MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350
SHA3-384 hash: 935f92ec234fc942d4466d7b39e77d9685ef7d1656ef7f020563522fd7b22662d6584b63030a0ffb85b189653008b4c7
SHA1 hash: b56391a4268fe78073ec51133d0f81f246e3c3a4
MD5 hash: b028e431258e60d0dbabb3db23be634f
humanhash: william-red-idaho-north
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:916 bytes
First seen:2026-01-07 20:33:31 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3qjUhUgNI1FAUpiKTUeiFqUutonUGnUlhU0xGJv0jUDAUEXAUA:6gSgNIFAKw9UGUlS3jpqHA
TLSH T10F11BEDF01B8E321495CCE40705ADA2CB9458ED161E0CEC8988D9AB5B9DED257359F8C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://14.225.20.10/csk_arm3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e Miraielf mirai ua-wget
http://14.225.20.10/csk_arm57e27d70ef08cc6a380ac6e92d312d7d14a0063b8f0043333771923165dd9add5 Miraielf mirai ua-wget
http://14.225.20.10/csk_arm6dba31f9c022880707c1687a193cb1ebf6470ec3daaa642d9566d60874f77dc16 Miraielf mirai ua-wget
http://14.225.20.10/csk_arm78a807fe858d9a6b452905606c974b345b2fad130fd352bf064ff68d04a958103 Miraielf mirai ua-wget
http://14.225.20.10/csk_m68k7679266043c5ba20bddb70235b099d41f550bdb8586dffe0a30cd55461add399 Miraielf mirai ua-wget
http://14.225.20.10/csk_mips7343d71bb7d0045d816b73fabc1429b8a2a6006e10f68ef0bd250ad9dff904f0 Miraielf mirai ua-wget
http://14.225.20.10/csk_mpsl005f565b1a2472c5c6d34e9ce8ae2058e15b91265e2e55ace274f1386c8bc3b1 Miraielf mirai ua-wget
http://14.225.20.10/csk_ppc3ee5f789d89a5c220552cf24d5c232d4ee7ba29c5707bf449837bcdc41ddc49c Miraielf mirai ua-wget
http://14.225.20.10/csk_spc048cf68470501740ac2efc1b2c6b193760f99494570b90ba4f1d74b534aec5f6 Miraielf mirai ua-wget
http://14.225.20.10/csk_x86088b1ec37bd2bd85f5ed2371e19cb852049eb8cae03e27cd6b1f270548a8e0ae Miraielf mirai ua-wget
http://14.225.20.10/csk_x86_64fa49458eeb48ee164b9963f4aebcabc26862899c4dcf26a8979321587221623b Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/695ec34587e75cdd5af76fd1/reports/fbf17559-ef4e-43ff-9f73-a6034ee5cd24/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2026-01-07T17:46:00Z UTC
Last seen:
2026-01-07T18:22:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3f1b53ca-e871-4f96-9d44-44566d92dff2
Behavior Graph:
Download SVG
%3 guuid=a2565880-1500-0000-8fa1-b4247e0c0000 pid=3198 /usr/bin/sudo guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199 /tmp/sample.bin guuid=a2565880-1500-0000-8fa1-b4247e0c0000 pid=3198->guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199 execve guuid=8fa18085-1500-0000-8fa1-b424800c0000 pid=3200 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=8fa18085-1500-0000-8fa1-b424800c0000 pid=3200 execve guuid=87c691c3-1500-0000-8fa1-b424c90c0000 pid=3273 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=87c691c3-1500-0000-8fa1-b424c90c0000 pid=3273 execve guuid=6c5400c4-1500-0000-8fa1-b424cb0c0000 pid=3275 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=6c5400c4-1500-0000-8fa1-b424cb0c0000 pid=3275 clone guuid=7e54c6c4-1500-0000-8fa1-b424ce0c0000 pid=3278 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=7e54c6c4-1500-0000-8fa1-b424ce0c0000 pid=3278 execve guuid=49d25ff6-1500-0000-8fa1-b4241a0d0000 pid=3354 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=49d25ff6-1500-0000-8fa1-b4241a0d0000 pid=3354 execve guuid=f6eaa3f6-1500-0000-8fa1-b4241b0d0000 pid=3355 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=f6eaa3f6-1500-0000-8fa1-b4241b0d0000 pid=3355 clone guuid=77f9dff8-1500-0000-8fa1-b424210d0000 pid=3361 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=77f9dff8-1500-0000-8fa1-b424210d0000 pid=3361 execve guuid=5cdee136-1600-0000-8fa1-b4249d0d0000 pid=3485 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=5cdee136-1600-0000-8fa1-b4249d0d0000 pid=3485 execve guuid=13015e37-1600-0000-8fa1-b4249e0d0000 pid=3486 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=13015e37-1600-0000-8fa1-b4249e0d0000 pid=3486 clone guuid=05847f38-1600-0000-8fa1-b424a00d0000 pid=3488 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=05847f38-1600-0000-8fa1-b424a00d0000 pid=3488 execve guuid=5b245e84-1600-0000-8fa1-b4241e0e0000 pid=3614 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=5b245e84-1600-0000-8fa1-b4241e0e0000 pid=3614 execve guuid=ca31d084-1600-0000-8fa1-b4241f0e0000 pid=3615 