MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1
SHA3-384 hash: 96b3b8228af4d382ea5dbb55bfaff3bc114e3002762d99824a2abdfa93922fe212d51f83af391578783978238fe7ff70
SHA1 hash: db04f64508de435c88f394ef65ae9f430cbd7b35
MD5 hash: 4ca5991458603938ca46a53d0fbc4bbb
humanhash: nineteen-table-michigan-spring
File name:bins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:331 bytes
First seen:2026-02-17 00:59:24 UTC
Last seen:2026-02-17 07:53:56 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hdc4UJ0OXOZYzBqlQXZRlzTjafaqUZtL57bNwb:XyOZYzYlE/jaC3THGb
TLSH T1BBE07264105631963E430E50762BBBC231806C45AA10062EE3B8BE234CBCF017B0E831
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Mirai-82.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-2.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
dakkatoni
Link:
https://www.filescan.io/uploads/6993bdac930564ff3ca4aacc/reports/455d360a-57bd-40c2-ba4a-a404abd4cc05/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Mirai.a Trojan-Downloader.Shell.Agent.bi
Link:
https://opentip.kaspersky.com/7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0421e8e3-b102-4aa4-aa87-2a3795586482
Behavior Graph:
Download SVG
%3 guuid=556e61f7-1900-0000-81f1-c239cc0c0000 pid=3276 /usr/bin/sudo guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284 /tmp/sample.bin guuid=556e61f7-1900-0000-81f1-c239cc0c0000 pid=3276->guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284 execve guuid=5fd7d5f9-1900-0000-81f1-c239d50c0000 pid=3285 /usr/bin/wget net send-data guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=5fd7d5f9-1900-0000-81f1-c239d50c0000 pid=3285 execve guuid=66c4e200-1a00-0000-81f1-c239e40c0000 pid=3300 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=66c4e200-1a00-0000-81f1-c239e40c0000 pid=3300 execve guuid=77e92201-1a00-0000-81f1-c239e60c0000 pid=3302 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=77e92201-1a00-0000-81f1-c239e60c0000 pid=3302 clone guuid=ffbfc301-1a00-0000-81f1-c239ea0c0000 pid=3306 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=ffbfc301-1a00-0000-81f1-c239ea0c0000 pid=3306 execve guuid=20b9bf0d-1a00-0000-81f1-c239010d0000 pid=3329 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=20b9bf0d-1a00-0000-81f1-c239010d0000 pid=3329 execve guuid=0255210e-1a00-0000-81f1-c239020d0000 pid=3330 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=0255210e-1a00-0000-81f1-c239020d0000 pid=3330 clone guuid=745f140f-1a00-0000-81f1-c239040d0000 pid=3332 /usr/bin/wget net send-data guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=745f140f-1a00-0000-81f1-c239040d0000 pid=3332 execve guuid=4350fa16-1a00-0000-81f1-c2390d0d0000 pid=3341 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=4350fa16-1a00-0000-81f1-c2390d0d0000 pid=3341 execve guuid=31bd4117-1a00-0000-81f1-c2390f0d0000 pid=3343 /home/sandbox/dvrHelper guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=31bd4117-1a00-0000-81f1-c2390f0d0000 pid=3343 execve guuid=8a0bb718-1a00-0000-81f1-c239140d0000 pid=3348 /usr/bin/wget net send-data guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=8a0bb718-1a00-0000-81f1-c239140d0000 pid=3348 execve guuid=84b77c1e-1a00-0000-81f1-c239240d0000 pid=3364 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=84b77c1e-1a00-0000-81f1-c239240d0000 pid=3364 execve guuid=460ed51e-1a00-0000-81f1-c239260d0000 pid=3366 /home/sandbox/dvrHelper guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=460ed51e-1a00-0000-81f1-c239260d0000 pid=3366 execve guuid=8954a420-1a00-0000-81f1-c2392c0d0000 pid=3372 /usr/bin/wget net send-data guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=8954a420-1a00-0000-81f1-c2392c0d0000 pid=3372 execve guuid=39dcaf26-1a00-0000-81f1-c239390d0000 pid=3385 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=39dcaf26-1a00-0000-81f1-c239390d0000 pid=3385 execve guuid=1d08fb26-1a00-0000-81f1-c2393b0d0000 pid=3387 /home/sandbox/dvrHelper guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=1d08fb26-1a00-0000-81f1-c2393b0d0000 