MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7
SHA3-384 hash: 7a8d6ccf450252f6ced37ecbfae3d2923f8c377b139c353f1563df4cff656941068255081718eb6ca9d5a55a1cde1035
SHA1 hash: 9ee8c76c142d39464cad67aa835135c54f4ae78c
MD5 hash: d40682b635b67c7ddf03d49739010e52
humanhash: sweet-pluto-video-ten
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'607 bytes
First seen:2026-06-12 03:03:32 UTC
Last seen:2026-06-12 10:29:16 UTC
File type: sh
MIME type:text/plain
ssdeep 24:hd8ABI7oI7vNIB9cJEGcJE3EuJERElUPc9cG45kxZAgddc4O9t:EhXbiB9cJzcJ8xJSBPYcG45kYgY4O9t
TLSH T1B531A4CB1A500F71C30E875DFBB06569900A52F6FAD30BDE998708AD5D49BCCBA45F90
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.234/bins/aarch64ed681172a2c3102df39c63a0a0f7f3736c62d73e2c16be223b765b1917e2d77d Miraielf mirai ua-wget
http://94.156.152.234/bins/i38638cbf2203a0522d04e06502f0009a1db5c97cf93dea7a3f354dedc1a35fb08d6 Miraielf mirai ua-wget
http://94.156.152.234/bins/loongarch64ce039bf17f49a22242ab1a0b0a7200fc511db5b0848525c4f6730b8ffe508640 Miraielf mirai ua-wget
http://94.156.152.234/bins/m68ka728de0715298df5ae6baa6993e94937ab6978f34ea5f0c417376f8d0d03f6a0 Miraielf mirai ua-wget
http://94.156.152.234/bins/microblazea69114dfc0faf02a5d9daf0839bef0c1a22cc16296cc8596f11432a9b56bc639 Miraielf mirai ua-wget
http://94.156.152.234/bins/mips532a6bde5d6c5821a20a52757162f221380a2f9b2e2d5a9998edb8d09b1dca69 Miraielf mirai ua-wget
http://94.156.152.234/bins/or1k304f178e03d2b97e57ae4ace130b71cc59039224d6c14a64a52ae6efc9a037f8 Miraielf mirai ua-wget
http://94.156.152.234/bins/powerpc7e84ebbf5457aa9e3753be4943ab30efc7663e25674de3000b74c4863f9f80e3 Miraielf mirai ua-wget
http://94.156.152.234/bins/riscv3252f1276d126395e31bf38b54bd4c3768c5034c310e9631bc341bdcddc75cd8d2 Miraielf mirai ua-wget
http://94.156.152.234/bins/riscv64fc6775a6e1d6c019e84aa71a849405ba25089e8c9b314daf96ac0f833c369bd3 Miraielf mirai ua-wget
http://94.156.152.234/bins/sh221f8a4449314f8afba8128641f9a9d5997c6919192e541744c75ef92b006cd77 Miraielf mirai ua-wget
http://94.156.152.234/bins/sh43a93cbdad030396150b549833e028652939d25e6362d212b9d539eefd7db886f Miraielf mirai ua-wget
http://94.156.152.234/bins/x86_6440d08f4d13eac1bf87bc273cfe529c8e5de2a43cd9598bf38b39d10c921cb0df Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6a2b770e554e843ff868f95a/reports/f9a3a5ad-a746-4f9d-8195-f1034e243490/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-06-12T00:12:00Z UTC
Last seen:
2026-06-14T01:01:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.bc HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7
Threat name:
Script-Shell.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-06-12 03:04:33 UTC
File Type:
Text (Shell)
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tw22uzdxadozwhqvjzd7ztdj5lcxamsvm3p3kmcrn5mytjm27t3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260612-dkdx1afx2z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9db5aa647700dd9b1e154e47fccc69eac570325566dfb530516f5989a59afcf7

(this sample)

Mirai

elf 2c80ac6720be04126b8a41722c21967f744b1b8825e1ec3a53f53f3828644b24

Mirai

elf ed681172a2c3102df39c63a0a0f7f3736c62d73e2c16be223b765b1917e2d77d

  
URLhaus
https://urlhaus.abuse.ch/url/3862093/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bfdf5e2474aaa92a240e434fdfb50a13
  
Dropping
SHA256 ed681172a2c3102df39c63a0a0f7f3736c62d73e2c16be223b765b1917e2d77d

Comments