MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38
SHA3-384 hash: 1fc47f1adc5d2dadc44f6f056e65028786d70a349de55abc402c24c1e05d8e8dc4b36e9b78047d942ff616737e2679f5
SHA1 hash: d6d6b0f2efa749a6ab5d1967792ebfd24f5c7738
MD5 hash: 184b8a8fca9f72c3b6be41b2dcf94508
humanhash: pizza-december-glucose-fifteen
File name:w
Download: download sample
Signature Mirai
Create hunting rule
File size:1'126 bytes
First seen:2026-01-18 14:11:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:kn4q7I1fIrXI8DNIiI3tKKIIo8lIRfI2v7jIvOs7gIsP0WJI0An4747InX:kHI1fIrXI89I3tRIClIRfI2v7jIvOHI0
TLSH T13021E9FEDF62753541D85E392A660421D80EAEF43A54CA98B4870A7B7FC4A40FC18B4D
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://192.227.152.84/sdxkzX_UXA229x.x86db1f72fef17c71b8dffbef51d92a7137e8c0ae15cbf0900800e785a796fd52fe Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.arm04ef8f7a8392a9d6521b94be31a8057f5ecc97760ef93fa11c5825a9309bb358 Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.arm5bf1dc3f056c16552095ff55778cd47895488d9fe00c37d6784f7aa552991357a Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.arm6defaf6c4f058ffb6e6f872c9a774a8eb80a811a1d58ee112621c787db317b91f Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.arm7n/an/aarm elf geofenced mirai ua-wget USA
http://192.227.152.84/sdxkzX_UXA229x.m68k176a51cc028c9a13f6776072813213c3580bcb758c15faf45b1e443ccf5bc9ea Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.mips070ab9396a2fa20b47cfb1741a65ae67f063cae74abfd0bfaff664aa102b7945 Miraielf geofenced mips mirai ua-wget USA
http://192.227.152.84/sdxkzX_UXA229x.ppcf5a5042133edff83730562122b0e3aa53d9ce67366d51bb6e497bebc209e20cc Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.sh4c2c21ee47f5f90c68b992bedae3b57314257e435ebbd61febb09d35547b3ee99 Miraielf mirai ua-wget
http://192.227.152.84/sdxkzX_UXA229x.spc9b7970310c46c61a2aa1ff5dd3f16bdb742afdc7a3fc5e735d12b8a59223c767 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/696d2b2c3dd9d20950591241/reports/586223ba-c2c7-413c-9340-ca0fb949962a/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-18T15:23:00Z UTC
Last seen:
2026-01-18T15:47:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/49f61e4f-85cb-449b-abd4-a440e8c20ec7
Behavior Graph:
Download SVG
%3 guuid=b7640fa5-1a00-0000-772e-9e99810a0000 pid=2689 /usr/bin/sudo guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698 /tmp/sample.bin guuid=b7640fa5-1a00-0000-772e-9e99810a0000 pid=2689->guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698 execve guuid=5c4b91a7-1a00-0000-772e-9e998c0a0000 pid=2700 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=5c4b91a7-1a00-0000-772e-9e998c0a0000 pid=2700 execve guuid=8f7165bc-1a00-0000-772e-9e99bc0a0000 pid=2748 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=8f7165bc-1a00-0000-772e-9e99bc0a0000 pid=2748 execve guuid=3b53a1bc-1a00-0000-772e-9e99be0a0000 pid=2750 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=3b53a1bc-1a00-0000-772e-9e99be0a0000 pid=2750 clone guuid=c852b0bc-1a00-0000-772e-9e99bf0a0000 pid=2751 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=c852b0bc-1a00-0000-772e-9e99bf0a0000 pid=2751 execve guuid=b57185ce-1a00-0000-772e-9e99de0a0000 pid=2782 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=b57185ce-1a00-0000-772e-9e99de0a0000 pid=2782 execve guuid=ca6206cf-1a00-0000-772e-9e99e00a0000 pid=2784 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=ca6206cf-1a00-0000-772e-9e99e00a0000 pid=2784 clone guuid=b02cf8cf-1a00-0000-772e-9e99e50a0000 pid=2789 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=b02cf8cf-1a00-0000-772e-9e99e50a0000 pid=2789 execve guuid=e14ce3e2-1a00-0000-772e-9e99000b0000 pid=2816 