MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd
SHA3-384 hash: f7cd2ec4f121d65c5bbfd57e386cb8a47209752d8d1b071603bc9a37a60692c2b2640c4bcb2ba526bbcc6b65a322f189
SHA1 hash: bdada86f21d8dd428340a67bbdd68c9cc3a370da
MD5 hash: 250ec08436a9f7f36d354143bdaafe80
humanhash: maryland-one-football-steak
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2025-12-24 15:33:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:WWxY6Y2JMkxuxbiB4NnNuZgMEZMEnE2EhELsHp8n8bwrjxFRPuPJUf4QF767hM3W:AF2JMEebiBsNuZXXcvy48bwRAhM3W
TLSH T1CE5184AB03185B359649854EBBF831B4650EE092A6DFC708F9448E6D4FCAD4C36C5EC1
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnaarch64xnxn2225aeaf89037b4777e9df49ffffbbd847e481b9e3913b3fb4e2dfff69d08742 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxni386xnxnc6775a0ae4534b64fa829f89e3e913fe34cc851db71997dd12d3af51d1a73a57 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnloongarch64xnxn120c26e8f396d25908faa3808ad9e2171f6abbfd72e3ff4d869f5b5e26e27af1 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnm68kxnxn2cd4f5f2c8b136e26eb3c4da49c1b7da134947e5a2e3e0b6e6d7645791f68111 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnmicroblazexnxn6d2d4b53285e97b16ed27422f86a93c12495244a1f84c814ed654e41aa624141 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnmipsxnxnba652269dbd98042396f8089e9027bde5e9f9f522ff6649f1e13d0891d58756c Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnor1kxnxna2109d34a191d1ccc4402db052e6c41a0880ed1f930110308628f16dcefdc1fa Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnpowerpcxnxn245356c3f3e3076526f61510f35038544dc25b2de9b5fa70cfa07b852ed89e60 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnriscv32xnxndc4b63715630125e75c1e0ef29a9480ef7c25509624d74f6fafd94be1e1bcb03 Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnriscv64xnxn5cd686648cad0cf110cbc7ffaaaac0e39f83f0deee8cade23c0e54e3188db4ff Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnsh2xnxnc56168c9bfe304f39cc9901b31516fa310b08f40623fdb1531bab1c1914b129d Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnsh4xnxn958cb2128b7488b9ef5ec55ab1337aa208eef8c83865052063142db5cffa837a Miraielf mirai ua-wget
http://45.83.207.105/bins/xnxnxnxnxnxnxnxnx86_64xnxn4ede7c117fc9bd6a1f24271fb825840c4ca67897643c20ba6e064b2088c770e8 Mirai64-bit elf mirai x86-64

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/694c07feeb6298f4c8573dfc/reports/7460dc94-649c-40a0-893a-367d0c0fc02a/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-24 13:37:42 UTC
File Type:
Text (Shell)
AV detection:
4 of 36 (11.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkevi4dpzsxun4feidmcz5mxezf6k67h3axicdvsksybfkq4to6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251224-szhl3afz7h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 628954706fccaf46f0a440d82cf597264be57be7d82e810eb254b012aa1c9bbd

(this sample)

Mirai

elf 83a3af1c79981c63f202326032ebf015f629888290238c98571bf099565de94c

Mirai

elf 2225aeaf89037b4777e9df49ffffbbd847e481b9e3913b3fb4e2dfff69d08742

  
URLhaus
https://urlhaus.abuse.ch/url/3742497/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3742489/
  
Dropping
MD5 60ccb23d54e95270853c26e85f67bf13
  
Dropping
SHA256 2225aeaf89037b4777e9df49ffffbbd847e481b9e3913b3fb4e2dfff69d08742

Comments