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=ca31d084-1600-0000-8fa1-b4241f0e0000 pid=3615 clone guuid=d40b0288-1600-0000-8fa1-b4242a0e0000 pid=3626 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=d40b0288-1600-0000-8fa1-b4242a0e0000 pid=3626 execve guuid=d51a00c7-1600-0000-8fa1-b424990e0000 pid=3737 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=d51a00c7-1600-0000-8fa1-b424990e0000 pid=3737 execve guuid=e9e57fc7-1600-0000-8fa1-b4249d0e0000 pid=3741 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=e9e57fc7-1600-0000-8fa1-b4249d0e0000 pid=3741 clone guuid=eda184c8-1600-0000-8fa1-b424a20e0000 pid=3746 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=eda184c8-1600-0000-8fa1-b424a20e0000 pid=3746 execve guuid=69280707-1700-0000-8fa1-b424470f0000 pid=3911 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=69280707-1700-0000-8fa1-b424470f0000 pid=3911 execve guuid=b4b76907-1700-0000-8fa1-b424490f0000 pid=3913 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=b4b76907-1700-0000-8fa1-b424490f0000 pid=3913 clone guuid=78c56408-1700-0000-8fa1-b4244b0f0000 pid=3915 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=78c56408-1700-0000-8fa1-b4244b0f0000 pid=3915 execve guuid=578eca48-1700-0000-8fa1-b42411100000 pid=4113 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=578eca48-1700-0000-8fa1-b42411100000 pid=4113 execve guuid=e8b71e49-1700-0000-8fa1-b42413100000 pid=4115 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=e8b71e49-1700-0000-8fa1-b42413100000 pid=4115 clone guuid=aa8ad749-1700-0000-8fa1-b42416100000 pid=4118 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=aa8ad749-1700-0000-8fa1-b42416100000 pid=4118 execve guuid=5453ad87-1700-0000-8fa1-b424b0100000 pid=4272 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=5453ad87-1700-0000-8fa1-b424b0100000 pid=4272 execve guuid=dbe21c88-1700-0000-8fa1-b424b4100000 pid=4276 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=dbe21c88-1700-0000-8fa1-b424b4100000 pid=4276 clone guuid=ea362e89-1700-0000-8fa1-b424b8100000 pid=4280 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=ea362e89-1700-0000-8fa1-b424b8100000 pid=4280 execve guuid=91d503c6-1700-0000-8fa1-b4249d110000 pid=4509 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=91d503c6-1700-0000-8fa1-b4249d110000 pid=4509 execve guuid=5be982c6-1700-0000-8fa1-b4249f110000 pid=4511 /usr/bin/dash guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=5be982c6-1700-0000-8fa1-b4249f110000 pid=4511 clone guuid=5d4c30c7-1700-0000-8fa1-b424a2110000 pid=4514 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=5d4c30c7-1700-0000-8fa1-b424a2110000 pid=4514 execve guuid=ecf6a505-1800-0000-8fa1-b42436120000 pid=4662 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=ecf6a505-1800-0000-8fa1-b42436120000 pid=4662 execve guuid=640d2206-1800-0000-8fa1-b4243a120000 pid=4666 /home/sandbox/csk_x86 net guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=640d2206-1800-0000-8fa1-b4243a120000 pid=4666 execve guuid=21e17106-1800-0000-8fa1-b4243c120000 pid=4668 /usr/bin/busybox net send-data write-file guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=21e17106-1800-0000-8fa1-b4243c120000 pid=4668 execve guuid=85270947-1800-0000-8fa1-b424df120000 pid=4831 /usr/bin/chmod guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=85270947-1800-0000-8fa1-b424df120000 pid=4831 execve guuid=16528747-1800-0000-8fa1-b424e1120000 pid=4833 /home/sandbox/csk_x86_64 net guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=16528747-1800-0000-8fa1-b424e1120000 pid=4833 execve guuid=b9d1bb47-1800-0000-8fa1-b424e4120000 pid=4836 /usr/bin/rm guuid=1fb78284-1500-0000-8fa1-b4247f0c0000 pid=3199->guuid=b9d1bb47-1800-0000-8fa1-b424e4120000 pid=4836 execve 1620c7c4-e93d-516f-a8e7-a70e9d4dc287 14.225.20.10:80 guuid=8fa18085-1500-0000-8fa1-b424800c0000 pid=3200->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 82B guuid=7e54c6c4-1500-0000-8fa1-b424ce0c0000 pid=3278->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=77f9dff8-1500-0000-8fa1-b424210d0000 pid=3361->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=05847f38-1600-0000-8fa1-b424a00d0000 pid=3488->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=d40b0288-1600-0000-8fa1-b4242a0e0000 