MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed
SHA3-384 hash:	252af11fada81a9e008a2123e5f5e4161db4b25d3728c8e02a8609db010a42850abeff9802d8e2c104fa4a702637d806
SHA1 hash:	ab26e8d6d696bf2c735492dbab647d153a78cded
MD5 hash:	0c35faa1a2b70d99eb6c025c848b16bf
humanhash:	football-eight-edward-kitten
File name:	0x83911d24Fx.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'535 bytes
First seen:	2025-11-04 06:29:09 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vTkZTVBTb+XTYVT3pTM+2TVZThRTC3TNqoTyBTutTnAfj:vajqKV92THeEogwkb
TLSH	T1A951D6850552CB363CA5A4A331A6096CF28B689358E97F41FBFC78F8928CD08F15CE43
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.111.248.202/LjEZs/uYtea.x86	a28361084ffc0228b7184f615c6c8a707827b3595497239760a94b7087817ac9	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.mips	9246217e8b9ff28004360900517c94106d100a57683a13e714c35b8ae8ca8853	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.mpsl	9742f53a278f9f0536531fdeebeeef55fff806db555515b920800ad5d98d5325	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.arm	cb67e37a84ceb8267538231d89cf2ae52b1bbebe513ea472cfcdbb933e309144	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.arm5	85f244681b5b2c3f2729da52f75320b6e583e87646bf3f4bc5df3e45159bd34f	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.arm6	45a52050f45003386f56a984d64cbb79fdbe3be969a16ebfc28a3ad1a9d02d05	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.arm7	cce32047922f90084fa7c6fa16e13c795e82d250fc0a50fd9cbe85bf04f7ad8f	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.ppc	237370b7367800b8141e6caf922bbd68b323ca123987aa696cac116f8a3d12ce	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.m68k	78be901a05877eb6d3eb722ac4f57ad04c7946efbf5379d16213059385768d0e	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.sh4	a3161efe40fd333990cc481716a1c64fdbe57d4db89724b1d04b4d9f3027c177	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.spc	9f638c44c6a4b6ea87044f134a99c7f578552968695ab480d61cbcb9c6b13e91	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.arc	ac06a5732ead3b27c08fe624037c576c76bbc359a56eb45c9fb467fe5c931bd2	Mirai	mirai ua-wget
http://193.111.248.202/LjEZs/uYtea.x86_64	1fe5abeabf172ee128a8b69d730a751b2e69f3914a275066f4831c9be807acf5	Mirai	mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-04T03:37:00Z UTC

Last seen:

2025-11-04T19:48:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/9d608acd-2d4f-42e2-8e73-d7f9cc873bce

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-11-04 06:13:44 UTC

File Type:

Text (Shell)

AV detection:

23 of 38 (60.53%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rzjs4zse2asw77frl2hhoio6f2f2dg3cnuq4s3ftkf3uf5r6qhwq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:demons antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/251104-g89alayrbn/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Creates a large amount of network flows

Enumerates active TCP sockets

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (15207) amount of remote hosts

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8e532e6644d0/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8e532e6644d0256ffcb15e8e7721de2e8ba19b626d21c96cb3517742f63e81ed

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.