MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6
SHA3-384 hash: 2bed0f0876070798ade58966e021f8e8f48b2225a2f996424578882d7177e052309f311dcbf68b17c22250d42db6421f
SHA1 hash: dc32baed55bcb26c6597a0db7ba3cb628a2c7475
MD5 hash: 229feb789ec7eb0d2eee6383c54445f2
humanhash: september-network-west-sodium
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:588 bytes
First seen:2026-01-11 02:30:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:TJ+d9Fvh2i2Iu3Pi3/3O2mb3olioeLW3qfH8qeFa0LKieY:TJ+zFZ2i9iPi3vObokoeLKKcC0LKVY
TLSH T154F0D1EF71545B72568CDD8161F2980DA889BAD226E40F6C6FD944A788E0B40FB8CF20
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.126/mips26e1c7ac50319b3bacf336cbaaec770caac9bc9ceb6b9b87fceca53ecef664ff Mirai32-bit elf mirai ua-wget
http://130.12.180.126/mpsl50825416445643e9f0395618392e964f6668bd7090cce27dc5e61421b12523b5 Miraielf gafgyt mirai ua-wget
http://130.12.180.126/arm4b3a8a0f242041630931fbe99484290b342866b3c98e658fe83961d0f4219e91d Miraielf mirai ua-wget
http://130.12.180.126/arm5fe9e87095153191ba77fd7eed720b0b1ac1ebd39176c9b9926b2af899b585075 Miraielf mirai ua-wget
http://130.12.180.126/arm780ee20cbbb9ae55730cbc841c0581642f9245b27627ae2a61f6827803d304b8e Miraiarm elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash busybox expand lolbin mirai
Link:
https://www.filescan.io/uploads/69630b4f30368802bb7fb13e/reports/6d56867d-9e2d-4d1f-8e9d-dd007e04df73/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-10T23:49:00Z UTC
Last seen:
2026-01-11T00:08:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f4f34fb7-b3d2-40b5-b949-29b477dffea7
Behavior Graph:
Download SVG
%3 guuid=7d848fd9-1700-0000-9766-379f1f0b0000 pid=2847 /usr/bin/sudo guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854 /tmp/sample.bin guuid=7d848fd9-1700-0000-9766-379f1f0b0000 pid=2847->guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854 execve guuid=01e778db-1700-0000-9766-379f280b0000 pid=2856 /usr/bin/rm guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=01e778db-1700-0000-9766-379f280b0000 pid=2856 execve guuid=97d002dc-1700-0000-9766-379f2b0b0000 pid=2859 /usr/bin/wget net send-data write-file guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=97d002dc-1700-0000-9766-379f2b0b0000 pid=2859 execve guuid=60d6fae2-1700-0000-9766-379f410b0000 pid=2881 /usr/bin/chmod guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=60d6fae2-1700-0000-9766-379f410b0000 pid=2881 execve guuid=cb4b3ce3-1700-0000-9766-379f430b0000 pid=2883 /usr/bin/dash guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=cb4b3ce3-1700-0000-9766-379f430b0000 pid=2883 clone guuid=e5c5d3e3-1700-0000-9766-379f450b0000 pid=2885 /usr/bin/wget net send-data write-file guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=e5c5d3e3-1700-0000-9766-379f450b0000 pid=2885 execve guuid=b4b9b2e9-1700-0000-9766-379f520b0000 pid=2898 /usr/bin/chmod guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=b4b9b2e9-1700-0000-9766-379f520b0000 pid=2898 execve guuid=602cf8e9-1700-0000-9766-379f540b0000 pid=2900 /usr/bin/dash guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=602cf8e9-1700-0000-9766-379f540b0000 pid=2900 clone guuid=ba8570ea-1700-0000-9766-379f570b0000 pid=2903 /usr/bin/wget net send-data write-file guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=ba8570ea-1700-0000-9766-379f570b0000 pid=2903 execve guuid=7a7f8def-1700-0000-9766-379f630b0000 pid=2915 /usr/bin/chmod guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=7a7f8def-1700-0000-9766-379f630b0000 pid=2915 execve guuid=6919c2ef-1700-0000-9766-379f650b0000 pid=2917 /usr/bin/dash guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=6919c2ef-1700-0000-9766-379f650b0000 pid=2917 clone guuid=27c04bf0-1700-0000-9766-379f680b0000 pid=2920 /usr/bin/wget net send-data write-file guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=27c04bf0-1700-0000-9766-379f680b0000 pid=2920 execve guuid=fcbdb3f5-1700-0000-9766-379f6d0b0000 pid=2925 /usr/bin/chmod guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=fcbdb3f5-1700-0000-9766-379f6d0b0000 pid=2925 execve guuid=80affaf5-1700-0000-9766-379f6f0b0000 pid=2927 /usr/bin/dash guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=80affaf5-1700-0000-9766-379f6f0b0000 pid=2927 clone guuid=96bc98f7-1700-0000-9766-379f740b0000 pid=2932 /usr/bin/wget net send-data write-file guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=96bc98f7-1700-0000-9766-379f740b0000 pid=2932 execve guuid=a7716afd-1700-0000-9766-379f7f0b0000 pid=2943 /usr/bin/chmod guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=a7716afd-1700-0000-9766-379f7f0b0000 pid=2943 execve guuid=7ebd9ffd-1700-0000-9766-379f800b0000 pid=2944 /usr/bin/dash guuid=37ea40db-1700-0000-9766-379f260b0000 pid=2854->guuid=7ebd9ffd-1700-0000-9766-379f800b0000 pid=2944 clone 8091add5-ce18-531c-aa24-126a72d1cdd3 130.12.180.126:80 guuid=97d002dc-1700-0000-9766-379f2b0b0000 pid=2859->8091add5-ce18-531c-aa24-126a72d1cdd3 send: 133B guuid=e5c5d3e3-1700-0000-9766-379f450b0000 pid=2885->8091add5-ce18-531c-aa24-126a72d1cdd3 send: 133B guuid=ba8570ea-1700-0000-9766-379f570b0000 pid=2903->8091add5-ce18-531c-aa24-126a72d1cdd3 send: 133B guuid=27c04bf0-1700-0000-9766-379f680b0000 pid=2920->8091add5-ce18-531c-aa24-126a72d1cdd3 send: 133B guuid=96bc98f7-1700-0000-9766-379f740b0000 pid=2932->8091add5-ce18-531c-aa24-126a72d1cdd3 send: 133B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-11 03:10:09 UTC
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=scbsvu7yvefxdjgtp4lubpiposl23puyrdhbrmbg7hg5uvgjj3la._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260111-czhdasdz2g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 90832ad3f8a90b71a4d37f1740bd0f7497adbe9888ce18b026f9cdda54c94ed6

(this sample)

Mirai

elf 6091591c65e708bb1c7b6912438880bc14992de4e04939eec216a6ecd6dd93e0

  
URLhaus
https://urlhaus.abuse.ch/url/3718749/
  
Delivery method
Distributed via web download
  
Dropping
MD5 36adfb215a9f1c13931f3f16f4dde8b6
  
Dropping
SHA256 6091591c65e708bb1c7b6912438880bc14992de4e04939eec216a6ecd6dd93e0

Comments