MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c
SHA3-384 hash: daf7aa58201478a5715f35ff6871530adc609426c1d9a5c696f2928fc8500e0b94d696ed6c20bddf52ed2e0e604f3ac5
SHA1 hash: 3fa5a692497735f31afcebcac9585b40d73d17e9
MD5 hash: 2bed2aa97c9afd41632e50fefe07369f
humanhash: timing-oven-maine-nuts
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'389 bytes
First seen:2025-12-11 00:28:35 UTC
Last seen:2025-12-11 10:37:33 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 192:YD3mBpYOBqcdp837EC12Quk7s6ygnA2rPOZhrPOZhqofIe5NwDfAGpiUeUr8q1xg:YD3mBpYOBqcdp837EC12Quk7s6ygnA2H
TLSH T1B7D102F2B4C512FCDD9FC83A5154297D118AB68B1B8B4D6887AD3069BC8AFCC6C549C3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86d3934dd463ad2005e54d873e6c7c56d1f9870a15a65edb06825d5fe36aaf9d9c Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips22c8af17d30e30f3a3c1624583dff3bac6803deec5000c37577003b5e72182d0 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc6e5d68792cff8469e9e22d0d72de247bdc7cc01a4520d6a96865b7306a7e6e97 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468n/an/aelf ua-wget
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i6864e18ac7224319a226fdfa9f5c93273ecd5ebc175e75509de93a025ddd77fc936 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_645aef50d2d96b6c6e9399832b9d98b8c9c8633376c1fd0936b13b7a1cf85386fe Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl4d16769b1cbc714d7064984921bc0ac37c0089b971bb7b775258e3cd231920fe Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm8ab2bc1aa6c662405c3cb94079a490b981ae54a92972b28c1387c559e3af249a Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm588b43ad414b84b1db213738236b38581c9c2478f3fe2481a57f745da892b68d4 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm63f13205a62dca0541202d493795e0ef6e853834519a9fdd3d42161a768b707f1 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm77bb509e9db96c24473b156dcc905e0d923def30aecac7c7429c9236e7505fb22 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc4492ced395db9c6eaa5c2d0e6e09f55321e76f73d8d567ca29a4eefe5844fc8b Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc68ecb5e9dd0c4a697bcf14bdbc93ca157dee14868100f487f0bcc7600e6721d8 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68ka8e69cc99f5893b564682de393d0889817da30e7ca70f1103d619be1a12ee3d5 Miraimirai opendir
http://89.145.160.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh49d1872ba3743d05c0b5c7f0caed8d637df64cf94531fddafc0bcbe3e1f441c0a Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-10T22:38:00Z UTC
Last seen:
2025-12-11T01:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-11 00:29:59 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nd6bwdvgcacnhqtsief34wjbsvjcqbojxkjr2a3x3s2req3wuu6a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251211-as31bagl4y/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
Deletes log files
Enumerates running processes
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
yukivela.duckdns.org
lizadesm.duckdns.org
frohncrop77.duckdns.org
fishertriv.duckdns.org
catelcro.duckdns.org
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/68fc1b0ea610/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 68fc1b0ea61004d3c272410bbe592195522805c9ba931d0377dcb5124376a53c

(this sample)

Mirai

elf 0eacc75a851563936c157c5aaeb5523ebe1f377909ee16c669c5fa8ecc365d49

Mirai

elf d3934dd463ad2005e54d873e6c7c56d1f9870a15a65edb06825d5fe36aaf9d9c

  
URLhaus
https://urlhaus.abuse.ch/url/3731373/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3353e8d71961775e321b6e9d0f332cb6
  
Dropping
SHA256 d3934dd463ad2005e54d873e6c7c56d1f9870a15a65edb06825d5fe36aaf9d9c

Comments