MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0
SHA3-384 hash:	949842bc2e9aa098db248a1d341f87e6d2ff5cc58ad27310c8919cdae9972c5f82d0b742f7af96443af75a42fcde2a8f
SHA1 hash:	88044f27d0c399c833d6d64b018c97ec2dc0d055
MD5 hash:	f9b2bc33dca23d76556a005b2158052c
humanhash:	ink-july-island-jersey
File name:	mao_http.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'181 bytes
First seen:	2026-02-08 00:07:18 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:Aqcs6A/g7yEIuC0uY5UZCz2zAmQiU4+UimQqSQ:+KN
TLSH	T13B617CBD41E1AFD3C982AE1CBB668361E703D1F4EC76F13CAC984A668180715349769F
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.95.146.23/bins/mao.x86_64	ad8edc1871fa24cde9c4da01554065d10b340768057435305f8225a97288e54d	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.x86	83f003e3b760174836c8796b58d70cfbac03dcae8f7a5006f7792535c513be6c	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.mips	dc57e6ac32d100f81e8acd3341e6ee117b8f48da62de1afe35ebe133da9bec5a	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.mpsl	a03281983acde60bcb9ad4c476cc2af7e491121429cd2520591236a9bea2efc7	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.arm	a98fc17acb6a3a274eb728bc4d87d627eb3d41f37ebefd67b57ac9e896bff1fa	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.arm5	a9a96cc123866df23aa043f23e7374c6ff75f68c67359f93bb89a05f8c7b2719	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.arm6	e0bee1498194f2ea24c8d31f72d93adbf21df682e946bd27c107d379d9413f86	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.arm7	db7e17d49b68e270d9793ded785abaae8bd3442628bc81a25dc248d0133fee18	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.ppc	4314cc9193a9b7b6b48afe821acd76cbe664322f88b05b280a51cc3f67c9a121	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.m68k	84d4643444ea8cbc029973aa61bf8e1d84a74c5e845bc7951a858c052323b7e1	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.sh4	141b4f5689cd0694d59e543567a88ebaa527868eb4d812784b37777d8b26c015	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.spc	b5d22069cf8b825765bbe021407652b8e10261b9821ffd89160e7e7c362adabe	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.arc	8b3bc3e5d4ffd5c55c75bd5c3651464f278d8a9bccd795c123b6ca5ea6690d0c	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.i686	e69798ff814211487731039e3bda65b49f24f0473c405b25c7b947f94eb45f9d	Mirai	elf mirai ua-wget
http://45.95.146.23/bins/mao.i486	2577146d5291c674dad1c9eac1025d721b468b63614e2c2fad89a950aa2c3b53	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-02-07T21:14:00Z UTC

Last seen:

2026-02-07T21:46:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/00a31565-202d-4109-9584-380ea06fb284

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0

Threat name:

Script-Shell.Worm.Mirai

Status:

Malicious

First seen:

2026-02-08 00:08:18 UTC

File Type:

Text (Shell)

AV detection:

8 of 36 (22.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=omh6fhn27to73pnmzzdw3pd6lknmycgxwrce4uf2c2tcfwu4u6qa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260208-aezqqsgt6a/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/730fe29dbafc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.95

Link:

https://yomi.yoroi.company/submissions/730fe29dbafcddfdbdacce476dbc7e5a9acc08d7b4444e50ba16a622da9ca7a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MAL_Linux_IoT_MultiArch_BotnetLoader_Generic Create hunting rule
Author:	Anish Bogati
Description:	Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:	MalwareBazaar sample lilin.sh