MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67eaa2a0b90bec27372402195301867fae5fcb063dc006b13cc654ea2b74dbd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: 67eaa2a0b90bec27372402195301867fae5fcb063dc006b13cc654ea2b74dbd5
SHA3-384 hash: f9d10c6a0c4803a6fb8c8f730de17c9a9c5fd42e0af7d1ea8633897fda68f380e35818ff7a18f0efdcbd7a3a115555ed
SHA1 hash: f1c12d5b7fc1ac930e1b01751d7085e0f7fdfdbc
MD5 hash: e28002ea23f9d94b7b437cbe1fa36ce3
humanhash: winner-oklahoma-lamp-beryllium
File name:lil
Download: download sample
Signature Mirai
File size:852 bytes
First seen:2026-07-02 02:10:51 UTC
Last seen:2026-07-02 06:58:09 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:kXCKysE2hi0ziQvZohaiX41F3/M4EMtWZLXZOX:e9Qp+MsiXiEfMtWZjZOX
TLSH T1A1016FC681446D1050EAEA1D22E75594F810C3CE1A5A4F7AFFADAD3DEB84D14F026F84
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://129.121.114.124/DsI54212927959feccf26c279a1c3fd22b587f991a3dc0829d8dd37c7ee8f96741cd Miraielf ua-wget
http://129.121.114.124/v9c9363500d89720dd4f0db103cf3c3d70e00b23163bd6cb74f9eee2cdc6e5c2ad88 Miraielf ua-wget
http://129.121.114.124/m6db7d92769c58547632948174e1d5cbb799b2a042c77a533fc1ca0f15f2150763c6 Miraielf ua-wget
http://129.121.114.124/xZPwfe78dcccb84347d9ab57003fe3e8b53b2fff1d082d24d499eb8695ab264d43f9 Miraielf ua-wget
http://129.121.114.124/lyV13013ddeeaa5187dfd668a5715046b251b62b572bb9af64001decd7928bd2798 Miraielf ua-wget

Intelligence


File Origin
# of uploads :
2
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader evasive mirai
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Gathering data
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 67eaa2a0b90bec27372402195301867fae5fcb063dc006b13cc654ea2b74dbd5

(this sample)

  
Delivery method
Distributed via web download

Comments