pid=3626->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=eda184c8-1600-0000-8fa1-b424a20e0000 pid=3746->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=78c56408-1700-0000-8fa1-b4244b0f0000 pid=3915->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 83B guuid=aa8ad749-1700-0000-8fa1-b42416100000 pid=4118->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 82B guuid=ea362e89-1700-0000-8fa1-b424b8100000 pid=4280->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 82B guuid=5d4c30c7-1700-0000-8fa1-b424a2110000 pid=4514->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 82B e22a25d0-6c98-5792-9e9c-b205c3cd098e 46.3.112.9:53 guuid=640d2206-1800-0000-8fa1-b4243a120000 pid=4666->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667 /home/sandbox/csk_x86 dns net send-data zombie guuid=640d2206-1800-0000-8fa1-b4243a120000 pid=4666->guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667 clone guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667->e22a25d0-6c98-5792-9e9c-b205c3cd098e con 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B fa89e68f-2ccc-502f-b4db-42649241c9fb xoclo.fordvungtau.com.vn:55555 guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667->fa89e68f-2ccc-502f-b4db-42649241c9fb send: 14B guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669 /home/sandbox/csk_x86 guuid=49c66706-1800-0000-8fa1-b4243b120000 pid=4667->guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669 clone guuid=21e17106-1800-0000-8fa1-b4243c120000 pid=4668->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 85B guuid=eafca506-1800-0000-8fa1-b4243e120000 pid=4670 /home/sandbox/csk_x86 guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669->guuid=eafca506-1800-0000-8fa1-b4243e120000 pid=4670 clone guuid=eec45887-1b00-0000-8fa1-b424b4140000 pid=5300 /home/sandbox/csk_x86 guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669->guuid=eec45887-1b00-0000-8fa1-b424b4140000 pid=5300 clone guuid=bdc38908-1f00-0000-8fa1-b424b6140000 pid=5302 /home/sandbox/csk_x86 guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669->guuid=bdc38908-1f00-0000-8fa1-b424b6140000 pid=5302 clone guuid=cac37b89-2200-0000-8fa1-b424b8140000 pid=5304 /home/sandbox/csk_x86 guuid=28f68306-1800-0000-8fa1-b4243d120000 pid=4669->guuid=cac37b89-2200-0000-8fa1-b424b8140000 pid=5304 clone guuid=16528747-1800-0000-8fa1-b424e1120000 pid=4833->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834 /home/sandbox/csk_x86_64 dns net send-data zombie guuid=16528747-1800-0000-8fa1-b424e1120000 pid=4833->guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834 clone guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834->fa89e68f-2ccc-502f-b4db-42649241c9fb send: 14B guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835 /home/sandbox/csk_x86_64 guuid=4241a847-1800-0000-8fa1-b424e2120000 pid=4834->guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835 clone guuid=e7c6c147-1800-0000-8fa1-b424e5120000 pid=4837 /home/sandbox/csk_x86_64 guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835->guuid=e7c6c147-1800-0000-8fa1-b424e5120000 pid=4837 clone guuid=09d17dc6-1b00-0000-8fa1-b424b5140000 pid=5301 /home/sandbox/csk_x86_64 guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835->guuid=09d17dc6-1b00-0000-8fa1-b424b5140000 pid=5301 clone guuid=e4d94645-1f00-0000-8fa1-b424b7140000 pid=5303 /home/sandbox/csk_x86_64 guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835->guuid=e4d94645-1f00-0000-8fa1-b424b7140000 pid=5303 clone guuid=250911c4-2200-0000-8fa1-b424b9140000 pid=5305 /home/sandbox/csk_x86_64 guuid=7816b447-1800-0000-8fa1-b424e3120000 pid=4835->guuid=250911c4-2200-0000-8fa1-b424b9140000 pid=5305 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-07 20:34:15 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sbqnfjrnzlxxsf2ras5673nt6cefkxh3y4ah7i665t2io7rc2nia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260107-zchrwaaz2g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9060d2a62dcaef79175104bbefedb3f088555cfbc7007fa3deecf4877e22d350

(this sample)

Mirai

elf 3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e

  
URLhaus
https://urlhaus.abuse.ch/url/3660302/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a24271cc9adeea9bbb5cf657542c6cf7
  
Dropping
SHA256 3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e

Comments