pid=3387 execve guuid=9f4bd727-1a00-0000-81f1-c2393e0d0000 pid=3390 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=9f4bd727-1a00-0000-81f1-c2393e0d0000 pid=3390 execve guuid=402e2c32-1a00-0000-81f1-c239540d0000 pid=3412 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=402e2c32-1a00-0000-81f1-c239540d0000 pid=3412 execve guuid=7fb49932-1a00-0000-81f1-c239550d0000 pid=3413 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=7fb49932-1a00-0000-81f1-c239550d0000 pid=3413 clone guuid=b3dbd533-1a00-0000-81f1-c2395a0d0000 pid=3418 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=b3dbd533-1a00-0000-81f1-c2395a0d0000 pid=3418 execve guuid=1b1c3846-1a00-0000-81f1-c2397b0d0000 pid=3451 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=1b1c3846-1a00-0000-81f1-c2397b0d0000 pid=3451 execve guuid=fae17a46-1a00-0000-81f1-c2397d0d0000 pid=3453 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=fae17a46-1a00-0000-81f1-c2397d0d0000 pid=3453 clone guuid=e6be4f48-1a00-0000-81f1-c239830d0000 pid=3459 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=e6be4f48-1a00-0000-81f1-c239830d0000 pid=3459 execve guuid=a3760858-1a00-0000-81f1-c239ab0d0000 pid=3499 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=a3760858-1a00-0000-81f1-c239ab0d0000 pid=3499 execve guuid=26c67e58-1a00-0000-81f1-c239ad0d0000 pid=3501 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=26c67e58-1a00-0000-81f1-c239ad0d0000 pid=3501 clone guuid=8129e859-1a00-0000-81f1-c239b20d0000 pid=3506 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=8129e859-1a00-0000-81f1-c239b20d0000 pid=3506 execve guuid=96075f64-1a00-0000-81f1-c239c30d0000 pid=3523 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=96075f64-1a00-0000-81f1-c239c30d0000 pid=3523 execve guuid=ac441e65-1a00-0000-81f1-c239c40d0000 pid=3524 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=ac441e65-1a00-0000-81f1-c239c40d0000 pid=3524 clone guuid=9f0d7866-1a00-0000-81f1-c239c70d0000 pid=3527 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=9f0d7866-1a00-0000-81f1-c239c70d0000 pid=3527 execve guuid=59e9c27c-1a00-0000-81f1-c239e90d0000 pid=3561 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=59e9c27c-1a00-0000-81f1-c239e90d0000 pid=3561 execve guuid=f2cf767d-1a00-0000-81f1-c239ea0d0000 pid=3562 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=f2cf767d-1a00-0000-81f1-c239ea0d0000 pid=3562 clone guuid=131aa97f-1a00-0000-81f1-c239ec0d0000 pid=3564 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=131aa97f-1a00-0000-81f1-c239ec0d0000 pid=3564 execve guuid=a9920a91-1a00-0000-81f1-c239fa0d0000 pid=3578 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=a9920a91-1a00-0000-81f1-c239fa0d0000 pid=3578 execve guuid=6ef16891-1a00-0000-81f1-c239fc0d0000 pid=3580 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=6ef16891-1a00-0000-81f1-c239fc0d0000 pid=3580 clone guuid=96e83f92-1a00-0000-81f1-c239ff0d0000 pid=3583 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=96e83f92-1a00-0000-81f1-c239ff0d0000 pid=3583 execve guuid=c53232a1-1a00-0000-81f1-c2391c0e0000 pid=3612 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=c53232a1-1a00-0000-81f1-c2391c0e0000 pid=3612 execve guuid=9780c2a1-1a00-0000-81f1-c2391d0e0000 pid=3613 /home/sandbox/dvrHelper delete-file net guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=9780c2a1-1a00-0000-81f1-c2391d0e0000 pid=3613 execve guuid=ca6e2ca2-1a00-0000-81f1-c2391f0e0000 pid=3615 /usr/bin/wget net send-data write-file guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=ca6e2ca2-1a00-0000-81f1-c2391f0e0000 pid=3615 execve guuid=08ee3cb4-1a00-0000-81f1-c2394a0e0000 pid=3658 /usr/bin/chmod guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=08ee3cb4-1a00-0000-81f1-c2394a0e0000 pid=3658 execve guuid=424298b4-1a00-0000-81f1-c2394c0e0000 pid=3660 /usr/bin/dash guuid=8bec9ff9-1900-0000-81f1-c239d40c0000 pid=3284->guuid=424298b4-1a00-0000-81f1-c2394c0e0000 