shell
Reporter	juroots
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://192.142.10.111/d/xd.x86	1565b1d1021e463b4405a5a73408f52039651c0b8ff17a6ded591aad2012e5ef	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://192.142.10.111/d/xd.mips	1450edb85addb9d3b48f93b5350bf2fb22f980a569bf2400e6d1f0ed6125d790	Mirai	mirai opendir
http://192.142.10.111/d/xd.mpsl	a2d1925fc5c2e1c28ad5940c6ba68b8998cd4481c1ab909b29a4466333f7d974	Mirai	mirai opendir
http://192.142.10.111/d/xd.arm	435ca810ac4e8c89c3f15e4ce14025bc8016ec51e651cefd837bd57dcedcec4c	Mirai	mirai opendir
http://192.142.10.111/d/xd.arm5	n/a	n/a	opendir
http://192.142.10.111/d/xd.arm6	668903f42b20252c70ffab1c3c4888af899b2fb1548e1ac0f8d4b66e5a8b249a	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://192.142.10.111/d/xd.arm7	86dddfce5fd50817a1057781d87bfe7883978a06b4dd9b9e67e5559db253b358	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://192.142.10.111/d/xd.ppc	0813a3d8b8a7697e751e2d42e35738ca7b37311f36439371547f8d5eeb4853b8	Mirai	elf geofenced mirai opendir PowerPC ua-wget USA
http://192.142.10.111/d/xd.m68k	e6d33ead4aaa2a2bc31956b4a121b9ce3aaf81599528416d514a749ee2d9dd04	Mirai	elf geofenced m68k mirai opendir ua-wget USA
http://192.142.10.111/d/xd.sh4	n/a	n/a	opendir
http://192.142.10.111/d/xd.spc	n/a	n/a	opendir

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

no reply from clamd

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/68f54db311ff3db29f64015b/reports/c0c6b176-7bb8-4d4a-a0b0-fdb45e15f63b/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-19T18:49:00Z UTC

Last seen:

2025-10-19T21:39:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/fb9d5408-af7b-4aad-984e-f3bf07941d11

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2/

Threat name:

Win32.Trojan.Vigorf

Status:

Malicious

First seen:

2025-10-19 20:45:54 UTC

File Type:

Text (Shell)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lxvlixotxofx3mioqxt2sqnufdw6wji7ebf6lbezfukkerp7ipja._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251019-zja1lsynfs/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Reads system network configuration

UPX packed file

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (20294) amount of remote hosts

Creates a large amount of network flows

Mirai

Mirai family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.11

Link:

https://yomi.yoroi.company/submissions/5deab45dd3bb8b7db10e85e7a941b428edeb251f204be584992d14a245ff43d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.