MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e
SHA3-384 hash: 29706d36730358411b34ceae01ab16ad9eccda3f7095c541b6ff1601d5d2e1b7b72b63e68ae02e9f1caee6c0146c0208
SHA1 hash: 3a4e197c50598a8252c46e92b9e81703e359efcc
MD5 hash: e37813e57866f5bdbcd20758a479be4b
humanhash: fruit-video-rugby-solar
File name:wa
Download: download sample
Signature Mirai
Create hunting rule
File size:964 bytes
First seen:2025-07-01 06:46:36 UTC
Last seen:2025-07-01 20:43:12 UTC
File type: sh
MIME type:text/plain
ssdeep 24:zWApUKUKSUSNI7wUqKzUS6U+U0XU4tSUVU4jgu:zWAvLcZFgu
TLSH T1C211BCDF546069A54968DE2F7172D20CB02C89CEA95B9F8C9A4F58BE4FD3A183114B88
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6863865337c3436779482741
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2dfe0f7a-00a1-446a-97e8-1d0d1836a8cb
Behavior Graph:
Download SVG
%3 guuid=39d44e3d-1900-0000-c87d-0d5a170b0000 pid=2839 /usr/bin/sudo guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842 /tmp/sample.bin guuid=39d44e3d-1900-0000-c87d-0d5a170b0000 pid=2839->guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842 execve guuid=cb6a6d3f-1900-0000-c87d-0d5a1c0b0000 pid=2844 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=cb6a6d3f-1900-0000-c87d-0d5a1c0b0000 pid=2844 execve guuid=102fed3f-1900-0000-c87d-0d5a1e0b0000 pid=2846 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=102fed3f-1900-0000-c87d-0d5a1e0b0000 pid=2846 execve guuid=053b2240-1900-0000-c87d-0d5a200b0000 pid=2848 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=053b2240-1900-0000-c87d-0d5a200b0000 pid=2848 execve guuid=490c5c40-1900-0000-c87d-0d5a210b0000 pid=2849 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=490c5c40-1900-0000-c87d-0d5a210b0000 pid=2849 execve guuid=97a78d40-1900-0000-c87d-0d5a230b0000 pid=2851 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=97a78d40-1900-0000-c87d-0d5a230b0000 pid=2851 execve guuid=ff63c740-1900-0000-c87d-0d5a240b0000 pid=2852 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=ff63c740-1900-0000-c87d-0d5a240b0000 pid=2852 execve guuid=036d0541-1900-0000-c87d-0d5a260b0000 pid=2854 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=036d0541-1900-0000-c87d-0d5a260b0000 pid=2854 execve guuid=1a920647-1900-0000-c87d-0d5a380b0000 pid=2872 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=1a920647-1900-0000-c87d-0d5a380b0000 pid=2872 execve guuid=3a073f47-1900-0000-c87d-0d5a390b0000 pid=2873 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=3a073f47-1900-0000-c87d-0d5a390b0000 pid=2873 clone guuid=203eda48-1900-0000-c87d-0d5a3e0b0000 pid=2878 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=203eda48-1900-0000-c87d-0d5a3e0b0000 pid=2878 execve guuid=be81ee4e-1900-0000-c87d-0d5a4d0b0000 pid=2893 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=be81ee4e-1900-0000-c87d-0d5a4d0b0000 pid=2893 execve guuid=ff75424f-1900-0000-c87d-0d5a4f0b0000 pid=2895 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=ff75424f-1900-0000-c87d-0d5a4f0b0000 pid=2895 clone guuid=08c4f04f-1900-0000-c87d-0d5a530b0000 pid=2899 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=08c4f04f-1900-0000-c87d-0d5a530b0000 pid=2899 execve guuid=70dde255-1900-0000-c87d-0d5a630b0000 pid=2915 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=70dde255-1900-0000-c87d-0d5a630b0000 pid=2915 execve guuid=de2e3456-1900-0000-c87d-0d5a640b0000 pid=2916 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=de2e3456-1900-0000-c87d-0d5a640b0000 pid=2916 clone guuid=4917cc56-1900-0000-c87d-0d5a670b0000 pid=2919 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=4917cc56-1900-0000-c87d-0d5a670b0000 pid=2919 execve guuid=8be7c55c-1900-0000-c87d-0d5a740b0000 pid=2932 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=8be7c55c-1900-0000-c87d-0d5a740b0000 pid=2932 execve guuid=92cb025d-1900-0000-c87d-0d5a750b0000 pid=2933 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=92cb025d-1900-0000-c87d-0d5a750b0000 pid=2933 clone guuid=1c08915d-1900-0000-c87d-0d5a780b0000 pid=2936 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=1c08915d-1900-0000-c87d-0d5a780b0000 pid=2936 execve guuid=6092a563-1900-0000-c87d-0d5a7f0b0000 pid=2943 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=6092a563-1900-0000-c87d-0d5a7f0b0000 pid=2943 execve guuid=3d18e463-1900-0000-c87d-0d5a810b0000 pid=2945 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=3d18e463-1900-0000-c87d-0d5a810b0000 pid=2945 clone guuid=24b25a66-1900-0000-c87d-0d5a870b0000 pid=2951 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=24b25a66-1900-0000-c87d-0d5a870b0000 pid=2951 execve guuid=a740c96c-1900-0000-c87d-0d5a960b0000 pid=2966 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=a740c96c-1900-0000-c87d-0d5a960b0000 pid=2966 execve guuid=42ef096d-1900-0000-c87d-0d5a970b0000 pid=2967 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=42ef096d-1900-0000-c87d-0d5a970b0000 pid=2967 clone guuid=035fcb6d-1900-0000-c87d-0d5a9a0b0000 pid=2970 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=035fcb6d-1900-0000-c87d-0d5a9a0b0000 pid=2970 execve guuid=55abcd73-1900-0000-c87d-0d5aa90b0000 pid=2985 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=55abcd73-1900-0000-c87d-0d5aa90b0000 pid=2985 execve guuid=37200c74-1900-0000-c87d-0d5aaa0b0000 pid=2986 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=37200c74-1900-0000-c87d-0d5aaa0b0000 pid=2986 clone guuid=01178175-1900-0000-c87d-0d5aaf0b0000 pid=2991 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=01178175-1900-0000-c87d-0d5aaf0b0000 pid=2991 execve guuid=817b857b-1900-0000-c87d-0d5aba0b0000 pid=3002 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=817b857b-1900-0000-c87d-0d5aba0b0000 pid=3002 execve guuid=b9a5d27b-1900-0000-c87d-0d5abb0b0000 pid=3003 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=b9a5d27b-1900-0000-c87d-0d5abb0b0000 pid=3003 clone guuid=b7d2c57c-1900-0000-c87d-0d5abf0b0000 pid=3007 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=b7d2c57c-1900-0000-c87d-0d5abf0b0000 pid=3007 execve guuid=41c90c83-1900-0000-c87d-0d5acf0b0000 pid=3023 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=41c90c83-1900-0000-c87d-0d5acf0b0000 pid=3023 execve guuid=2da97283-1900-0000-c87d-0d5ad10b0000 pid=3025 /usr/bin/dash guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=2da97283-1900-0000-c87d-0d5ad10b0000 pid=3025 clone guuid=ca7e2b84-1900-0000-c87d-0d5ad40b0000 pid=3028 /usr/bin/busybox net send-data write-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=ca7e2b84-1900-0000-c87d-0d5ad40b0000 pid=3028 execve guuid=694e9a8a-1900-0000-c87d-0d5ae20b0000 pid=3042 /usr/bin/chmod guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=694e9a8a-1900-0000-c87d-0d5ae20b0000 pid=3042 execve guuid=189b028b-1900-0000-c87d-0d5ae30b0000 pid=3043 /home/sandbox/x86_64 net guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=189b028b-1900-0000-c87d-0d5ae30b0000 pid=3043 execve guuid=f1bd4d8b-1900-0000-c87d-0d5ae80b0000 pid=3048 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=f1bd4d8b-1900-0000-c87d-0d5ae80b0000 pid=3048 execve guuid=7e00d18c-1900-0000-c87d-0d5aee0b0000 pid=3054 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=7e00d18c-1900-0000-c87d-0d5aee0b0000 pid=3054 execve guuid=2ca99a8d-1900-0000-c87d-0d5af00b0000 pid=3056 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=2ca99a8d-1900-0000-c87d-0d5af00b0000 pid=3056 execve guuid=6fa8198e-1900-0000-c87d-0d5af20b0000 pid=3058 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=6fa8198e-1900-0000-c87d-0d5af20b0000 pid=3058 execve guuid=e8e5c28e-1900-0000-c87d-0d5af40b0000 pid=3060 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=e8e5c28e-1900-0000-c87d-0d5af40b0000 pid=3060 execve guuid=19ee028f-1900-0000-c87d-0d5af50b0000 pid=3061 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=19ee028f-1900-0000-c87d-0d5af50b0000 pid=3061 execve guuid=41bd8d8f-1900-0000-c87d-0d5af60b0000 pid=3062 /usr/bin/rm delete-file guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=41bd8d8f-1900-0000-c87d-0d5af60b0000 pid=3062 execve guuid=adcfcc8f-1900-0000-c87d-0d5af70b0000 pid=3063 /usr/bin/rm guuid=1d10173f-1900-0000-c87d-0d5a1a0b0000 pid=2842->guuid=adcfcc8f-1900-0000-c87d-0d5af70b0000 pid=3063 execve d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=036d0541-1900-0000-c87d-0d5a260b0000 pid=2854->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 81B guuid=203eda48-1900-0000-c87d-0d5a3e0b0000 pid=2878->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 82B guuid=08c4f04f-1900-0000-c87d-0d5a530b0000 pid=2899->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 82B guuid=4917cc56-1900-0000-c87d-0d5a670b0000 pid=2919->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 82B guuid=1c08915d-1900-0000-c87d-0d5a780b0000 pid=2936->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 82B guuid=24b25a66-1900-0000-c87d-0d5a870b0000 pid=2951->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 84B guuid=035fcb6d-1900-0000-c87d-0d5a9a0b0000 pid=2970->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 85B guuid=01178175-1900-0000-c87d-0d5aaf0b0000 pid=2991->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 81B guuid=b7d2c57c-1900-0000-c87d-0d5abf0b0000 pid=3007->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 83B guuid=ca7e2b84-1900-0000-c87d-0d5ad40b0000 pid=3028->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 84B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=189b028b-1900-0000-c87d-0d5ae30b0000 pid=3043->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045 /home/sandbox/x86_64 dns net send-data zombie guuid=189b028b-1900-0000-c87d-0d5ae30b0000 pid=3043->guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045 clone guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 319B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045->41eddc72-81b4-5704-b6ae-07075042401d send: 2B guuid=a2cf448b-1900-0000-c87d-0d5ae60b0000 pid=3046 /home/sandbox/x86_64 guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045->guuid=a2cf448b-1900-0000-c87d-0d5ae60b0000 pid=3046 clone guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047 /home/sandbox/x86_64 net net-scan send-data guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045->guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047 clone guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049 /home/sandbox/x86_64 net net-scan send-data guuid=238b318b-1900-0000-c87d-0d5ae50b0000 pid=3045->guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049 clone guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047|send-data send-data to 4097 IP addresses review logs to see them all guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047->guuid=bf80498b-1900-0000-c87d-0d5ae70b0000 pid=3047|send-data send guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 3443c79c-8d77-55cc-86d3-5903858dd33b 38.249.126.76:23 guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049->3443c79c-8d77-55cc-86d3-5903858dd33b send: 40B guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049|send-data send-data to 4097 IP addresses review logs to see them all guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049->guuid=9ee34e8b-1900-0000-c87d-0d5ae90b0000 pid=3049|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-01 06:34:39 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4qvcryxb75ahaprt6yfc6mrbdpixsre6srmvgqtolgyfbkwlvxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250701-hlecdasqt8/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 87215147170ffa0381f19fb051799108de8bca24f4a2ca9a1372cd8285565d6e

(this sample)

Mirai

elf 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

  
URLhaus
https://urlhaus.abuse.ch/url/3572373/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d835a1fc048ab94138f0c59cfce85682
  
Dropping
SHA256 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

Comments