MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1
SHA3-384 hash: 567beb11e43ee186d4bd448b1713558e03a6b7bc7a1a5177da419bff5fb24e5e3940c3e02f6d1b263e8a48eb8216d8e6
SHA1 hash: b03a176a8131e5c55bf1d74608bd2a28ec8300ac
MD5 hash: 3e82ce1bb4fcdcd7f98078e08282ed48
humanhash: charlie-sink-fruit-coffee
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:931 bytes
First seen:2025-11-21 22:14:47 UTC
Last seen:2025-11-22 15:45:37 UTC
File type: sh
MIME type:text/plain
ssdeep 12:k4yXa4y2YEv4y3NIl5B4yc0LKmk4ym+ObD4yjjMN4y9T5k4yCSON4yLty4yEN4yS:cYEfNI7JKU+Kj4T9lxtpzMR
TLSH T10F110ACE226562229480CE74706584B89178EED072688F5EBDCC0CB395D9A29722AF6C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.147.189/systemcl/armbe58a44667b375703a76ad0c6ddca15d16aee9717d125919f20dce30763cc00e Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/arm558979f8f088f4a7ccb290972f63908b9f2aed2745965edec68713c3cd48288dd Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm6cda60790407bccd1f7e11f6b1ec2f299a5348392a1abfdfddaeae28e42bd284f Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm77dd8c3fe8594bd26a06d0df7438b4c06356b02767c5f246bcca9380549452261 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/m68kee69d2f047fb8bd98d96d1ff4fb41f5dbea8aa91d81b60819542c8de7eb80a62 Miraielf geofenced m68k mirai ua-wget USA
http://31.97.147.189/systemcl/mipsb38cac7dcd0b2f68f15499113658d15987de22ba225cea00a14e95a885adec75 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/mpsl6bcd18e09bdddc9823c1ebc6090640ed723eddb8d214958ee99d607da2e6d86b Miraielf geofenced mips mirai ua-wget USA
http://31.97.147.189/systemcl/ppc55bdaa3a8a9608985b07865783259092d37736f52066f94df42f2a4c9820b026 Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.147.189/systemcl/sh46d1e8f244ece4575dd4fa0e405b758ba2bf4b265cdf25eda7084d2d7bd3d1a83 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/spcab43916d8e693e404bcb5f0c732139dfae5b3e122a4ad12b6b97d35639cb7749 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/x865b1f2a4aae9074691cb6f36abffe7c155844f670b8fcf1c9106ca60201217bf3 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/x86_64970d48b9edbe3f7877701b695eec9e47f7f64409a951de973b4e40e72e0da785 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/6920e47feecb08e4aa441ef9/reports/0b656d09-228f-4446-b152-904905f9a765/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2db69386-e01b-4e7e-86d3-f903224f09ca
Behavior Graph:
Download SVG
%3 guuid=f8dcadce-1900-0000-17e6-2d4bfd0a0000 pid=2813 /usr/bin/sudo guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820 /tmp/sample.bin guuid=f8dcadce-1900-0000-17e6-2d4bfd0a0000 pid=2813->guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820 execve guuid=c1c5fed0-1900-0000-17e6-2d4b050b0000 pid=2821 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=c1c5fed0-1900-0000-17e6-2d4b050b0000 pid=2821 execve guuid=34f14be1-1900-0000-17e6-2d4b280b0000 pid=2856 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=34f14be1-1900-0000-17e6-2d4b280b0000 pid=2856 execve guuid=089789e1-1900-0000-17e6-2d4b2a0b0000 pid=2858 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=089789e1-1900-0000-17e6-2d4b2a0b0000 pid=2858 clone guuid=34a7a1e2-1900-0000-17e6-2d4b2f0b0000 pid=2863 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=34a7a1e2-1900-0000-17e6-2d4b2f0b0000 pid=2863 execve guuid=fadab5f2-1900-0000-17e6-2d4b620b0000 pid=2914 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=fadab5f2-1900-0000-17e6-2d4b620b0000 pid=2914 execve guuid=1b00f1f2-1900-0000-17e6-2d4b640b0000 pid=2916 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=1b00f1f2-1900-0000-17e6-2d4b640b0000 pid=2916 clone guuid=67b57bf3-1900-0000-17e6-2d4b660b0000 pid=2918 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=67b57bf3-1900-0000-17e6-2d4b660b0000 pid=2918 execve guuid=c2d9d607-1a00-0000-17e6-2d4b860b0000 pid=2950 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=c2d9d607-1a00-0000-17e6-2d4b860b0000 pid=2950 execve guuid=f6ba3408-1a00-0000-17e6-2d4b880b0000 pid=2952 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=f6ba3408-1a00-0000-17e6-2d4b880b0000 