MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6
SHA3-384 hash:	77c3e1b4f94725c3a6b30e8084a92f820954f4c832e6038f38bb1502e5cb9d96133b5d955b774ff619cbb4c5f55d9965
SHA1 hash:	b1052c0f89948c3ba77632a22352883c442c8052
MD5 hash:	c32c80fc9c5cf44875f6ae67dbcab5f0
humanhash:	tennis-video-hawaii-august
File name:	cat.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'680 bytes
First seen:	2025-08-02 12:19:02 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:ofmdtiwNaKU6bODOW/D2fwlJ1at1GkLBoARetr77ZZAR+LBjC7CBw5C0SSuANFyQ:ofqjFEDpbJ8cjtzZZZPCzV
TLSH	T1303141CD71E09153E541CE10F261554FB3AFAEC9A2B48E20E4C23C6AD45A952FC3DAA7
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://89.116.20.194:81/x86_64	e25cb6a0329ab4129928491c960a9b6c42f42cf3bb6d1b89485217dd6f7d705a	Mirai	elf mirai ua-wget
http://89.116.20.194:81/aarch64	148368c139656907c8f6b266d81bcdc3b3319441f9988e9ef0f6e3350e726e59	Mirai	elf mirai ua-wget
http://89.116.20.194:81/m68k	7530b99c41379554d302646138d991d40ad2ffff31bceaf04493745bb1cde170	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mips	83bd516969f81d470c869f68fee62897f9da0ec9a278e60d8a0c0b45461e5eaa	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mipsel	a270f9fb39eb9caa67daf5557ef8f9c39e8dccdef8a60f41d34aec9b0ee251b7	Mirai	elf mirai ua-wget
http://89.116.20.194:81/powerpc	14a6adf2607a29cfeaff0e65612e1bfd5220c15bfb90edb3058cb6f5b9f61a06	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sparc	3c4d721eeb1a3ef68e983bcf20db27d01ded9a90eb12cb4ef358b89b4a1cc2ab	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sh4	42c8c3d999658ef740caabf3dbb91d3a6af70514740a7d36600e3dd4e001da48	Mirai	elf mirai ua-wget
http://89.116.20.194:81/arc	6862040c524ed7a5c79b2c2e64f194537b5fa38ed18c8cecbb60bbb4c7eb8b76	Mirai	elf mirai ua-wget
http://89.116.20.194:81/i486	796b967b81a51130d6f47328b2219861690c752be963d1a51be01595737a4f6d	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv4l	5ad2f330adc43117af5dba048185f94ebae7f4a49c89c04cb7263ec048534fec	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv5l	4f586b94ffdd1276d511378c0d2806ee203190b22c39065f236df3194ef9a66d	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv6l	2af131ebd0b08f6ee4fa518e41d5a513e8b16301d4a9e54e5da46680242703a5	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv7l	6f7a57d7a8935f0bfa58c74e65b796c27dff7608d7253d06ea00719fd06f6694	Mirai	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/7c5f285b-ab89-4080-ac45-553dd21640f8

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6/

Verdict:

Malicious

Threat:

HEUR:Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6

Threat name:

Script.Trojan.Multiverze

Status:

Malicious

First seen:

2025-08-02 12:19:25 UTC

File Type:

Text (Shell)

AV detection:

13 of 38 (34.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qwugugent3ieacub7ccyl2d4bhwjfi2oxgopogsco272udkp3c3a._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion discovery linux persistence

Link:

https://tria.ge/reports/250802-phcspssls4/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Enumerates running processes

Modifies init.d

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.37

Link:

https://yomi.yoroi.company/submissions/85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 85a86a188d9ed0400a81f88585e87c09ec92a34eb99cf71a4276bfaa0d4fd8b6

(this sample)

Mirai

elf ec11c4f2b249edfede174b88463d3aab77e3e0b702cd21f476ba80b8f65ce971

URLhaus

https://urlhaus.abuse.ch/url/3586951/

Delivery method

Distributed via web download

Dropping

MD5 38c58d427bba3fcadeaefdec292ed868

Dropping

SHA256 ec11c4f2b249edfede174b88463d3aab77e3e0b702cd21f476ba80b8f65ce971

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample