MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573
SHA3-384 hash: f7bb36fab8bb466e143b3eac62879bdcd756496b2b06fa6c410f41067aa4001fe6cc92d2f77f7abb68a2efd5f096547a
SHA1 hash: e7a5768a15fcbf41891a89e5c35c8dcd2ba6ed69
MD5 hash: 631ea35a4d5d4d6d12316571e26c12b9
humanhash: low-glucose-fillet-sodium
File name:s.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'200 bytes
First seen:2026-02-21 06:12:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:wlzBI8KNlaGwatuc0WZ8st4htDQIhVU8NI786uu7NC2l:2Ft3isQ0EsM
TLSH T1AC2136CD916190D305489EB8F87345A4B04C9EF4FCA0AF24A44DDD295C9B749B058A97
Magika asm
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://188.214.30.5/bins/mpsln/an/aelf ua-wget
http://188.214.30.5/bins/arm7n/an/aelf ua-wget
http://188.214.30.5/bins/spcn/an/aelf ua-wget
http://188.214.30.5/bins/sh4n/an/aelf ua-wget
http://188.214.30.5/bins/ppcn/an/aelf ua-wget
http://188.214.30.5/bins/mipsn/an/aelf ua-wget
http://188.214.30.5/bins/m68kn/an/aelf ua-wget
http://188.214.30.5/bins/arm6n/an/aelf ua-wget
http://188.214.30.5/bins/arm5n/an/aelf ua-wget
http://188.214.30.5/bins/armn/an/aelf ua-wget
http://188.214.30.5/bins/x86_6462905f8a3507c4ad44848de30017efd4c89eb4f34a746eecc10600a91aafdf0a Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/69994cfe97feb4afd65042eb/reports/73ed340d-bea9-466a-8b0a-58ebd09e75a6/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4e46ce8b-7232-4407-a449-9dd995bc3280
Behavior Graph:
Download SVG
%3 guuid=78de8eed-1700-0000-69bf-6392640c0000 pid=3172 /usr/bin/sudo guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173 /tmp/sample.bin guuid=78de8eed-1700-0000-69bf-6392640c0000 pid=3172->guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173 execve guuid=1b57fbf0-1700-0000-69bf-6392660c0000 pid=3174 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=1b57fbf0-1700-0000-69bf-6392660c0000 pid=3174 execve guuid=26425cf9-1700-0000-69bf-6392700c0000 pid=3184 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=26425cf9-1700-0000-69bf-6392700c0000 pid=3184 execve guuid=82347a04-1800-0000-69bf-63928c0c0000 pid=3212 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=82347a04-1800-0000-69bf-63928c0c0000 pid=3212 execve guuid=07b0eb04-1800-0000-69bf-63928d0c0000 pid=3213 /home/sandbox/mpsl guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=07b0eb04-1800-0000-69bf-63928d0c0000 pid=3213 execve guuid=1ba25e05-1800-0000-69bf-63928e0c0000 pid=3214 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=1ba25e05-1800-0000-69bf-63928e0c0000 pid=3214 execve guuid=f207d00a-1800-0000-69bf-63928f0c0000 pid=3215 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=f207d00a-1800-0000-69bf-63928f0c0000 pid=3215 execve guuid=50e4e813-1800-0000-69bf-6392900c0000 pid=3216 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=50e4e813-1800-0000-69bf-6392900c0000 pid=3216 execve guuid=bfcb9914-1800-0000-69bf-6392910c0000 pid=3217 /home/sandbox/arm7 guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=bfcb9914-1800-0000-69bf-6392910c0000 pid=3217 execve guuid=f4d92915-1800-0000-69bf-6392920c0000 pid=3218 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=f4d92915-1800-0000-69bf-6392920c0000 pid=3218 execve guuid=3499ea1a-1800-0000-69bf-6392990c0000 pid=3225 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=3499ea1a-1800-0000-69bf-6392990c0000 pid=3225 execve guuid=e750fe23-1800-0000-69bf-6392a90c0000 pid=3241 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=e750fe23-1800-0000-69bf-6392a90c0000 pid=3241 execve guuid=07167724-1800-0000-69bf-6392aa0c0000 pid=3242 /home/sandbox/spc guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=07167724-1800-0000-69bf-6392aa0c0000 pid=3242 execve guuid=df1ddc24-1800-0000-69bf-6392ab0c0000 pid=3243 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=df1ddc24-1800-0000-69bf-6392ab0c0000 pid=3243 execve guuid=bd6f0f2a-1800-0000-69bf-6392b50c0000 pid=3253 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=bd6f0f2a-1800-0000-69bf-6392b50c0000 pid=3253 execve guuid=303b9333-1800-0000-69bf-6392c20c0000 pid=3266 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=303b9333-1800-0000-69bf-6392c20c0000 pid=3266 execve guuid=8ef70a34-1800-0000-69bf-6392c40c0000 pid=3268 /home/sandbox/sh4 guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=8ef70a34-1800-0000-69bf-6392c40c0000 pid=3268 execve guuid=f2d74834-1800-0000-69bf-6392c50c0000 pid=3269 