MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49
SHA3-384 hash: 4c4d4c2576100726b69a6bab209e8041680a59fdff08d4105a737341d39fe1343c3f6f270f86899ec06e5e55882f1115
SHA1 hash: 47fa1ca534510f22adc6fb69561c6c91f139544c
MD5 hash: fcbe78270e72e9b3fb03dd59bd94eb4a
humanhash: november-mexico-stairway-mexico
File name:t.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:762 bytes
First seen:2026-01-23 08:19:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:xVHI+jQVHj+jQVHjIWT2T+jQVHyeF+jQVH6tz+jQVHnSF+jQVH4VND+jQVHT+jQR:ZBKIM2Sq43ty+JzV4ZjM/Ln
TLSH T1F701B5CF19111EB08564EF2CBA7344296009C1D1F6630BD86D47083B8DE5B0F75B6FA6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.67/bins/4rm4n/an/aelf ua-wget
http://94.156.152.67/bins/4rm5f7c16a1a44a9dc6b3ee1f73afffdcd425ca67e0e9c70df44544d488826ad5d8b Miraimirai opendir
http://94.156.152.67/bins/4rm60725116cab37fe76b32f0e460f6dd085bd44618f800918722650bfcd99fbfb5a Miraimirai opendir
http://94.156.152.67/bins/4rm7269c7e600d41cd03b27026d9ea50021b37c36fbf457b44d0f1870180be7ff434 Miraimirai opendir
http://94.156.152.67/bins/sh41a5a9c16ffb10732468c63adce73c8d97117a701b17646bd6b18c868ccf3911d Miraimirai opendir
http://94.156.152.67/bins/ppced2400f0b058f632797e1c8d3f767473ee2bc150576f729d21990bdb67eb45d4 Miraimirai opendir
http://94.156.152.67/bins/m1ps56fbe540dbc23fddc5be95941b83730ae9a7cb6e95945da3877f27bb281cb6e5 Miraimirai opendir
http://94.156.152.67/bins/m1ps3l9f9f1cde25c8a1ae8e6c3386fe9b92eb41dad1f5c54145b87a5012f70f65fc95 Miraimirai opendir
http://94.156.152.67/bins/spce41e5677380874d4dc1a6cfe1de973ce81f144f6aaf70d9aa45cf32d3dff3d68 Miraimirai opendir
http://94.156.152.67/bins/x861cdcec3f4fd3d942bbea8523307209f733d6c9d6914e006568a989ea48601d698 Miraimirai opendir
http://94.156.152.67/bins/m68kf23f2023cb146e1f2f28301eafec0a12a0678cb0eba9da18f7622388af648060 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69732f0c5db9ae47708f136c/reports/dbd45898-b24f-48a3-b381-61eae33b3e43/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-23T05:50:00Z UTC
Last seen:
2026-01-25T00:00:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4af0f9c2-e5db-40fe-acc4-fbb6c70f77ed
Behavior Graph:
Download SVG
%3 guuid=045f7ecb-1600-0000-6fc7-9b1d060e0000 pid=3590 /usr/bin/sudo guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596 /tmp/sample.bin guuid=045f7ecb-1600-0000-6fc7-9b1d060e0000 pid=3590->guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596 execve guuid=5bbc65cd-1600-0000-6fc7-9b1d0d0e0000 pid=3597 /usr/bin/wget net send-data guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=5bbc65cd-1600-0000-6fc7-9b1d0d0e0000 pid=3597 execve guuid=1472e611-1700-0000-6fc7-9b1d890e0000 pid=3721 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=1472e611-1700-0000-6fc7-9b1d890e0000 pid=3721 execve guuid=6db74512-1700-0000-6fc7-9b1d8b0e0000 pid=3723 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=6db74512-1700-0000-6fc7-9b1d8b0e0000 pid=3723 clone guuid=4af76112-1700-0000-6fc7-9b1d8c0e0000 pid=3724 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=4af76112-1700-0000-6fc7-9b1d8c0e0000 pid=3724 execve guuid=62e7ef5b-1700-0000-6fc7-9b1d7f0f0000 pid=3967 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=62e7ef5b-1700-0000-6fc7-9b1d7f0f0000 pid=3967 execve guuid=8117315c-1700-0000-6fc7-9b1d810f0000 pid=3969 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=8117315c-1700-0000-6fc7-9b1d810f0000 pid=3969 clone guuid=92c2c05c-1700-0000-6fc7-9b1d860f0000 pid=3974 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=92c2c05c-1700-0000-6fc7-9b1d860f0000 pid=3974 execve guuid=3bf9d1a4-1700-0000-6fc7-9b1d3f100000 pid=4159 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=3bf9d1a4-1700-0000-6fc7-9b1d3f100000 pid=4159 execve guuid=219b45a5-1700-0000-6fc7-9b1d40100000 pid=4160 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=219b45a5-1700-0000-6fc7-9b1d40100000 pid=4160 clone guuid=3dab20a6-1700-0000-6fc7-9b1d45100000 pid=4165 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=3dab20a6-1700-0000-6fc7-9b1d45100000 