MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9
SHA3-384 hash: 693067df719047b47b4ddd6dce2ba7954175e1d4ea86b9bac2d495abc32e0424d647a254901989418ddf2e6440b8814e
SHA1 hash: 335464d3f5b1cc43cc5d9105cf0d4078f958be28
MD5 hash: 4c22bcce92cd15f261cd5ba40bb2dadf
humanhash: cardinal-ack-cardinal-beer
File name:t
Download: download sample
Signature Mirai
Create hunting rule
File size:361 bytes
First seen:2025-12-17 17:28:54 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:h9OnFflE0Fu+yQU+KAjDyzHuyzfyua/iKHEIDEivpv:d0FAAj2zzz6ua/5hd
TLSH T12CE092D53466007BA854CE51E0A4474EE472F88551C02EB5D89E383B283FC0C71F4639
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://kpq.at/d37e4ca47f5eac81a493c2ef21f7ac8337835ce0d7f503a2a81d32cec3115a32d Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
Bash.MiraiB.Generic
Link:
https://www.hybrid-analysis.com/sample/93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-17T18:51:00Z UTC
Last seen:
2025-12-17T19:39:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/69ad8485-a79c-46ac-924d-165063bc4b2f
Behavior Graph:
Download SVG
%3 guuid=7048b5ee-1900-0000-8cca-ebfea80a0000 pid=2728 /usr/bin/sudo guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734 /tmp/sample.bin guuid=7048b5ee-1900-0000-8cca-ebfea80a0000 pid=2728->guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734 execve guuid=efb1c1f1-1900-0000-8cca-ebfeaf0a0000 pid=2735 /usr/bin/wget dns net send-data write-file guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=efb1c1f1-1900-0000-8cca-ebfeaf0a0000 pid=2735 execve guuid=a07dbbfc-1900-0000-8cca-ebfec40a0000 pid=2756 /usr/bin/wget dns net send-data write-file guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=a07dbbfc-1900-0000-8cca-ebfec40a0000 pid=2756 execve guuid=2093dd06-1a00-0000-8cca-ebfecf0a0000 pid=2767 /usr/bin/chmod guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=2093dd06-1a00-0000-8cca-ebfecf0a0000 pid=2767 execve guuid=9eb52507-1a00-0000-8cca-ebfed10a0000 pid=2769 /usr/bin/dash guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=9eb52507-1a00-0000-8cca-ebfed10a0000 pid=2769 clone guuid=4fe15309-1a00-0000-8cca-ebfed70a0000 pid=2775 /usr/bin/dash guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=4fe15309-1a00-0000-8cca-ebfed70a0000 pid=2775 clone guuid=20707d0a-1a00-0000-8cca-ebfedb0a0000 pid=2779 /usr/bin/rm delete-file guuid=94a051f1-1900-0000-8cca-ebfeae0a0000 pid=2734->guuid=20707d0a-1a00-0000-8cca-ebfedb0a0000 pid=2779 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=efb1c1f1-1900-0000-8cca-ebfeaf0a0000 pid=2735->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 48B 8de90fb0-2a98-5c62-9fc5-9fac58f25014 kpq.at:80 guuid=efb1c1f1-1900-0000-8cca-ebfeaf0a0000 pid=2735->8de90fb0-2a98-5c62-9fc5-9fac58f25014 send: 122B guuid=a07dbbfc-1900-0000-8cca-ebfec40a0000 pid=2756->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 48B guuid=a07dbbfc-1900-0000-8cca-ebfec40a0000 pid=2756->8de90fb0-2a98-5c62-9fc5-9fac58f25014 send: 122B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9/
Threat name:
Script-Shell.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2025-12-17 18:12:45 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=spharf5suf6yzxslytt6qabzm7pwb646qsefpij75327btaw4t4q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/251223-pxs38synhz/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/93ce0897b2a1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.28
Link:
https://yomi.yoroi.company/submissions/93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 93ce0897b2a17d8cde4bc4e7e8003967df60fb9e848857a13feef5f0cc16e4f9

(this sample)

Mirai

elf 37e4ca47f5eac81a493c2ef21f7ac8337835ce0d7f503a2a81d32cec3115a32d

  
URLhaus
https://urlhaus.abuse.ch/url/3726989/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3e1d0171867cfdc064d46317bb430b8c
  
Dropping
SHA256 37e4ca47f5eac81a493c2ef21f7ac8337835ce0d7f503a2a81d32cec3115a32d

Comments