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=f2d74834-1800-0000-69bf-6392c50c0000 pid=3269 execve guuid=f138f53a-1800-0000-69bf-6392d70c0000 pid=3287 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=f138f53a-1800-0000-69bf-6392d70c0000 pid=3287 execve guuid=22e0af43-1800-0000-69bf-6392f20c0000 pid=3314 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=22e0af43-1800-0000-69bf-6392f20c0000 pid=3314 execve guuid=31b0ea43-1800-0000-69bf-6392f40c0000 pid=3316 /home/sandbox/ppc guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=31b0ea43-1800-0000-69bf-6392f40c0000 pid=3316 execve guuid=fbb82144-1800-0000-69bf-6392f50c0000 pid=3317 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=fbb82144-1800-0000-69bf-6392f50c0000 pid=3317 execve guuid=b2198b49-1800-0000-69bf-6392050d0000 pid=3333 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=b2198b49-1800-0000-69bf-6392050d0000 pid=3333 execve guuid=31cae051-1800-0000-69bf-6392110d0000 pid=3345 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=31cae051-1800-0000-69bf-6392110d0000 pid=3345 execve guuid=73f43352-1800-0000-69bf-6392120d0000 pid=3346 /home/sandbox/mips guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=73f43352-1800-0000-69bf-6392120d0000 pid=3346 execve guuid=34b48152-1800-0000-69bf-6392130d0000 pid=3347 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=34b48152-1800-0000-69bf-6392130d0000 pid=3347 execve guuid=c52c7f58-1800-0000-69bf-6392160d0000 pid=3350 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=c52c7f58-1800-0000-69bf-6392160d0000 pid=3350 execve guuid=1921fe5f-1800-0000-69bf-6392280d0000 pid=3368 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=1921fe5f-1800-0000-69bf-6392280d0000 pid=3368 execve guuid=d5ae3c60-1800-0000-69bf-63922a0d0000 pid=3370 /home/sandbox/m68k guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=d5ae3c60-1800-0000-69bf-63922a0d0000 pid=3370 execve guuid=ff737160-1800-0000-69bf-63922c0d0000 pid=3372 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=ff737160-1800-0000-69bf-63922c0d0000 pid=3372 execve guuid=8f6a7165-1800-0000-69bf-63923b0d0000 pid=3387 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=8f6a7165-1800-0000-69bf-63923b0d0000 pid=3387 execve guuid=9056346c-1800-0000-69bf-63924b0d0000 pid=3403 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=9056346c-1800-0000-69bf-63924b0d0000 pid=3403 execve guuid=d0266f6c-1800-0000-69bf-63924c0d0000 pid=3404 /home/sandbox/arm6 guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=d0266f6c-1800-0000-69bf-63924c0d0000 pid=3404 execve guuid=9a13a56c-1800-0000-69bf-63924e0d0000 pid=3406 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=9a13a56c-1800-0000-69bf-63924e0d0000 pid=3406 execve guuid=a9022372-1800-0000-69bf-63925d0d0000 pid=3421 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=a9022372-1800-0000-69bf-63925d0d0000 pid=3421 execve guuid=f158a478-1800-0000-69bf-6392750d0000 pid=3445 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=f158a478-1800-0000-69bf-6392750d0000 pid=3445 execve guuid=070edc78-1800-0000-69bf-6392760d0000 pid=3446 /home/sandbox/arm5 guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=070edc78-1800-0000-69bf-6392760d0000 pid=3446 execve guuid=63ad1279-1800-0000-69bf-6392770d0000 pid=3447 /usr/bin/wget net send-data guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=63ad1279-1800-0000-69bf-6392770d0000 pid=3447 execve guuid=008c3d7f-1800-0000-69bf-63928d0d0000 pid=3469 /usr/bin/curl net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=008c3d7f-1800-0000-69bf-63928d0d0000 pid=3469 execve guuid=0a40cb85-1800-0000-69bf-63929f0d0000 pid=3487 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=0a40cb85-1800-0000-69bf-63929f0d0000 pid=3487 execve guuid=1ed72486-1800-0000-69bf-6392a10d0000 pid=3489 /home/sandbox/arm guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=1ed72486-1800-0000-69bf-6392a10d0000 pid=3489 execve guuid=fd2f7486-1800-0000-69bf-6392a30d0000 pid=3491 /usr/bin/wget net send-data write-file guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=fd2f7486-1800-0000-69bf-6392a30d0000 pid=3491 execve guuid=4fa4e791-1800-0000-69bf-6392bf0d0000 pid=3519 /usr/bin/chmod guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=4fa4e791-1800-0000-69bf-6392bf0d0000 pid=3519 execve guuid=04c86d92-1800-0000-69bf-6392c10d0000 pid=3521 /home/sandbox/x86_64 net guuid=beb8aaf0-1700-0000-69bf-6392650c0000 pid=3173->guuid=04c86d92-1800-0000-69bf-6392c10d0000 