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=e14ce3e2-1a00-0000-772e-9e99000b0000 pid=2816 execve guuid=b40f22e3-1a00-0000-772e-9e99020b0000 pid=2818 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=b40f22e3-1a00-0000-772e-9e99020b0000 pid=2818 clone guuid=7920bae3-1a00-0000-772e-9e99050b0000 pid=2821 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=7920bae3-1a00-0000-772e-9e99050b0000 pid=2821 execve guuid=3e65a7f6-1a00-0000-772e-9e99280b0000 pid=2856 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=3e65a7f6-1a00-0000-772e-9e99280b0000 pid=2856 execve guuid=4c50f5f6-1a00-0000-772e-9e992a0b0000 pid=2858 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=4c50f5f6-1a00-0000-772e-9e992a0b0000 pid=2858 clone guuid=0fc6baf7-1a00-0000-772e-9e992d0b0000 pid=2861 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=0fc6baf7-1a00-0000-772e-9e992d0b0000 pid=2861 execve guuid=4b689e10-1b00-0000-772e-9e99660b0000 pid=2918 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=4b689e10-1b00-0000-772e-9e99660b0000 pid=2918 execve guuid=ef648011-1b00-0000-772e-9e99690b0000 pid=2921 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=ef648011-1b00-0000-772e-9e99690b0000 pid=2921 clone guuid=3af1a312-1b00-0000-772e-9e996c0b0000 pid=2924 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=3af1a312-1b00-0000-772e-9e996c0b0000 pid=2924 execve guuid=e6c0652d-1b00-0000-772e-9e99940b0000 pid=2964 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=e6c0652d-1b00-0000-772e-9e99940b0000 pid=2964 execve guuid=f3d7a72d-1b00-0000-772e-9e99960b0000 pid=2966 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=f3d7a72d-1b00-0000-772e-9e99960b0000 pid=2966 clone guuid=6e64282e-1b00-0000-772e-9e99990b0000 pid=2969 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=6e64282e-1b00-0000-772e-9e99990b0000 pid=2969 execve guuid=79ebbc41-1b00-0000-772e-9e99bc0b0000 pid=3004 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=79ebbc41-1b00-0000-772e-9e99bc0b0000 pid=3004 execve guuid=5029f441-1b00-0000-772e-9e99bd0b0000 pid=3005 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=5029f441-1b00-0000-772e-9e99bd0b0000 pid=3005 clone guuid=73dbf042-1b00-0000-772e-9e99c10b0000 pid=3009 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=73dbf042-1b00-0000-772e-9e99c10b0000 pid=3009 execve guuid=6446d655-1b00-0000-772e-9e99d60b0000 pid=3030 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=6446d655-1b00-0000-772e-9e99d60b0000 pid=3030 execve guuid=f40f1956-1b00-0000-772e-9e99d80b0000 pid=3032 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=f40f1956-1b00-0000-772e-9e99d80b0000 pid=3032 clone guuid=ef36c056-1b00-0000-772e-9e99db0b0000 pid=3035 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=ef36c056-1b00-0000-772e-9e99db0b0000 pid=3035 execve guuid=be05e66f-1b00-0000-772e-9e991f0c0000 pid=3103 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=be05e66f-1b00-0000-772e-9e991f0c0000 pid=3103 execve guuid=3b462d70-1b00-0000-772e-9e99200c0000 pid=3104 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=3b462d70-1b00-0000-772e-9e99200c0000 pid=3104 clone guuid=39d8f870-1b00-0000-772e-9e99240c0000 pid=3108 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=39d8f870-1b00-0000-772e-9e99240c0000 pid=3108 execve guuid=24fe5d8c-1b00-0000-772e-9e99690c0000 pid=3177 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=24fe5d8c-1b00-0000-772e-9e99690c0000 pid=3177 execve guuid=83add58c-1b00-0000-772e-9e996a0c0000 pid=3178 /usr/bin/dash guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=83add58c-1b00-0000-772e-9e996a0c0000 pid=3178 clone guuid=4e5cb68d-1b00-0000-772e-9e996e0c0000 pid=3182 /usr/bin/wget net send-data write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=4e5cb68d-1b00-0000-772e-9e996e0c0000 pid=3182 execve guuid=1a7751a1-1b00-0000-772e-9e998b0c0000 pid=3211 /usr/bin/chmod guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=1a7751a1-1b00-0000-772e-9e998b0c0000 pid=3211 execve guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213 /home/sandbox/sdxkzX_UXA229x.x86 write-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213 execve guuid=fc08f5a1-1b00-0000-772e-9e99920c0000 pid=3218 /usr/bin/rm delete-file guuid=e33235a7-1a00-0000-772e-9e998a0a0000 pid=2698->guuid=fc08f5a1-1b00-0000-772e-9e99920c0000 pid=3218 execve 754c9895-f526-5c23-835d-e9aa002cfebe 192.227.152.84:80 guuid=5c4b91a7-1a00-0000-772e-9e998c0a0000 pid=2700->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=c852b0bc-1a00-0000-772e-9e99bf0a0000 pid=2751->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=b02cf8cf-1a00-0000-772e-9e99e50a0000 pid=2789->754c9895-f526-5c23-835d-e9aa002cfebe send: 148B guuid=7920bae3-1a00-0000-772e-9e99050b0000 pid=2821->754c9895-f526-5c23-835d-e9aa002cfebe send: 148B guuid=0fc6baf7-1a00-0000-772e-9e992d0b0000 pid=2861->754c9895-f526-5c23-835d-e9aa002cfebe send: 148B guuid=3af1a312-1b00-0000-772e-9e996c0b0000 pid=2924->754c9895-f526-5c23-835d-e9aa002cfebe send: 148B guuid=6e64282e-1b00-0000-772e-9e99990b0000 pid=2969->754c9895-f526-5c23-835d-e9aa002cfebe send: 148B guuid=73dbf042-1b00-0000-772e-9e99c10b0000 pid=3009->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=ef36c056-1b00-0000-772e-9e99db0b0000 pid=3035->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=39d8f870-1b00-0000-772e-9e99240c0000 pid=3108->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=4e5cb68d-1b00-0000-772e-9e996e0c0000 pid=3182->754c9895-f526-5c23-835d-e9aa002cfebe send: 147B guuid=91bcb8a1-1b00-0000-772e-9e998e0c0000 pid=3214 /home/sandbox/sdxkzX_UXA229x.x86 guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213->guuid=91bcb8a1-1b00-0000-772e-9e998e0c0000 pid=3214 clone guuid=6509cfa1-1b00-0000-772e-9e998f0c0000 pid=3215 /home/sandbox/sdxkzX_UXA229x.x86 guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213->guuid=6509cfa1-1b00-0000-772e-9e998f0c0000 pid=3215 clone guuid=129bd3a1-1b00-0000-772e-9e99900c0000 pid=3216 /home/sandbox/sdxkzX_UXA229x.x86 guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213->guuid=129bd3a1-1b00-0000-772e-9e99900c0000 pid=3216 clone guuid=8b66dfa1-1b00-0000-772e-9e99910c0000 pid=3217 /home/sandbox/sdxkzX_UXA229x.x86 net send-data zombie guuid=b36693a1-1b00-0000-772e-9e998d0c0000 pid=3213->guuid=8b66dfa1-1b00-0000-772e-9e99910c0000 pid=3217 clone 68b96d34-2bd8-5d1a-872f-ffb88dbcaafa 172.245.10.175:5555 guuid=8b66dfa1-1b00-0000-772e-9e99910c0000 pid=3217->68b96d34-2bd8-5d1a-872f-ffb88dbcaafa send: 6B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=8b66dfa1-1b00-0000-772e-9e99910c0000 pid=3217->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-18 14:21:36 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mnk5tisazkjokiuyfm323c5tambheu3jueed5cko6du22555jm4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260118-xggdhadv5f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6355d9a240ca92e522982b37ad8bb30302725369a1083e894ef0e9ad77bd4b38

(this sample)

Mirai

elf 8c85ca01aaf534bc8451e71a4be94ebc1aff7d3209a2c10afcce819bd0b51f80

Mirai

elf db1f72fef17c71b8dffbef51d92a7137e8c0ae15cbf0900800e785a796fd52fe

  
URLhaus
https://urlhaus.abuse.ch/url/3743074/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5f7b97fe2aab3bf6a7287372af02d650
  
Dropping
SHA256 db1f72fef17c71b8dffbef51d92a7137e8c0ae15cbf0900800e785a796fd52fe

Comments