MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975
SHA3-384 hash:	f0680a61ccc4280fbd8b7f657ec3074b5f1d7fc9d457fc31e50617b786c2b9e9210fe36c85c3d29ed4e2bca23e0e7ecd
SHA1 hash:	de7096f04340ac22c2dcfd08237c5d00e687840f
MD5 hash:	b8264a3c5d5897320cf7549c149e0052
humanhash:	lake-illinois-india-virginia
File name:	bins.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	909 bytes
First seen:	2025-11-07 13:08:09 UTC
Last seen:	2025-11-08 05:08:49 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:XbI/syYzZ3OhXvuS9dLa+Jdz7+y5yswTm6:XbI/J430vu4usdzzoJB
TLSH	T1B1117C906C951587A8DBFE1CB12A53F231512C74E5A0127DC2B7EE16C87EE32B90E771
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

52

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Mirai-82.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Linux.Downloader-2.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/690def44f259f8423e833909/reports/28202c21-e746-4025-aa25-5fcce6dd4002/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-07T10:17:00Z UTC

Last seen:

2025-11-08T04:37:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Mirai.a

Link:

https://opentip.kaspersky.com/652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/3c471409-dcc8-47e4-98f3-5f7e373bcb55

Behavior Graph:

Download SVG

Nucleon Malprob Benign

Score:

3%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975/

Neiki Family.MIRAI

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

ReversingLabs TitaniumCloud Linux.Browser.Downlaoder

Threat name:

Linux.Browser.Downlaoder

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-11-07 13:08:19 UTC

File Type:

Text (Shell)

AV detection:

13 of 24 (54.17%)

Threat level:

  4/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=murilutakfoart7bi3v52l22jf36ysikmcgfoad2xs23n5h5jf2q._file

Hatching Triage mirai

Result

Malware family:

mirai

Alert

Create hunting rule

Score:

  10/10

Tags:

family:mirai botnet:mirai botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/251107-qdb62szkbr/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Reads system network configuration

Creates a large amount of network flows

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (1128) amount of remote hosts

Mirai

Mirai family

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.37

Link:

https://yomi.yoroi.company/submissions/652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975