pid=3521 execve e4f6d7ff-98f5-5057-aa15-d7fef91e9249 188.214.30.5:80 guuid=1b57fbf0-1700-0000-69bf-6392660c0000 pid=3174->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=26425cf9-1700-0000-69bf-6392700c0000 pid=3184->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=1ba25e05-1800-0000-69bf-63928e0c0000 pid=3214->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=f207d00a-1800-0000-69bf-63928f0c0000 pid=3215->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=f4d92915-1800-0000-69bf-6392920c0000 pid=3218->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 135B guuid=3499ea1a-1800-0000-69bf-6392990c0000 pid=3225->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 84B guuid=df1ddc24-1800-0000-69bf-6392ab0c0000 pid=3243->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 135B guuid=bd6f0f2a-1800-0000-69bf-6392b50c0000 pid=3253->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 84B guuid=f2d74834-1800-0000-69bf-6392c50c0000 pid=3269->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 135B guuid=f138f53a-1800-0000-69bf-6392d70c0000 pid=3287->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 84B guuid=fbb82144-1800-0000-69bf-6392f50c0000 pid=3317->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=b2198b49-1800-0000-69bf-6392050d0000 pid=3333->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=34b48152-1800-0000-69bf-6392130d0000 pid=3347->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=c52c7f58-1800-0000-69bf-6392160d0000 pid=3350->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=ff737160-1800-0000-69bf-63922c0d0000 pid=3372->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=8f6a7165-1800-0000-69bf-63923b0d0000 pid=3387->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=9a13a56c-1800-0000-69bf-63924e0d0000 pid=3406->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 136B guuid=a9022372-1800-0000-69bf-63925d0d0000 pid=3421->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 85B guuid=63ad1279-1800-0000-69bf-6392770d0000 pid=3447->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 135B guuid=008c3d7f-1800-0000-69bf-63928d0d0000 pid=3469->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 84B guuid=fd2f7486-1800-0000-69bf-6392a30d0000 pid=3491->e4f6d7ff-98f5-5057-aa15-d7fef91e9249 send: 138B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=04c86d92-1800-0000-69bf-6392c10d0000 pid=3521->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523 /home/sandbox/x86_64 dns net send-data zombie guuid=04c86d92-1800-0000-69bf-6392c10d0000 pid=3521->guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523 clone guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B 490cbb64-d5a8-554f-8a81-c7501be55429 stormstresser.duckdns.org:38241 guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523->490cbb64-d5a8-554f-8a81-c7501be55429 send: 5B guuid=8360ac92-1800-0000-69bf-6392c40d0000 pid=3524 /home/sandbox/x86_64 guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523->guuid=8360ac92-1800-0000-69bf-6392c40d0000 pid=3524 clone guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525 /home/sandbox/x86_64 net net-scan send-data guuid=c3919d92-1800-0000-69bf-6392c30d0000 pid=3523->guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525 clone guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 23da069f-867e-5d7f-bae1-ac510bd8e4d2 165.12.133.172:23 guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525->23da069f-867e-5d7f-bae1-ac510bd8e4d2 send: 40B guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525|send-data send-data to 4097 IP addresses review logs to see them all guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525->guuid=a3eeb792-1800-0000-69bf-6392c50d0000 pid=3525|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-20 20:10:34 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=to2jbk3avqi3otqlhvef2joe3dbx75s6vmu7wkpwxv6qevp2evzq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260221-gywxhsaz2c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9bb490ab60ac11b74e0b3d485d25c4d8c37ff65eab29fb29f6bd7d0255fa2573

(this sample)

Mirai

elf 62905f8a3507c4ad44848de30017efd4c89eb4f34a746eecc10600a91aafdf0a

  
Dropping
MD5 04e707d1614e1133e702cdfcf0230546
  
Dropping
SHA256 62905f8a3507c4ad44848de30017efd4c89eb4f34a746eecc10600a91aafdf0a
  
URLhaus
https://urlhaus.abuse.ch/url/3782136/
  
Delivery method
Distributed via web download

Comments