pid=2952 clone guuid=f6641009-1a00-0000-17e6-2d4b8c0b0000 pid=2956 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=f6641009-1a00-0000-17e6-2d4b8c0b0000 pid=2956 execve guuid=e5084c1e-1a00-0000-17e6-2d4bb10b0000 pid=2993 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=e5084c1e-1a00-0000-17e6-2d4bb10b0000 pid=2993 execve guuid=7701e81e-1a00-0000-17e6-2d4bb40b0000 pid=2996 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=7701e81e-1a00-0000-17e6-2d4bb40b0000 pid=2996 clone guuid=28c45d1f-1a00-0000-17e6-2d4bb80b0000 pid=3000 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=28c45d1f-1a00-0000-17e6-2d4bb80b0000 pid=3000 execve guuid=6b2ccc33-1a00-0000-17e6-2d4be00b0000 pid=3040 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=6b2ccc33-1a00-0000-17e6-2d4be00b0000 pid=3040 execve guuid=802f3b34-1a00-0000-17e6-2d4be20b0000 pid=3042 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=802f3b34-1a00-0000-17e6-2d4be20b0000 pid=3042 clone guuid=e4e62535-1a00-0000-17e6-2d4be60b0000 pid=3046 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=e4e62535-1a00-0000-17e6-2d4be60b0000 pid=3046 execve guuid=884f754a-1a00-0000-17e6-2d4b190c0000 pid=3097 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=884f754a-1a00-0000-17e6-2d4b190c0000 pid=3097 execve guuid=2dc8c14a-1a00-0000-17e6-2d4b1b0c0000 pid=3099 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=2dc8c14a-1a00-0000-17e6-2d4b1b0c0000 pid=3099 clone guuid=771c184d-1a00-0000-17e6-2d4b200c0000 pid=3104 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=771c184d-1a00-0000-17e6-2d4b200c0000 pid=3104 execve guuid=9796b768-1a00-0000-17e6-2d4b620c0000 pid=3170 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=9796b768-1a00-0000-17e6-2d4b620c0000 pid=3170 execve guuid=398df968-1a00-0000-17e6-2d4b630c0000 pid=3171 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=398df968-1a00-0000-17e6-2d4b630c0000 pid=3171 clone guuid=412dc469-1a00-0000-17e6-2d4b650c0000 pid=3173 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=412dc469-1a00-0000-17e6-2d4b650c0000 pid=3173 execve guuid=89aa8678-1a00-0000-17e6-2d4b7f0c0000 pid=3199 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=89aa8678-1a00-0000-17e6-2d4b7f0c0000 pid=3199 execve guuid=369dfa78-1a00-0000-17e6-2d4b800c0000 pid=3200 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=369dfa78-1a00-0000-17e6-2d4b800c0000 pid=3200 clone guuid=9257a779-1a00-0000-17e6-2d4b840c0000 pid=3204 /usr/bin/busybox net send-data guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=9257a779-1a00-0000-17e6-2d4b840c0000 pid=3204 execve guuid=d6a8c384-1a00-0000-17e6-2d4b890c0000 pid=3209 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=d6a8c384-1a00-0000-17e6-2d4b890c0000 pid=3209 execve guuid=3dad1b85-1a00-0000-17e6-2d4b8a0c0000 pid=3210 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=3dad1b85-1a00-0000-17e6-2d4b8a0c0000 pid=3210 clone guuid=44d62a85-1a00-0000-17e6-2d4b8b0c0000 pid=3211 /usr/bin/busybox net send-data guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=44d62a85-1a00-0000-17e6-2d4b8b0c0000 pid=3211 execve guuid=1c2ef58f-1a00-0000-17e6-2d4b970c0000 pid=3223 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=1c2ef58f-1a00-0000-17e6-2d4b970c0000 pid=3223 execve guuid=925c3790-1a00-0000-17e6-2d4b990c0000 pid=3225 /usr/bin/dash guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=925c3790-1a00-0000-17e6-2d4b990c0000 pid=3225 clone guuid=8e684290-1a00-0000-17e6-2d4b9a0c0000 pid=3226 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=8e684290-1a00-0000-17e6-2d4b9a0c0000 pid=3226 execve guuid=2c4ce69e-1a00-0000-17e6-2d4bb30c0000 pid=3251 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=2c4ce69e-1a00-0000-17e6-2d4bb30c0000 pid=3251 execve guuid=6df34c9f-1a00-0000-17e6-2d4bb40c0000 pid=3252 /home/sandbox/x86 net guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=6df34c9f-1a00-0000-17e6-2d4bb40c0000 pid=3252 execve guuid=cff355c1-1a00-0000-17e6-2d4bcc0c0000 pid=3276 /usr/bin/busybox net send-data write-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=cff355c1-1a00-0000-17e6-2d4bcc0c0000 