MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 792b7b0a3d8b79310b9171f8bf683af7ead6f4ff797fde625de2f92c21e64311. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	792b7b0a3d8b79310b9171f8bf683af7ead6f4ff797fde625de2f92c21e64311
SHA3-384 hash:	05282d693f13ef7d9236045e958b56c2ee93acb2f30d3b6be87fc34b386f73b36555b2e17853928274a9432b36cf6f36
SHA1 hash:	69e855b977b0338130ed873d717394019865e41e
MD5 hash:	83867fdde29576979e955837269e0b46
humanhash:	texas-arkansas-mississippi-zulu
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'655 bytes
First seen:	2025-05-16 12:14:06 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:vfn0wn0KdlfngjngCikfnrnQyfninbfn0nDfn0vn0DdofnGKnZBfnnxnBfnQnnft:vMxKdlYE0hukM8Ddo++vX0bis+rathb
TLSH	T124516CC623C399303C629A6BB6BE491932C0D19D9EC5EA4CAEDC3CF9568CF583444757
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.135.194.43/bins/Tsun.x86	6a889a1fc6489ff0adb0fa87cc61ae0a42b569e8cf89b469e725bdad760ca785	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.mips	13cab87cd2580d34f0c60b31897281fc5870f1a979b8ee71683374dfe0c250e1	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.arc	40f802238cd04544e52554910d665c34b0c79ecc889aa399d494812ada813580	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.i468	n/a	n/a	n/a
http://45.135.194.43/bins/Tsun.i686	n/a	n/a	n/a
http://45.135.194.43/bins/Tsun.x86_64	n/a	n/a	n/a
http://45.135.194.43/bins/Tsun.mpsl	3f6efeb115b2c69c73c25799395824bd428024cdcc708036eeafe23cc08096ee	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.arm	4cd5a0b8f450bb4b1eaeabe20ed1d9ff59aae87e272998d56e73d813da5040c1	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.arm5	99bebadd78994cbddd0102281a400751050338ee7c6f1926f29093c966b6a0e5	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.arm6	7505011063ab00bcd3113fe2d7c3855d50af49a753015cd9018cbbfe65bd84db	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.arm7	fe9a5117526681f8c5c0b73d9ebca60f64b3c534c000374b1fe3f70dbc462a27	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.ppc	1225c2ed8afdb69733b59a23f77b6aa6ccd62c5f817c9da8a9c169c3aa157322	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.spc	bdd6d6b9b6a5c36ed92b6781ae0132cf361eeb27d32e9539581564663dccc29c	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.m68k	d980ea20258d480e3f0de0ec4db24a65ee3b90ee277df2098ddc201b674cf7c2	Mirai	censys elf mirai opendir ua-wget
http://45.135.194.43/bins/Tsun.sh4	1a212f5d854cd5a21239232901ff2f5783ebabc73906304644b486474de6a1b3	Mirai	censys elf mirai opendir ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68272ce9e16384d6a704f0d0linux22vpnfull_triage

Tags:

downloader agent overt

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68272c1ec609634bd7c5964c/reports/cce0fd5a-67e1-4c9c-af8d-13bf1c2c94c0/overview

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/792b7b0a3d8b79310b9171f8bf683af7ead6f4ff797fde625de2f92c21e64311

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/792b7b0a3d8b79310b9171f8bf683af7ead6f4ff797fde625de2f92c21e64311/

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-05-16 12:15:53 UTC

File Type:

Text (Shell)

AV detection:

23 of 37 (62.16%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pevxwcr5rn4tcc4roh4l62b267vnn5h7pf754ys54l4syipgimiq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250516-peeg5atqv9/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (596084) amount of remote hosts

Creates a large amount of network flows

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/792b7b0a3d8b/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.