MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55
SHA3-384 hash:	8f354c3df386033cf8bc9f4a70712a184d5d047d90013c44885a880d4e00ba21f7f4cb79c039ba541985ab521632f478
SHA1 hash:	ab642d2d359314ac645b53c35a4ba828beea310d
MD5 hash:	1d8b75d9fbf7f79776889982c3eb2cd1
humanhash:	seven-wisconsin-pip-fanta
File name:	kla.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	5'155 bytes
First seen:	2026-05-03 18:36:02 UTC
Last seen:	2026-05-04 14:17:39 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:2RKhEcfEnsTE11CxPCx9uqQY0MWickGyE8go:2MW
TLSH	T15DB1B1C812A318717DF68E67B169CA24B8C9B181DDC58F80D0EDF4F9198CF09B954AB3
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.107.133/bins/px86	7a71a50005dfa90d36e25147c9ee7718e9f650f1af14bc08a1a71e59df3b61b2	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/pmips	93fd5d044909555935ed9a14e895f470efa5ac1553365937d0486e063f0839cc	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/pmpsl	5f320c2c06b5cf0d494f311cdf118e294868d0181560104c02d6f05eef1e9e3b	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/parm	064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/parm5	16aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/parm6	bc0cb910005577e7c03e54c3330eb941224c795b4cbd9b1ae7efa9fc1c721893	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/parm7	8ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/pm68k	aa640ee976ff58f087abcd029c2ca2db1c6a4c56220a093b54f1362460fad53f	Mirai	elf mirai ua-wget
http://196.251.107.133/bins/psh4	303bf1629f8a98593d5b774c3e42e86ae2c68aa981066c4995fbb2870c004dd0	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox mirai

Link:

https://www.filescan.io/uploads/69f795afdf14f1cb2ac8e516/reports/ef0af73c-2175-402d-8745-b0d5b510a0a3/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-05-03T15:40:00Z UTC

Last seen:

2026-05-05T02:00:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/5ef9f1f3-9723-491f-89ee-6defa7673c0f

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2026-05-03 18:36:38 UTC

File Type:

Text (Shell)

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nwqbdhdxvmqh4ig5x6x57yeouqeyaqz6r4mnsfptupuvvefkzzkq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/260503-w86xssay7n/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

UPX packed file

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Modifies Watchdog functionality

Family: Mirai

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/6da0119c77ab/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6da0119c77ab207e20ddbfafdfe08ea40980433e8f18d915f3a3e95a90aace55

(this sample)

Mirai

elf ba2a0c107b5a9458dee3d47499f0e505f09e4e7a09b0b64f24d720007583b03c

Mirai

elf 7a71a50005dfa90d36e25147c9ee7718e9f650f1af14bc08a1a71e59df3b61b2

URLhaus

https://urlhaus.abuse.ch/url/3791302/

Delivery method

Distributed via web download

Dropping

MD5 aae8d0fe3edf5b6fafe9b4e31b8f79ce

Dropping

SHA256 7a71a50005dfa90d36e25147c9ee7718e9f650f1af14bc08a1a71e59df3b61b2

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample