MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa
SHA3-384 hash: b672430519a22b3014d4b53800acb3a1000f9cecf610321a5518978c497878bebfb5bb170959a330ee9e09a6480121fa
SHA1 hash: 810dc4c5bc4088a03b2014dade1c8c3d4ee1a040
MD5 hash: 51a4f33d835483de3b005cee25fc456a
humanhash: india-early-may-robert
File name:tplink
Download: download sample
Signature Mirai
Create hunting rule
File size:318 bytes
First seen:2026-06-01 03:13:40 UTC
Last seen:2026-06-01 14:53:45 UTC
File type: sh
MIME type:text/plain
ssdeep 6:L6FnGj5AANaa6yPJV6F45AAPoJKPJV6FTWX5AAvbTnPJV6FLX5AA6KlKO:KGj5AANf5hN5AAsKhau5AAjTnheX5AAr
TLSH T1B2E04FEA6809225240A8ED84F077C959F03FF3D63510864CBC9E30A988D8E28F119B8E
Magika html
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.56.209.220/arm75c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a Miraiarm elf mirai ua-wget
http://31.56.209.220/arm507bcfe93ba826112d94e11ed81e99e79019187b4cef043806f98fbcb4db4aa2a Miraiarm elf mirai ua-wget
http://31.56.209.220/mips3cf13f6915e916344708b364af4458befb09731bd920a637a3adfec34b6ea219 Miraielf mips mirai ua-wget
http://31.56.209.220/mpsl1bd61f2b5fec4f77c5a12ac5f3ba81b5396a3fabd886c3599e06b00569ad8078 Miraielf mips mirai ua-wget

Intelligence

File Origin
# of uploads :
78
# of downloads :
10
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a1d1ce9099ef368af12270e/reports/0416137f-c9a6-47e0-a358-6c23d7fa404d/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-06-01T11:37:00Z UTC
Last seen:
2026-06-01T17:34:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2d7df673-a0a9-43fc-b379-fffb1ccadd6f
Behavior Graph:
Download SVG
%3 guuid=e5e3a643-1900-0000-c4aa-bf2067080000 pid=2151 /usr/bin/sudo guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158 /tmp/sample.bin guuid=e5e3a643-1900-0000-c4aa-bf2067080000 pid=2151->guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158 execve guuid=af877846-1900-0000-c4aa-bf206f080000 pid=2159 /usr/bin/rm guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=af877846-1900-0000-c4aa-bf206f080000 pid=2159 execve guuid=cb27cf46-1900-0000-c4aa-bf2071080000 pid=2161 /usr/bin/wget net send-data write-file guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=cb27cf46-1900-0000-c4aa-bf2071080000 pid=2161 execve guuid=198e654e-1900-0000-c4aa-bf2083080000 pid=2179 /usr/bin/chmod guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=198e654e-1900-0000-c4aa-bf2083080000 pid=2179 execve guuid=873bc44e-1900-0000-c4aa-bf2085080000 pid=2181 /usr/bin/dash guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=873bc44e-1900-0000-c4aa-bf2085080000 pid=2181 clone guuid=021b794f-1900-0000-c4aa-bf2089080000 pid=2185 /usr/bin/rm guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=021b794f-1900-0000-c4aa-bf2089080000 pid=2185 execve guuid=a94bc14f-1900-0000-c4aa-bf208a080000 pid=2186 /usr/bin/wget net send-data write-file guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=a94bc14f-1900-0000-c4aa-bf208a080000 pid=2186 execve guuid=9f1c3155-1900-0000-c4aa-bf2098080000 pid=2200 /usr/bin/chmod guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=9f1c3155-1900-0000-c4aa-bf2098080000 pid=2200 execve guuid=79778755-1900-0000-c4aa-bf209a080000 pid=2202 /usr/bin/dash guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=79778755-1900-0000-c4aa-bf209a080000 pid=2202 clone guuid=35128257-1900-0000-c4aa-bf20a0080000 pid=2208 /usr/bin/rm guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=35128257-1900-0000-c4aa-bf20a0080000 pid=2208 execve guuid=4b5f0c58-1900-0000-c4aa-bf20a2080000 pid=2210 /usr/bin/wget net send-data write-file guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=4b5f0c58-1900-0000-c4aa-bf20a2080000 pid=2210 execve guuid=53eabd5e-1900-0000-c4aa-bf20b2080000 pid=2226 /usr/bin/chmod guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=53eabd5e-1900-0000-c4aa-bf20b2080000 pid=2226 execve guuid=21ef1d5f-1900-0000-c4aa-bf20b4080000 pid=2228 /usr/bin/dash guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=21ef1d5f-1900-0000-c4aa-bf20b4080000 pid=2228 clone guuid=360b0561-1900-0000-c4aa-bf20bb080000 pid=2235 /usr/bin/rm guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=360b0561-1900-0000-c4aa-bf20bb080000 pid=2235 execve guuid=0bf07161-1900-0000-c4aa-bf20bd080000 pid=2237 /usr/bin/wget net send-data write-file guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=0bf07161-1900-0000-c4aa-bf20bd080000 pid=2237 execve guuid=b161b967-1900-0000-c4aa-bf20d0080000 pid=2256 /usr/bin/chmod guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=b161b967-1900-0000-c4aa-bf20d0080000 pid=2256 execve guuid=3b5bf567-1900-0000-c4aa-bf20d1080000 pid=2257 /usr/bin/dash guuid=270c2e46-1900-0000-c4aa-bf206e080000 pid=2158->guuid=3b5bf567-1900-0000-c4aa-bf20d1080000 pid=2257 clone d6416cf9-53bd-50ef-8d88-92b65e079ca0 31.56.209.220:80 guuid=cb27cf46-1900-0000-c4aa-bf2071080000 pid=2161->d6416cf9-53bd-50ef-8d88-92b65e079ca0 send: 132B guuid=a94bc14f-1900-0000-c4aa-bf208a080000 pid=2186->d6416cf9-53bd-50ef-8d88-92b65e079ca0 send: 132B guuid=4b5f0c58-1900-0000-c4aa-bf20a2080000 pid=2210->d6416cf9-53bd-50ef-8d88-92b65e079ca0 send: 132B guuid=0bf07161-1900-0000-c4aa-bf20bd080000 pid=2237->d6416cf9-53bd-50ef-8d88-92b65e079ca0 send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-01 04:15:59 UTC
File Type:
Text (Shell)
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rrqddgti2akirez4vbpisp7hh3fsbv44fhcepdowvdn4fkcnskva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260601-ggw6yse16p/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8c60319a68d01488933ca85e893fe73ecb20d79c29c4478dd6a8dbc2a84d92aa

(this sample)

Mirai

elf 5c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a

  
URLhaus
https://urlhaus.abuse.ch/url/3856690/
  
Delivery method
Distributed via web download
  
Dropping
MD5 db326f41279c5fd0863ef8375875b2bd
  
Dropping
SHA256 5c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a

Comments