pid=4165 execve guuid=f227bdf3-1700-0000-6fc7-9b1d69110000 pid=4457 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=f227bdf3-1700-0000-6fc7-9b1d69110000 pid=4457 execve guuid=68532df4-1700-0000-6fc7-9b1d6b110000 pid=4459 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=68532df4-1700-0000-6fc7-9b1d6b110000 pid=4459 clone guuid=dd9e19f5-1700-0000-6fc7-9b1d70110000 pid=4464 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=dd9e19f5-1700-0000-6fc7-9b1d70110000 pid=4464 execve guuid=0d1c493d-1800-0000-6fc7-9b1d0c120000 pid=4620 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=0d1c493d-1800-0000-6fc7-9b1d0c120000 pid=4620 execve guuid=23ea813d-1800-0000-6fc7-9b1d0e120000 pid=4622 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=23ea813d-1800-0000-6fc7-9b1d0e120000 pid=4622 clone guuid=fc88003e-1800-0000-6fc7-9b1d11120000 pid=4625 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=fc88003e-1800-0000-6fc7-9b1d11120000 pid=4625 execve guuid=3465a186-1800-0000-6fc7-9b1dbc120000 pid=4796 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=3465a186-1800-0000-6fc7-9b1dbc120000 pid=4796 execve guuid=3dde0c87-1800-0000-6fc7-9b1dbe120000 pid=4798 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=3dde0c87-1800-0000-6fc7-9b1dbe120000 pid=4798 clone guuid=0d49d588-1800-0000-6fc7-9b1dc3120000 pid=4803 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=0d49d588-1800-0000-6fc7-9b1dc3120000 pid=4803 execve guuid=4a78ecd1-1800-0000-6fc7-9b1daf130000 pid=5039 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=4a78ecd1-1800-0000-6fc7-9b1daf130000 pid=5039 execve guuid=96d02fd2-1800-0000-6fc7-9b1db0130000 pid=5040 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=96d02fd2-1800-0000-6fc7-9b1db0130000 pid=5040 clone guuid=68d2d9d2-1800-0000-6fc7-9b1db8130000 pid=5048 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=68d2d9d2-1800-0000-6fc7-9b1db8130000 pid=5048 execve guuid=dc34761d-1900-0000-6fc7-9b1d77140000 pid=5239 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=dc34761d-1900-0000-6fc7-9b1d77140000 pid=5239 execve guuid=b72c051e-1900-0000-6fc7-9b1d78140000 pid=5240 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=b72c051e-1900-0000-6fc7-9b1d78140000 pid=5240 clone guuid=cd0b4a1f-1900-0000-6fc7-9b1d7a140000 pid=5242 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=cd0b4a1f-1900-0000-6fc7-9b1d7a140000 pid=5242 execve guuid=a9c67e6a-1900-0000-6fc7-9b1d86140000 pid=5254 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=a9c67e6a-1900-0000-6fc7-9b1d86140000 pid=5254 execve guuid=6cd3ce6a-1900-0000-6fc7-9b1d87140000 pid=5255 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=6cd3ce6a-1900-0000-6fc7-9b1d87140000 pid=5255 clone guuid=726dfe6b-1900-0000-6fc7-9b1d89140000 pid=5257 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=726dfe6b-1900-0000-6fc7-9b1d89140000 pid=5257 execve guuid=b26804b4-1900-0000-6fc7-9b1d8a140000 pid=5258 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=b26804b4-1900-0000-6fc7-9b1d8a140000 pid=5258 execve guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259 /home/sandbox/x861 net guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259 execve guuid=80fbaf2c-1a00-0000-6fc7-9b1d98140000 pid=5272 /usr/bin/wget net send-data write-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=80fbaf2c-1a00-0000-6fc7-9b1d98140000 pid=5272 execve guuid=9b37b785-1a00-0000-6fc7-9b1d9a140000 pid=5274 /usr/bin/chmod guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=9b37b785-1a00-0000-6fc7-9b1d9a140000 pid=5274 execve guuid=60a01586-1a00-0000-6fc7-9b1d9b140000 pid=5275 /usr/bin/dash guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=60a01586-1a00-0000-6fc7-9b1d9b140000 pid=5275 clone guuid=3e63a388-1a00-0000-6fc7-9b1d9d140000 pid=5277 /usr/bin/rm delete-file guuid=ab451ccd-1600-0000-6fc7-9b1d0c0e0000 pid=3596->guuid=3e63a388-1a00-0000-6fc7-9b1d9d140000 pid=5277 execve a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 94.156.152.67:80 guuid=5bbc65cd-1600-0000-6fc7-9b1d0d0e0000 pid=3597->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B guuid=4af76112-1700-0000-6fc7-9b1d8c0e0000 pid=3724->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B guuid=92c2c05c-1700-0000-6fc7-9b1d860f0000 pid=3974->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B guuid=3dab20a6-1700-0000-6fc7-9b1d45100000 pid=4165->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B guuid=dd9e19f5-1700-0000-6fc7-9b1d70110000 pid=4464->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 136B guuid=fc88003e-1800-0000-6fc7-9b1d11120000 pid=4625->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 136B guuid=0d49d588-1800-0000-6fc7-9b1dc3120000 pid=4803->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B guuid=68d2d9d2-1800-0000-6fc7-9b1db8130000 pid=5048->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 139B guuid=cd0b4a1f-1900-0000-6fc7-9b1d7a140000 pid=5242->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 136B guuid=726dfe6b-1900-0000-6fc7-9b1d89140000 pid=5257->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fcfb0db5-1900-0000-6fc7-9b1d8c140000 pid=5260 /home/sandbox/x861 guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259->guuid=fcfb0db5-1900-0000-6fc7-9b1d8c140000 pid=5260 clone guuid=768bcaf0-1900-0000-6fc7-9b1d8d140000 pid=5261 /home/sandbox/x861 guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259->guuid=768bcaf0-1900-0000-6fc7-9b1d8d140000 pid=5261 clone guuid=c2cb7a2c-1a00-0000-6fc7-9b1d95140000 pid=5269 /home/sandbox/x861 guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259->guuid=c2cb7a2c-1a00-0000-6fc7-9b1d95140000 pid=5269 clone guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270 /home/sandbox/x861 net send-data zombie guuid=a83dafb4-1900-0000-6fc7-9b1d8b140000 pid=5259->guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270 clone guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 2660a4ff-e544-5e59-895a-f0df08e52f43 94.156.152.67:1999 guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->2660a4ff-e544-5e59-895a-f0df08e52f43 send: 15B guuid=f8019b2c-1a00-0000-6fc7-9b1d97140000 pid=5271 /home/sandbox/x861 guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->guuid=f8019b2c-1a00-0000-6fc7-9b1d97140000 pid=5271 clone guuid=cdaa4168-1a00-0000-6fc7-9b1d99140000 pid=5273 /home/sandbox/x861 guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->guuid=cdaa4168-1a00-0000-6fc7-9b1d99140000 pid=5273 clone guuid=fb93e9a3-1a00-0000-6fc7-9b1d9e140000 pid=5278 /home/sandbox/x861 guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->guuid=fb93e9a3-1a00-0000-6fc7-9b1d9e140000 pid=5278 clone guuid=3112e636-2400-0000-6fc7-9b1dbf140000 pid=5311 /home/sandbox/x861 net send-data guuid=a36d802c-1a00-0000-6fc7-9b1d96140000 pid=5270->guuid=3112e636-2400-0000-6fc7-9b1dbf140000 pid=5311 clone guuid=80fbaf2c-1a00-0000-6fc7-9b1d98140000 pid=5272->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 137B 21bf5614-e275-5139-bcf7-8f276897fb7a 88.11.10.53:80 guuid=3112e636-2400-0000-6fc7-9b1dbf140000 pid=5311->21bf5614-e275-5139-bcf7-8f276897fb7a send: 4097B guuid=9d4afc36-2400-0000-6fc7-9b1dc0140000 pid=5312 /home/sandbox/x861 guuid=3112e636-2400-0000-6fc7-9b1dbf140000 pid=5311->guuid=9d4afc36-2400-0000-6fc7-9b1dc0140000 pid=5312 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-23 07:55:16 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkkz267wld3nm6odkbrn2jbb3aymssspygzdg34sigtqqmvefneq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260123-j72kgafw5d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 62959d7bf658f6d679c35062dd2421d830c94a4fc1b2336f9241a70832a42b49

(this sample)

Mirai

elf f7c16a1a44a9dc6b3ee1f73afffdcd425ca67e0e9c70df44544d488826ad5d8b

  
URLhaus
https://urlhaus.abuse.ch/url/3761405/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4171990e799a156a57cd6b78e17be677
  
Dropping
SHA256 f7c16a1a44a9dc6b3ee1f73afffdcd425ca67e0e9c70df44544d488826ad5d8b

Comments