MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9
SHA3-384 hash:	ca6d856129fbfed488a82ea2cc8a24405e269344ecce54f8d138be94284a00737c21eb89d2379ffcbb067294a304b759
SHA1 hash:	be084836af5fc605ead393dd9945e74f28dc3f01
MD5 hash:	13816fd674275045b421000306e08051
humanhash:	angel-shade-hawaii-michigan
File name:	cat.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'011 bytes
First seen:	2025-09-14 11:12:39 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:dFXOpo2hCQ8zmqYfsQdt6hRPtNaKjRI6XoODOqRdmDUR3fNvMGRZ1x91ZRDKLBqM:rAhj8ufTcvFTDsjk5atYqAFID
TLSH	T1A541D68D1056D161D48CCF42F0B1C774984FE9C9B3A25EE1E463BDB9988D940B517B37
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.71.207/x86_64	68d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39	Mirai	elf mirai ua-wget
http://196.251.71.207/aarch64	205ba61018cf49c6ff5df49abfcadbe33a38e830fa4f8f657ffa6e2db230ebde	Mirai	elf mirai ua-wget
http://196.251.71.207/m68k	46c181467de432471fa4470564e669ad6bff30b0066720d56552bf6bfbf3b8cd	Mirai	elf mirai ua-wget
http://196.251.71.207/mips	551cc47e8a99c0a26e471f433dc186fa24a8381745007255e351ec7b136ed494	Mirai	elf mirai ua-wget
http://196.251.71.207/mipsel	d99d31dba21bc3f823b71baf039e14ce6b8a3cd824fb15e497dca07d736d2290	Mirai	elf mirai ua-wget
http://196.251.71.207/powerpc	bb7ca4d580b48c1d259924a7760b2c35c9a24f1d5d816ce321d3b3a2a2c5f92f	Mirai	elf mirai ua-wget
http://196.251.71.207/sparc	ae7347197673650a50dd6d22ee236c01ccc81a35290d718a25e036b4e9503c90	Mirai	elf mirai ua-wget
http://196.251.71.207/sh4	7a14f5cbf5f5cc545c10af6a2226e2d50421ccfd04fbd204ec3eeabf6b49e010	Mirai	elf mirai ua-wget
http://196.251.71.207/arc	9d328f65c944f1043f487c4992a19f80d6142d36f0cf49396e024d159afa6723	Mirai	elf mirai ua-wget
http://196.251.71.207/i486	2b0d719f5dc2684cb734a73e40c1d03a6ee40f408ac15bef289d7e4d9d73f7e8	Mirai	elf mirai ua-wget
http://196.251.71.207/armv4l	fd49df844db6a4e03dac56d1edb17150171b5aa0c14ad92bfae57fbaa82073d0	Gafgyt	elf gafgyt ua-wget
http://196.251.71.207/armv5l	a3346c751947ea632fc3405ea46a20730ce4452067c62100fdcf6c62b30f8dd8	Gafgyt	elf gafgyt ua-wget
http://196.251.71.207/armv6l	310f1c6e525d19af148754454e5c6808371fb024ad6f52622c2c044530b4deb0	Mirai	elf mirai ua-wget
http://196.251.71.207/armv7l	a270e1c59417d8ec9a977213d3c4fb5dbd7f2507337d0bc703c2ee2e96aaafab	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

no reply from clamd

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-14T08:43:00Z UTC

Last seen:

2025-09-14T08:43:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/83bafbb6-c498-4a54-a6f1-d811967c204a

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9/

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-09-14 11:13:36 UTC

File Type:

Text (Shell)

AV detection:

14 of 38 (36.84%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rdutfmct6n3dac3zgbmm77znymvddgiocjpywelvbzcyxc5p2heq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion discovery linux persistence

Link:

https://tria.ge/reports/250914-nbpcgssly3/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Enumerates running processes

Modifies init.d

Modifies rc script

Write file to user bin folder

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.75

Link:

https://yomi.yoroi.company/submissions/88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 88e932b053f376300b793058cfff2dc32a31990e125f8b11750e458b8bafd1c9

(this sample)

Mirai

elf 68d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39

URLhaus

https://urlhaus.abuse.ch/url/3623662/

Delivery method

Distributed via web download

Dropping

MD5 5d6a1314ed2b2eb48c76b2b511a11240

Dropping

SHA256 68d848489d2ba487699cbeffdcd31fb39d22ccb94ab1a2c2983e9538ea551f39

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample