MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7
SHA3-384 hash: f6b8f494b1bd9e2eb135f4be17173b7078d52fe249c8670a29f9a4261f92f0ce69c8479306e7fba0bf3eb018b81b6e17
SHA1 hash: e018e02507d8fca991757efe32089ffe2990dd4b
MD5 hash: 8a728892ca921e9e90404b39a3cbad2f
humanhash: uniform-idaho-cold-bulldog
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:748 bytes
First seen:2026-01-26 05:50:33 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:xVHQWEtVHgE9UIvVH2NIxEqeVHb+EIKzVHlcRKVHI69VHkNVYVHpFG10+VHfUVH0:7EUE9UzNIxEGEIKDG6QNVLhrxeTUn
TLSH T1D001A9DE19A13F718734CF6CB5734928640EC1E9FB63468E994B442A4DE870AB52CE87
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.67/bins/narm4n/an/aelf ua-wget
http://94.156.152.67/bins/narm5n/an/aelf ua-wget
http://94.156.152.67/bins/narm6n/an/aelf ua-wget
http://94.156.152.67/bins/narm7e0c466c5c40fa5bac463d6dfb05a7cb08dbc291144422510e2450c3b40a77649 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.156.152.67/bins/psh4n/an/aelf mirai
http://94.156.152.67/bins/pppc6e675c36a690663707594e209383561ca3dd8e732e623bd9339f3819561cb00a Miraielf mirai
http://94.156.152.67/bins/pmipsn/an/aelf geofenced mips mirai opendir ua-wget USA
http://94.156.152.67/bins/pmpsln/an/aelf geofenced mips mirai opendir ua-wget USA
http://94.156.152.67/bins/pspcb8d3fa58b5c2de4ae7ac3ab396ce12f3db1fdcd1471115dcfaed4acb996f1d39 Miraielf mirai
http://94.156.152.67/bins/px86n/an/aelf geofenced mirai opendir ua-wget USA x86
http://94.156.152.67/bins/m68kf23f2023cb146e1f2f28301eafec0a12a0678cb0eba9da18f7622388af648060 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/697700d155805a763ff5d693/reports/dc57a7b9-98d0-4ea6-89f5-c332a7b7b70a/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-26T02:59:00Z UTC
Last seen:
2026-01-26T04:34:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-26 05:51:29 UTC
File Type:
Text (Shell)
AV detection:
9 of 36 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nklngetxqm3rszgelxpswcjtkk46zh73z7qawpfcsxngsqvx3w3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260126-gj9j3adt4h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6a96d3127783371964c45ddf2b093352b9ec9ffbcfe00b3ca295da6942b7ddb7

(this sample)

Mirai

elf e0c466c5c40fa5bac463d6dfb05a7cb08dbc291144422510e2450c3b40a77649

  
URLhaus
https://urlhaus.abuse.ch/url/3761408/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b3cff5e5a4d3234a59ac89bbedf7955e
  
Dropping
SHA256 e0c466c5c40fa5bac463d6dfb05a7cb08dbc291144422510e2450c3b40a77649

Comments