MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc
SHA3-384 hash: b97c5e8e42ba0a5e12ee84bd29e9621ee689b48ef010a865644519281a5e097eb41deb03fff69625e5c845a8c47e400e
SHA1 hash: aceb623bcd080ca284b38561d6537d136f7fa2d7
MD5 hash: daef17eb08ab26530e932aac41676de2
humanhash: ten-stream-cardinal-foxtrot
File name:x.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'058 bytes
First seen:2025-07-01 06:46:40 UTC
Last seen:2025-07-02 03:17:03 UTC
File type: sh
MIME type:text/plain
ssdeep 24:PhOUQhUKYhUSNI7qhUqKHhUSAhUEhU07hU4tYhUNhU4qh5u:PhkJY+qHIIxt7u+4h5u
TLSH T1CE11EEEB24601A614C68ED1B7563C91D341DE5CFBE6B4F88788F4ABE4BC67053814B08
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
55
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6863848c0fceda814b478a59linux22vpnfull_triage
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/615f7bf4-3c3f-40c8-9c56-5a917e48c072
Behavior Graph:
Download SVG
%3 guuid=1d7de97a-1900-0000-7b45-516fdb0b0000 pid=3035 /usr/bin/sudo guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043 /tmp/sample.bin guuid=1d7de97a-1900-0000-7b45-516fdb0b0000 pid=3035->guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043 execve guuid=2095217f-1900-0000-7b45-516fe40b0000 pid=3044 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=2095217f-1900-0000-7b45-516fe40b0000 pid=3044 execve guuid=1077c87f-1900-0000-7b45-516fe60b0000 pid=3046 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=1077c87f-1900-0000-7b45-516fe60b0000 pid=3046 execve guuid=3f7a1380-1900-0000-7b45-516fe80b0000 pid=3048 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=3f7a1380-1900-0000-7b45-516fe80b0000 pid=3048 execve guuid=6fce5280-1900-0000-7b45-516fe90b0000 pid=3049 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=6fce5280-1900-0000-7b45-516fe90b0000 pid=3049 execve guuid=c6d59d80-1900-0000-7b45-516feb0b0000 pid=3051 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=c6d59d80-1900-0000-7b45-516feb0b0000 pid=3051 execve guuid=0fd6e980-1900-0000-7b45-516fed0b0000 pid=3053 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=0fd6e980-1900-0000-7b45-516fed0b0000 pid=3053 execve guuid=a83e3a81-1900-0000-7b45-516fef0b0000 pid=3055 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=a83e3a81-1900-0000-7b45-516fef0b0000 pid=3055 execve guuid=b6b98181-1900-0000-7b45-516ff00b0000 pid=3056 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=b6b98181-1900-0000-7b45-516ff00b0000 pid=3056 clone guuid=27109481-1900-0000-7b45-516ff20b0000 pid=3058 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=27109481-1900-0000-7b45-516ff20b0000 pid=3058 execve guuid=9a68ed81-1900-0000-7b45-516ff30b0000 pid=3059 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=9a68ed81-1900-0000-7b45-516ff30b0000 pid=3059 clone guuid=2614f781-1900-0000-7b45-516ff40b0000 pid=3060 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=2614f781-1900-0000-7b45-516ff40b0000 pid=3060 clone guuid=3d25ff81-1900-0000-7b45-516ff60b0000 pid=3062 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=3d25ff81-1900-0000-7b45-516ff60b0000 pid=3062 execve guuid=937a5582-1900-0000-7b45-516ff70b0000 pid=3063 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=937a5582-1900-0000-7b45-516ff70b0000 pid=3063 clone guuid=d9a55b82-1900-0000-7b45-516ff90b0000 pid=3065 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=d9a55b82-1900-0000-7b45-516ff90b0000 pid=3065 clone guuid=18376e82-1900-0000-7b45-516ffa0b0000 pid=3066 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=18376e82-1900-0000-7b45-516ffa0b0000 pid=3066 execve guuid=575ab682-1900-0000-7b45-516ffc0b0000 pid=3068 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=575ab682-1900-0000-7b45-516ffc0b0000 pid=3068 clone guuid=6e82bc82-1900-0000-7b45-516ffd0b0000 pid=3069 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=6e82bc82-1900-0000-7b45-516ffd0b0000 pid=3069 clone guuid=0a2dc282-1900-0000-7b45-516ffe0b0000 pid=3070 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=0a2dc282-1900-0000-7b45-516ffe0b0000 pid=3070 execve guuid=dc8b0e83-1900-0000-7b45-516f000c0000 pid=3072 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=dc8b0e83-1900-0000-7b45-516f000c0000 pid=3072 clone guuid=f4cc1483-1900-0000-7b45-516f010c0000 pid=3073 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=f4cc1483-1900-0000-7b45-516f010c0000 pid=3073 clone guuid=a6e91b83-1900-0000-7b45-516f020c0000 pid=3074 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=a6e91b83-1900-0000-7b45-516f020c0000 pid=3074 execve