pid=3276 execve guuid=992729d1-1a00-0000-17e6-2d4be20c0000 pid=3298 /usr/bin/chmod guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=992729d1-1a00-0000-17e6-2d4be20c0000 pid=3298 execve guuid=0b1bb4d1-1a00-0000-17e6-2d4be30c0000 pid=3299 /home/sandbox/x86_64 net guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=0b1bb4d1-1a00-0000-17e6-2d4be30c0000 pid=3299 execve guuid=da3822ee-1a00-0000-17e6-2d4b270d0000 pid=3367 /usr/bin/rm delete-file guuid=d3bfc6d0-1900-0000-17e6-2d4b040b0000 pid=2820->guuid=da3822ee-1a00-0000-17e6-2d4b270d0000 pid=3367 execve f1c78202-5927-5cc6-bd07-437634c15960 31.97.147.189:80 guuid=c1c5fed0-1900-0000-17e6-2d4b050b0000 pid=2821->f1c78202-5927-5cc6-bd07-437634c15960 send: 88B guuid=34a7a1e2-1900-0000-17e6-2d4b2f0b0000 pid=2863->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=67b57bf3-1900-0000-17e6-2d4b660b0000 pid=2918->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=f6641009-1a00-0000-17e6-2d4b8c0b0000 pid=2956->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=28c45d1f-1a00-0000-17e6-2d4bb80b0000 pid=3000->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=e4e62535-1a00-0000-17e6-2d4be60b0000 pid=3046->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=771c184d-1a00-0000-17e6-2d4b200c0000 pid=3104->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=412dc469-1a00-0000-17e6-2d4b650c0000 pid=3173->f1c78202-5927-5cc6-bd07-437634c15960 send: 88B guuid=9257a779-1a00-0000-17e6-2d4b840c0000 pid=3204->f1c78202-5927-5cc6-bd07-437634c15960 send: 88B guuid=44d62a85-1a00-0000-17e6-2d4b8b0c0000 pid=3211->f1c78202-5927-5cc6-bd07-437634c15960 send: 88B guuid=8e684290-1a00-0000-17e6-2d4b9a0c0000 pid=3226->f1c78202-5927-5cc6-bd07-437634c15960 send: 88B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=6df34c9f-1a00-0000-17e6-2d4bb40c0000 pid=3252->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=256d3bc1-1a00-0000-17e6-2d4bca0c0000 pid=3274 /home/sandbox/x86 guuid=6df34c9f-1a00-0000-17e6-2d4bb40c0000 pid=3252->guuid=256d3bc1-1a00-0000-17e6-2d4bca0c0000 pid=3274 clone guuid=734f42c1-1a00-0000-17e6-2d4bcb0c0000 pid=3275 /home/sandbox/x86 dns net send-data zombie guuid=6df34c9f-1a00-0000-17e6-2d4bb40c0000 pid=3252->guuid=734f42c1-1a00-0000-17e6-2d4bcb0c0000 pid=3275 clone guuid=734f42c1-1a00-0000-17e6-2d4bcb0c0000 pid=3275->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B 92baddd7-8a81-534e-9407-4c1f931774f6 ahahahahahajs.unproxy.st:9772 guuid=734f42c1-1a00-0000-17e6-2d4bcb0c0000 pid=3275->92baddd7-8a81-534e-9407-4c1f931774f6 send: 42B guuid=cff355c1-1a00-0000-17e6-2d4bcc0c0000 pid=3276->f1c78202-5927-5cc6-bd07-437634c15960 send: 91B guuid=0b1bb4d1-1a00-0000-17e6-2d4be30c0000 pid=3299->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ab3710ee-1a00-0000-17e6-2d4b250d0000 pid=3365 /home/sandbox/x86_64 zombie guuid=0b1bb4d1-1a00-0000-17e6-2d4be30c0000 pid=3299->guuid=ab3710ee-1a00-0000-17e6-2d4b250d0000 pid=3365 clone guuid=cba414ee-1a00-0000-17e6-2d4b260d0000 pid=3366 /home/sandbox/x86_64 dns net send-data zombie guuid=0b1bb4d1-1a00-0000-17e6-2d4be30c0000 pid=3299->guuid=cba414ee-1a00-0000-17e6-2d4b260d0000 pid=3366 clone guuid=cba414ee-1a00-0000-17e6-2d4b260d0000 pid=3366->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B guuid=cba414ee-1a00-0000-17e6-2d4b260d0000 pid=3366->92baddd7-8a81-534e-9407-4c1f931774f6 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 13:27:43 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rc6cpt4mu3nashntkyzk2xwhhhegcpkkctjauq2bufvxjrwghhqq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-16esra1lej/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 88bc27cf8ca6da091db35632ad5ec739c8613d4a14d20a4341a16b74c6c639e1

(this sample)

Mirai

elf 1a16ce155a3f026fcf3158a138278f0ab7be1440a8db7e72251df784238f12f5

Mirai

elf 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

  
URLhaus
https://urlhaus.abuse.ch/url/3713672/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e3dd5b13a3edce553468bc4464e080c6
  
Dropping
SHA256 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

Comments