MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da
SHA3-384 hash: 406c0b7bf97572abec60aaa71beb87c161e6fb3dbdd7f9bc20d74a67f3189fbdc8579e10a611422164acb0a0fd4a2cbe
SHA1 hash: e959e9f73f5a2045363ae6c9f8ebfb8512ded748
MD5 hash: b5734b8e2199e84257260fdf6fc4cb6c
humanhash: india-oven-lithium-mockingbird
File name:jaws
Download: download sample
Signature Mirai
Create hunting rule
File size:2'849 bytes
First seen:2026-02-08 16:48:38 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vNSQSqS0SuSBezESLSqSlSkSqSPFUfSjSml:vNSQSqS0SuS4ESLSqSlSkSqSPFUfSjSG
TLSH T17051A2C4B2966A30FFB25D9A75F5400470D0E195E6C7EE85D0FC76BC054EF0A94A8BA2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.210.195/bins/sora.x86ca4bc53027168ab2d4729c60e831c4391b3180ff78817870d86c467b43c0b871 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.mips9ed3d57eea43c1ea7a88c8e46ba71176eab171e28521c26c5a8e5496b64dc429 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.x86_64f71af0c04e48969d957c40b4d969ab6f3c8f5a62c03200476d307078d2291135 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.i468n/an/aelf ua-wget
http://158.94.210.195/bins/sora.i6867ff997a834842f0eb165765baa947aff2ab13e579059fa3e2bda4ade3c965283 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.mpsl30d66f5b64badfb3f1abb396ecbad81696ebcc4071ea8fd9f24c5af1bd1ab9ef Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm4n/an/aelf ua-wget
http://158.94.210.195/bins/sora.arm53a2b49c91728113e0e48ab09a67afad0eb79f46ecf1ef6a2cef5efdb43046734 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm6723141d159f1c15d4a2ad22050e46f10fdbde63a666d8e4badaf09054bdfa5e0 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm78f2389f85adaf6ddcbd96333e0e311509b3a46e5a0e117b874d7f917360dace0 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.ppc1b79fffd04abb8fc80bfdbe6fcd18d54a08103cbc1d2be2be5c0fa21c9f6ddb5 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.ppc440fpn/an/aelf ua-wget
http://158.94.210.195/bins/sora.m68k4df635e4868cdfa338a59a65846ff53e2550baad7ca1ccbb7601a1b010434499 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.sh49dfe8344b4955e58824071c1ef033569e23815f4d816a223d338222e7c975ecc Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2026-02-08T14:03:00Z UTC
Last seen:
2026-02-09T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.c HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 16:45:09 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrlx7iahip45vey24625lpc6iv46wxg25gsfa4v4o77iph5t2tna._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:sora antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260208-vbshgabv3e/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Unexpected DNS network traffic destination
Contacts a large (40344) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8c577fa00743/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8c577fa00743f9da931ae7b5d5bc5e4579eb5cdae9a45072bc77fe879fb3d4da

(this sample)

Mirai

elf cf8251428340b51e9bc5dfb2ca525ac328f2a46846d1db580e3712f280f97a07

Mirai

elf 725e13862af947197344fcb7ab345488a74762b936e841237df7f433fcbc31d8

  
URLhaus
https://urlhaus.abuse.ch/url/3774588/
  
Delivery method
Distributed via web download
  
Dropping
MD5 305495e9dc5bae2c8eb77eb3fd51d04c
  
Dropping
SHA256 725e13862af947197344fcb7ab345488a74762b936e841237df7f433fcbc31d8

Comments