MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d
SHA3-384 hash: fb6d50e1cf9b12b4e7d1ce332e411fd2b1881513756255d982ae67c392388510418322ab1e54c958531938e4c3fb6bd8
SHA1 hash: 0adf3899258aadd5cd97fa73e7c24ef22be382ec
MD5 hash: 08a1499f5a3136b3715d9b5c12d7cf74
humanhash: helium-oregon-vegan-delta
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'216 bytes
First seen:2025-12-13 22:53:41 UTC
Last seen:2025-12-14 23:20:19 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 96:fiXBb0Bym8V9p8J0fmUXMiXOCfKIil/c/L:fiX9003LnXJ9
TLSH T1036197F5B431637036C88D3CB11958986AEBD9B9B0782715B9D66C73C0DC9193229F3E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.147.189/systemcl/arc1078f2fef9abdeda64bb97bd4c1e4ba9a6c8ee74a13eb8f29853b27ea5abd844 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/armbe58a44667b375703a76ad0c6ddca15d16aee9717d125919f20dce30763cc00e Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/arm558979f8f088f4a7ccb290972f63908b9f2aed2745965edec68713c3cd48288dd Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm658dd71aaa4f164ec08db9d54e30773965f5a37db5c4bf10109f04a3cd7a45c76 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm77dd8c3fe8594bd26a06d0df7438b4c06356b02767c5f246bcca9380549452261 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/i486n/an/aelf ua-wget
http://31.97.147.189/systemcl/m68kacacb9cd011b9df93f5a0ee16176704bce0e07d694b8dadfbb4e3a03b1b05cfc Miraielf geofenced m68k mirai ua-wget USA
http://31.97.147.189/systemcl/mipsb38cac7dcd0b2f68f15499113658d15987de22ba225cea00a14e95a885adec75 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/mpsl6bcd18e09bdddc9823c1ebc6090640ed723eddb8d214958ee99d607da2e6d86b Miraielf geofenced mips mirai ua-wget USA
http://31.97.147.189/systemcl/ppc55bdaa3a8a9608985b07865783259092d37736f52066f94df42f2a4c9820b026 Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.147.189/systemcl/ppc440n/an/aelf ua-wget
http://31.97.147.189/systemcl/sh46d1e8f244ece4575dd4fa0e405b758ba2bf4b265cdf25eda7084d2d7bd3d1a83 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/spcab43916d8e693e404bcb5f0c732139dfae5b3e122a4ad12b6b97d35639cb7749 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/x865b1f2a4aae9074691cb6f36abffe7c155844f670b8fcf1c9106ca60201217bf3 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/x86_64970d48b9edbe3f7877701b695eec9e47f7f64409a951de973b4e40e72e0da785 Miraielf geofenced mirai ua-wget USA x86
http://31.97.147.189/systemcl/x86_32dddbf25be9e6ca4b13c2c33159aeedf7d4a7accecd53b87aa5d2406ab05ecfa2 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-13T21:08:00Z UTC
Last seen:
2025-12-14T12:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-13 22:54:21 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfgz6ek6lvlvfqacztgivdgguu7untsmfe5fivujbboz7ltb2nwq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251213-2vqljstnbw/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
UPX packed file
File and Directory Permissions Modification
Executes dropped EXE
Traces itself
Mirai
Mirai family
Malware Config
C2 Extraction:
ahahahahahajs.unproxy.st
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 994d9f115e5d5752c002cccc8a8cc6a53f46ce4c293a545689085d9fae61d36d

(this sample)

Mirai

elf d58acea96a43aced3c3f6946c7d659bc6dd0c1ff50bfee3619a40d7463333d9f

  
URLhaus
https://urlhaus.abuse.ch/url/3713661/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3724848/
  
URLhaus
https://urlhaus.abuse.ch/url/3713670/
  
Dropping
MD5 16db901e15bd0b78b7240078477fa42d
  
Dropping
SHA256 d58acea96a43aced3c3f6946c7d659bc6dd0c1ff50bfee3619a40d7463333d9f

Comments