MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b
SHA3-384 hash: d5e4ebdf93542bf0f92969645e91debc43bcc577555437a7f4c637cd86913e9c7e7e3805d6f874e747562c10cd54739d
SHA1 hash: 8b21b72dd681f101f532c8c924c4ca5f6792e5ff
MD5 hash: f310519088a36f8fe9c3239eab612c0b
humanhash: grey-berlin-april-arizona
File name:tplink.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'063 bytes
First seen:2026-01-19 08:13:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:QvJXOpwf+AiJKpyjWKrvRrJ+WGW6fj1/1aXj0M0iSj0103/Kfj0LG0hNI2sj0yGk:QvZtw8gFw4ieXJS3if+PNI2snKbQ/
TLSH T10911D1DEE560537220E0CDDDF4A5CF06A86EABD961914E48FA992CB31828A107906F31
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://78.142.18.90/mips768548dd5e40c949ddabe8a4cc8a4c463430c4b30758038fc853b3b580b0733c Miraielf mirai ua-wget
http://78.142.18.90/mpsl9181646516e5fc9128d5684e66b11e2bbe2b6e86796fec60393f959cf0ad5530 Miraielf mirai ua-wget
http://78.142.18.90/arm4n/an/aelf ua-wget
http://78.142.18.90/arm5558f0e7d5a991ee5a50f85a1eeb250942ac84b558e354ce6cf995f4725104c25 Miraielf mirai ua-wget
http://78.142.18.90/arm6c4384f10c8cc66184cd22efa9216ab6eb874a0ae818da545ec5f973849f15978 Miraielf mirai ua-wget
http://78.142.18.90/arm751c7a5cda3f0a8bc79662e40cad7a9620220e98682b2794bbd59ff9de29fe407 Miraielf mirai ua-wget
http://78.142.18.90/x868543e8e70a896ece551db1f8b3320a0f8a36df12270b4b92efc6b034688d1193 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/696de7a7584f1963ad5b45ee/reports/52fcb6d8-d0b8-4064-b555-7b10985ab892/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/59fff53e-6045-4ca9-823e-fd768533e617
Behavior Graph:
Download SVG
%3 guuid=2df9d70b-1700-0000-8e75-1a56ce0e0000 pid=3790 /usr/bin/sudo guuid=fadcb90e-1700-0000-8e75-1a56db0e0000 pid=3803 /tmp/sample.bin guuid=2df9d70b-1700-0000-8e75-1a56ce0e0000 pid=3790->guuid=fadcb90e-1700-0000-8e75-1a56db0e0000 pid=3803 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-19 08:13:42 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3ss5wttjvwevvr4bivlowwr4idzncydlstsvt7pjx2ga2y3ou5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260119-j4ml5sdz7c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5ee52eda734d6c4ad63c0a2ab75ad1e207968b035ca72acfef4df4606b1b753b

(this sample)

Mirai

elf 768548dd5e40c949ddabe8a4cc8a4c463430c4b30758038fc853b3b580b0733c

  
URLhaus
https://urlhaus.abuse.ch/url/3728001/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2e750631ec3f6bab95e3594a036a5d74
  
Dropping
SHA256 768548dd5e40c949ddabe8a4cc8a4c463430c4b30758038fc853b3b580b0733c

Comments