MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16
SHA3-384 hash: 7015817b14ddc94b88a820ccd92d176b323a22a57db99a8a0a5b064230c762fa53a60593dd97f0d189ffcc7fe28e16af
SHA1 hash: fcb686bd6daa7f0a95a070ee771f3f3173df6847
MD5 hash: af79d7b3908c0a9aed2844b3ef392640
humanhash: speaker-emma-princess-uniform
File name:8UsA.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'770 bytes
First seen:2025-11-28 17:46:43 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:v+8Qti9EtK+SftQlYtCQtEnNtGetkAtuvtyllko:v+5i9kK1FqICAuHG6kQu10T
TLSH T18831B7D802210B752DE6A9AFF9F64814F0FC50563DD63F8898DD3DE9884FE0438806EA
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.45.194.50/main_x865fcfbed3455f191f5efcfd38de449ab0636fc5d4a4925a67f96e3b6bf1bacaa2 Miraielf mirai ua-wget
http://185.45.194.50/main_mips9cf69c13f73d8c950d2609b512829c8fdb2d71e5bfb83fe6df946cd0e73b0791 Miraielf mirai ua-wget
http://185.45.194.50/main_mpsld9658fba5e91d305fbc8bda1775f33a0c1a647fac7edddf0c5c335b7576de15e Miraielf mirai ua-wget
http://185.45.194.50/main_x86_64bb80d618d7831ecd42d4b4caa1dac3cc22060f627ad217f7489073546ccb6c86 Miraielf mirai ua-wget
http://185.45.194.50/main_arm5db42beb5bf35e1beceabab450234d7745ea108e45061b7edd7b30aa54bbbc144 Miraielf mirai ua-wget
http://185.45.194.50/main_arm646797b147888fe2866543cf6c5dd55811d0968e5b6e461a8e4639ec33c9f2eab Miraielf mirai ua-wget
http://185.45.194.50/main_arm77b94233a8c78d60f40d38c859314c08c81cd8f608d7e0dbee76a737c2c8e67ff Miraielf mirai ua-wget
http://185.45.194.50/main_ppcb3cd6e4271cc6173c1e84d05f967bea81c276e71e2743101f678a06c850dfbd3 Miraielf mirai ua-wget
http://185.45.194.50/main_m68kc27873020ddc3843b58281de4e6687c0d8402045c10d6f093749015c2d222517 Miraielf mirai ua-wget
http://185.45.194.50/main_sh45bfc9504332b2498533de09e72c74f30f5b5272ec3c929e6e0688e3e9f439605 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6929e036d0d5e7288b4fa174/reports/5078817c-5f7c-4de9-b911-0643202aa395/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-28T15:51:00Z UTC
Last seen:
2025-11-28T16:29:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-11-28 17:16:50 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q5w5szuah6yiwgy6x7mxum4ptmxg6265kxy6ydfcakcs7wemv4la._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/251128-wc1e5sgp5w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 876dd966803fb08b1b1ebfd97a338f9b2e6f6bdd55f1ec0ca202852fd88caf16

(this sample)

Mirai

elf 5fcfbed3455f191f5efcfd38de449ab0636fc5d4a4925a67f96e3b6bf1bacaa2

  
URLhaus
https://urlhaus.abuse.ch/url/3718693/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3718697/
  
URLhaus
https://urlhaus.abuse.ch/url/3718698/
  
URLhaus
https://urlhaus.abuse.ch/url/3718701/
  
URLhaus
https://urlhaus.abuse.ch/url/3718702/
  
Dropping
MD5 8e300f65b6f8482ef950355ff74fe873
  
Dropping
SHA256 5fcfbed3455f191f5efcfd38de449ab0636fc5d4a4925a67f96e3b6bf1bacaa2

Comments