MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e
SHA3-384 hash: 4fbb04c045f65544303f2091f4ec6d199824d484b30ed353599d57a18ef9d7888a581a2af9abb21875adccb803bb1395
SHA1 hash: 7745e48d4954ac921099193afbdab4cb917f1bf1
MD5 hash: dc78d5022b48ce467860c9348581f8d6
humanhash: queen-xray-nitrogen-uniform
File name:android.exploit
Download: download sample
Signature Mirai
Create hunting rule
File size:2'907 bytes
First seen:2026-02-22 09:44:13 UTC
Last seen:2026-02-22 10:46:43 UTC
File type: sh
MIME type:text/plain
ssdeep 24:MF2JMAebiBoLuZzEgEnE2EhEgoGbwrgJUf/AhM3k:MF2JMAebiBoLuZzzcvysGbwzAhM3k
TLSH T12A515BDB12005B719618855FB7F035B4624AE0D6AADECF14FB4C182E0FCAD4C7685B41
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnaarch64xnxnc15457fcd80ef1c25bb7746a82848260a8c76f9da37c58a207ffc283f6e858b7 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxni386xnxne08dd2ae48eb72bfece0c3739daa38f9b1e5ef43ad1f5805314abf6d916900d7 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnloongarch64xnxn3d0c82e414977c4992746512c7303ea8fe501529b86f5575d01bba8b1a1a9bfd Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnm68kxnxnea11768cc3692c563b2826811dba0c07f21883a6e933af55df73dad00fc11049 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnmicroblazexnxn31eba9c0c952854faaa5da836f9928c06af31266daf7709f80212a50422b98de Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnmipsxnxn3d68f02d44bb88e0f7eeeb2b76a4d6ebbb22ce9b0456a6ec9510e6c08125fac3 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnor1kxnxn80b3a7e4763bcd547828ce79b27f8f580e2340f035bde5e93cf9981ccba7c7d6 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnpowerpcxnxn1c82d472f9c9b5b67b1418fb9fee2f71e4b8a62ee7a5151b23bec18f5b5e1585 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnriscv32xnxnfab054bb2e450fe63b66ae8c010854eba7563d02fe4b3d9562944ecc8538eacb Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnriscv64xnxn668eb01e4c861dc8de3889d48c56c0d3e959d6c9cf4622387b4ac7a27d68852d Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnsh2xnxn14cf31ce705b31c722cb5b394ff0847127745c0de7c1615d5bacf993666bd273 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnsh4xnxnb3ca9ac0369acd596555a898d745d8d87cccb6f1aa4f246a0ec77933e094f829 Miraicensys elf mirai ua-wget
http://45.128.118.140/bins/xnxnxnxnxnxnxnxnx86_64xnxn6104f11d2556940ddca2ea1daeb2782bd98619d637b369252937cb88c525c464 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm evasive mirai
Link:
https://www.filescan.io/uploads/699ad0de97feb4afd651ab54/reports/e3b06952-92a3-413f-888a-3077e3ef81a1/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndlyspobntspjftmq2nrkj3dju3dlodcio6qtmyo5kbrc4f7gbxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-lsvvgsfs9e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 68d7893dc16ce4f4966c869b1527634d3635b86243bd09b30eea831170bf306e

(this sample)

Mirai

elf 8e6732771a3e930ee2d912e382c1eb97109f489a133308a623f610cf396b99e7

Mirai

elf c15457fcd80ef1c25bb7746a82848260a8c76f9da37c58a207ffc283f6e858b7

  
URLhaus
https://urlhaus.abuse.ch/url/3782818/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f996034fe2aaf717dd9a562133c1d675
  
Dropping
SHA256 c15457fcd80ef1c25bb7746a82848260a8c76f9da37c58a207ffc283f6e858b7

Comments