pid=3660 clone a152abba-96c5-5974-a7ad-610726e5b1d4 185.177.57.81:80 guuid=5fd7d5f9-1900-0000-81f1-c239d50c0000 pid=3285->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 144B guuid=ffbfc301-1a00-0000-81f1-c239ea0c0000 pid=3306->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 144B guuid=745f140f-1a00-0000-81f1-c239040d0000 pid=3332->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 144B guuid=8a0bb718-1a00-0000-81f1-c239140d0000 pid=3348->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 143B guuid=8954a420-1a00-0000-81f1-c2392c0d0000 pid=3372->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 143B guuid=9f4bd727-1a00-0000-81f1-c2393e0d0000 pid=3390->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 143B guuid=b3dbd533-1a00-0000-81f1-c2395a0d0000 pid=3418->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 143B guuid=e6be4f48-1a00-0000-81f1-c239830d0000 pid=3459->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 143B guuid=8129e859-1a00-0000-81f1-c239b20d0000 pid=3506->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 142B guuid=9f0d7866-1a00-0000-81f1-c239c70d0000 pid=3527->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 142B guuid=131aa97f-1a00-0000-81f1-c239ec0d0000 pid=3564->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 142B guuid=96e83f92-1a00-0000-81f1-c239ff0d0000 pid=3583->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 142B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9780c2a1-1a00-0000-81f1-c2391d0e0000 pid=3613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614 /home/sandbox/dvrHelper dns net send-data zombie guuid=9780c2a1-1a00-0000-81f1-c2391d0e0000 pid=3613->guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614 clone guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 66B 643d0f5f-b17d-56ca-8b5d-be3f75c056e2 xestika.govt.hu:23 guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614->643d0f5f-b17d-56ca-8b5d-be3f75c056e2 send: 14B guuid=78e331a2-1a00-0000-81f1-c239200e0000 pid=3616 /home/sandbox/dvrHelper guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614->guuid=78e331a2-1a00-0000-81f1-c239200e0000 pid=3616 clone guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617 /home/sandbox/dvrHelper net net-scan send-data guuid=994015a2-1a00-0000-81f1-c2391e0e0000 pid=3614->guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617 clone guuid=ca6e2ca2-1a00-0000-81f1-c2391f0e0000 pid=3615->a152abba-96c5-5974-a7ad-610726e5b1d4 send: 148B guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con c4b3cd1d-89b3-5cb7-ba05-186b7dd7febb 147.127.199.143:23 guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617->c4b3cd1d-89b3-5cb7-ba05-186b7dd7febb send: 40B c34fdec0-d342-5911-adc8-d813ee7f060c 122.221.156.178:23 guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617->c34fdec0-d342-5911-adc8-d813ee7f060c send: 40B 1ddf9244-ae2d-5172-b557-701a11a52a8a 83.182.93.202:23 guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617->1ddf9244-ae2d-5172-b557-701a11a52a8a send: 40B guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617|send-data send-data to 4097 IP addresses review logs to see them all guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617->guuid=0f7e3da2-1a00-0000-81f1-c239210e0000 pid=3617|send-data send
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1
Threat name:
Linux.Trojan.Dakkatoni
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 01:00:52 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pislvewqcrcgu7duz2ty5efqc6dxpd2ys57pdnunwfybgjj6k7aq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260217-bcv57sbz2f/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (23046) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
xestika.govt.hu
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7a24ba92d014446a7c74cea78e90b01787778f58977ef1b68db17013253e57c1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3776974/
  
Delivery method
Distributed via web download

Comments