guuid=9e4b6083-1900-0000-7b45-516f030c0000 pid=3075 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=9e4b6083-1900-0000-7b45-516f030c0000 pid=3075 clone guuid=a7336f83-1900-0000-7b45-516f040c0000 pid=3076 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=a7336f83-1900-0000-7b45-516f040c0000 pid=3076 clone guuid=017f8783-1900-0000-7b45-516f050c0000 pid=3077 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=017f8783-1900-0000-7b45-516f050c0000 pid=3077 execve guuid=bddecf83-1900-0000-7b45-516f070c0000 pid=3079 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=bddecf83-1900-0000-7b45-516f070c0000 pid=3079 clone guuid=2033d783-1900-0000-7b45-516f080c0000 pid=3080 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=2033d783-1900-0000-7b45-516f080c0000 pid=3080 clone guuid=bc1bdf83-1900-0000-7b45-516f090c0000 pid=3081 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=bc1bdf83-1900-0000-7b45-516f090c0000 pid=3081 execve guuid=118a2484-1900-0000-7b45-516f0b0c0000 pid=3083 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=118a2484-1900-0000-7b45-516f0b0c0000 pid=3083 clone guuid=53cd2b84-1900-0000-7b45-516f0c0c0000 pid=3084 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=53cd2b84-1900-0000-7b45-516f0c0c0000 pid=3084 clone guuid=1e7e3384-1900-0000-7b45-516f0d0c0000 pid=3085 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=1e7e3384-1900-0000-7b45-516f0d0c0000 pid=3085 execve guuid=bb468684-1900-0000-7b45-516f0f0c0000 pid=3087 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=bb468684-1900-0000-7b45-516f0f0c0000 pid=3087 clone guuid=76a88f84-1900-0000-7b45-516f100c0000 pid=3088 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=76a88f84-1900-0000-7b45-516f100c0000 pid=3088 clone guuid=46899884-1900-0000-7b45-516f110c0000 pid=3089 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=46899884-1900-0000-7b45-516f110c0000 pid=3089 execve guuid=6d96df84-1900-0000-7b45-516f130c0000 pid=3091 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=6d96df84-1900-0000-7b45-516f130c0000 pid=3091 clone guuid=54c7f184-1900-0000-7b45-516f140c0000 pid=3092 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=54c7f184-1900-0000-7b45-516f140c0000 pid=3092 clone guuid=c34cfa84-1900-0000-7b45-516f150c0000 pid=3093 /usr/bin/chmod guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=c34cfa84-1900-0000-7b45-516f150c0000 pid=3093 execve guuid=aee04385-1900-0000-7b45-516f160c0000 pid=3094 /usr/bin/dash guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=aee04385-1900-0000-7b45-516f160c0000 pid=3094 clone guuid=71a64f85-1900-0000-7b45-516f180c0000 pid=3096 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=71a64f85-1900-0000-7b45-516f180c0000 pid=3096 execve guuid=2e0f9485-1900-0000-7b45-516f190c0000 pid=3097 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=2e0f9485-1900-0000-7b45-516f190c0000 pid=3097 execve guuid=6129d785-1900-0000-7b45-516f1b0c0000 pid=3099 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=6129d785-1900-0000-7b45-516f1b0c0000 pid=3099 execve guuid=36a52186-1900-0000-7b45-516f1d0c0000 pid=3101 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=36a52186-1900-0000-7b45-516f1d0c0000 pid=3101 execve guuid=48707c86-1900-0000-7b45-516f1f0c0000 pid=3103 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=48707c86-1900-0000-7b45-516f1f0c0000 pid=3103 execve guuid=13b8c186-1900-0000-7b45-516f200c0000 pid=3104 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=13b8c186-1900-0000-7b45-516f200c0000 pid=3104 execve guuid=10df0487-1900-0000-7b45-516f220c0000 pid=3106 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=10df0487-1900-0000-7b45-516f220c0000 pid=3106 execve guuid=ebc70688-1900-0000-7b45-516f260c0000 pid=3110 /usr/bin/rm guuid=1f40987e-1900-0000-7b45-516fe30b0000 pid=3043->guuid=ebc70688-1900-0000-7b45-516f260c0000 pid=3110 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-07-01 06:34:45 UTC
File Type:
Text (Shell)
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qqjwlfczjytyyersnd5z5gpztcmi62tyvyvwfqsgad2ie5kg6g6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250701-hkcr6a1xdt/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 84136594594e278c123268fb9e99f998988f6a78ae2b62c24600f4827546f1bc

(this sample)

Mirai

elf 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

  
URLhaus
https://urlhaus.abuse.ch/url/3572380/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d835a1fc048ab94138f0c59cfce85682
  
Dropping
SHA256 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

Comments