MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713
SHA3-384 hash: 064f0d95a5de199599962d3a445a721885bf695095f1c0cd3faeee2dc21b67168978549e66e61ae2bbe31880485e412d
SHA1 hash: 86fcd559ad75861e32e49a7eee24170a274dd9e0
MD5 hash: 87d13b259dc20dd2cf943d874078e354
humanhash: hydrogen-solar-alabama-cup
File name:jaws.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'348 bytes
First seen:2026-02-07 12:43:00 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:eyOca6a0ayassia2aSaCaqDRayfyRw2uezsi/ocEIDRXZH5HBZsiZJpzDRZ+:H
TLSH T1B1D1C74BD0912275AD644E67A2D734867090D0EE8AC64FCB37FC75B4D18CEC87E91AD2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://78.142.228.144/binary/binary.arm1aa13646c6dac09a980aac3ed93ea01d215ebc5b39d7f5f135753581f0e5aa81 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.arm5bfbc09ff6ca9160475925c3b9844a506da377fb77e4ead5cdb09db15fa8ba979 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.arm65b2d1c29b8ed43cfcb986d567ac88d92b864069000e4e52fcba270bc52970c5b Miraiarm elf geofenced mirai ua-wget USA
http://78.142.228.144/binary/binary.arm7381601ab25b196fbaca0c28a9d4270a498b7b469d33af9d4f0572e1dda79aa04 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.m68kec73eec47a94cbb303241d74edc43112aefc83a9bb5d848c9fb442fc7d0142d1 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.mipsf06a167c8a02b1285d27f25dc4c090167b78ef193258959d35f231cbe69793ed Miraielf geofenced mips mirai ua-wget USA
http://78.142.228.144/binary/binary.mpslf2461f98dc9b4eed39caf7a48d61e42dc9b3cc72d7a8447626e6734f71083e5f Miraielf geofenced mips mirai ua-wget USA
http://78.142.228.144/binary/binary.ppcfa2d1182491111a335c1266b596054eaae4eb5b64d6b9521923bdf5580e1a435 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.sh49894db10c187d9a5f8f7891922e8b8e1bc70290077263c74139f3bff620fd533 Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.spc7647b276e6a8cdf684f1bc8f55cb1fafcd017f8822d87dd6a7041de41c8e409c Miraielf mirai ua-wget
http://78.142.228.144/binary/binary.x8636638edf2609401f1c62191b689f7fb99fbc56c0dc9ebc642f09210a99e36d7a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-02-07 12:29:10 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qw2cqagralegepvk2iosb2a6ipa53xsglxnb2h6bfgtk5nynm4jq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260207-px2qdaey5e/
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/85b42800d102/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 85b42800d102c8623eaad21d20e81e43c1ddde465dda1d1fc129a6aeb70d6713

(this sample)

Mirai

elf 1aa13646c6dac09a980aac3ed93ea01d215ebc5b39d7f5f135753581f0e5aa81

  
URLhaus
https://urlhaus.abuse.ch/url/3773727/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ec31b531eba94a15d8b331f8db18fbd2
  
Dropping
SHA256 1aa13646c6dac09a980aac3ed93ea01d215ebc5b39d7f5f135753581f0e5aa81

Comments