MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0
SHA3-384 hash: 7d2c98acdef4a270aa9ee638e44bb0643c1399e220cc4bcbad05902d9f80fb2cdea9073451abc0001b6f1e81f47c5138
SHA1 hash: 62436518e1e3437322e2d8aa556f83c0cd2aaa74
MD5 hash: 81951bd4758d495ca424ac721e97b184
humanhash: sixteen-florida-kentucky-asparagus
File name:nullnet_bash.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'795 bytes
First seen:2026-03-03 12:47:31 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:v4BB4IX4vl41B4GTn45h40j4o54zN4sB43t4GkGO4ez4GD4kk:UW
TLSH T1B37182D42370C3377CA2463614B95ED863C5AEE791D58EE0B0BA3F61C88DE4C2E947A1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.142.209.47/nullnet_bin_dir/nullnet_load.x862694786c0c215fd283d00d61c8d54e995cd200aac62940e676a106c64d7b463d Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.mips0aea4555589b1b899abc68c1c6e60903e9f79c29d7f817275762fa40505d2f00 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.mpsl6d088ec98a0223b9fb5c9372e78397c97f8a02e1355b46ccecf75d487b68db47 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.arm938a4c50b4efbb1ad97e31393f4ab160c1baa254277f645f82967d687b01a21a Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.arm5b8b60a5af170ade4f14b344da059ebecda89c9e136c42f33e588cd480a63aad1 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.arm65072a1c51d5944cda12ab3aa04bc2df03f50883046b49753dca3ea8fab6cba63 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.arm758e1a7510261151f4cf95b51aa40bc33bcd29fbbb2ff568a7227588c81d72dc4 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.ppc3eefbb511d87b67d9afc982a39a7aef9ea4fbb47a0995fc3178d3c7e86b2c84f Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.m68k6258a47ba514ed17a41d868bb45914d11768be1dc7da62bac054dd9d32d8a92c Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.sh46613f0240f310bedbf9633de0ef39d8883c0927f2b28ca32e272fbee89ef7176 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.spc765369623f5d00b45c21af0a064755157cee636712c21665f1f988696061fd3e Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.arc5f07344e1374ea935af3d6041ae1185f172500aacc65949c553389f0bdcc086f Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.x86_643eb5b92e68f86b7be50f6bbbf9d679333edf9ba4b0d2e7e4bec5e70fbf527955 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.i686f989861d8c1d0176ceed8040454829ae94a1ca802dd3ebf4a31817e71193bac2 Miraimirai
http://83.142.209.47/nullnet_bin_dir/nullnet_load.i4861ef4f2143568fb1a6daa77cf4f34b430f9d5e5cc7e1ed05a9edc959ccfadfa72 Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/69a6d88dcd25bfe1dfdf1b09/reports/7bca976e-4cf0-4c2c-b5d2-0af18fc0bba5/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-03-01 12:11:31 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3h7m6itqiwlvbs5h5uxo5bf4fwi53rfbyj4zch5fqq23vgxqxia._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:ecchi antivm botnet credential_access defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260303-p1vq8sgs9w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (28806) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
83.142.209.47
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8ecff6791382/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8ecff67913822cba865d3f69777425e16c8eee250e13cc88fd2c21add4d785d0

(this sample)

Mirai

elf 2694786c0c215fd283d00d61c8d54e995cd200aac62940e676a106c64d7b463d

  
URLhaus
https://urlhaus.abuse.ch/url/3789017/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5b9bf094cb3228356875aef4c2c7d4bd
  
Dropping
SHA256 2694786c0c215fd283d00d61c8d54e995cd200aac62940e676a106c64d7b463d

Comments