MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29
SHA3-384 hash: 8e8f6b271cb34165ee1d7520d427aab07a998b330fc67e7760b9fdc8286eacea6d69d9c0aaace7f2f31ad13bb4eb4705
SHA1 hash: b653c42770e2a58011b396d9b39294019b05949f
MD5 hash: 59528d196f3abeadb7c4b44574d7bb7d
humanhash: virginia-yellow-comet-west
File name:jaws
Download: download sample
Signature Mirai
Create hunting rule
File size:1'994 bytes
First seen:2026-01-15 12:09:48 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vd1WNd+jwNdCOCRNdk0NdB0Ndo8NddkNdmwZNdsr7sNdnXKNdNvOTa:vsNIHyvSBDNeuG
TLSH T1D941C9C921554B317CED58D7BFFB484A34D0A59B9EC16E1959E834E9448CF083F88A93
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.49/bins/armdb38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm5d76f8bd1b486b69682eff485b41f47848d7cd72b4c1e20fabd44b37325d384b8 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm637555ca6e9f94fae07e92ebabe3b25d1b353b993ce4166742a684e10f7e22a14 Miraielf mirai ua-wget
http://130.12.180.49/bins/arm77a21c878989a083a2c39dad51219ce926cc986f901896f6e716e9da2316242c7 Miraielf mirai ua-wget
http://130.12.180.49/bins/m68k5d25dc191ac20f5b6710d0ce69289f443919a6bf91297f133a412cb238d25f25 Miraielf mirai ua-wget
http://130.12.180.49/bins/mipsf57e5a1a788a3043a2888072361f85d67bc95c1fff1ef4cfb2f993f418dd21c7 Miraielf mirai ua-wget
http://130.12.180.49/bins/mipsel4b31ab02ed3e3f6074f999c9d573a5db483674b8259a3ce1be473d62a9432684 Miraielf mirai ua-wget
http://130.12.180.49/bins/ppc2dd93b0159210e8eed77ffc3664cd5e49cb64e37d0bf0b35a778c4a6785fdb2a Miraielf mirai ua-wget
http://130.12.180.49/bins/sh42f63ee7135c9b247ad92809e8b468a652b13854082adeed64aae3fc2ba307815 Miraielf mirai ua-wget
http://130.12.180.49/bins/spc31efdd5ef3c08cb46e45b9c6321eec40f389b434b8cf0023a3c5bc61d5d518f9 Miraielf mirai ua-wget
http://130.12.180.49/bins/x86433b22d173d940f1cfc9a1231404d93bb76e16a2fed7dcddf3c5a99a99ce3beb Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6968d94d584f1963ad548531/reports/fb905f50-c40b-4f99-9b61-bac948b83a37/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-15T09:17:00Z UTC
Last seen:
2026-01-15T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-01-15 12:04:20 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rgftmwqf4hsj4tmlje2b4vt7offyzn5ukklo3rv7kz3bqaqeliuq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:hajimari antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260115-pchrrsd18c/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (389428) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/898b365a05e1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 898b365a05e1e49e4d8b49341e567f714b8cb7b45296edc6bf56761802045a29

(this sample)

Mirai

elf db38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4

  
URLhaus
https://urlhaus.abuse.ch/url/3758549/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8119c8263c6196dcdc6780a0ac9d51e
  
Dropping
SHA256 db38e19b34076eb5009db83647e46f11dd723112f9435daac7e1b18ca2b340e4

Comments