MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571
SHA3-384 hash:	42d82a25e2d1986c345c5fc5d1c267de463a06fa8362eece9e7ac8b689610c0de7e7594c4b66db8bd4e485536b6efdec
SHA1 hash:	914663fabc476a45eadbc13eeaa4231dbabb09bc
MD5 hash:	b6c14c2821bea02b0603ec8b8a8c5d63
humanhash:	xray-uranus-yellow-two
File name:	lol.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	5'634 bytes
First seen:	2025-11-27 10:48:05 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:Iv6r7U6rb6rSH6rJJ6rR8U6rcw6r4Tvr6rVm6rMCZ6rV828NIuHkU6rb8K6wCU6b:rx87IRUc54TE5TG8sqPOzZL2vdYGsM
TLSH	T1E7C1399920014B33DE5CDE52EA5A8C4F728761809A9AFF09F9FE55A6C54DE0C3201FED
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://143.20.185.245/windyluvexecutor/executor.x86	0062e163eb52df01884e167525853ba2863f5e97cd4760ddf4e4d3b1c92bf0dc	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.mips	001a48b245f236fae410254d66aa0d36593571aab7110abfb325f2a60a65ecd0	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arc	8e6a0d59349add127f1f9ba6a775e8fa906e342e93399040e880b9db0ccd3193	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.i468	n/a	n/a	elf ua-wget
http://143.20.185.245/windyluvexecutor/executor.i686	871e023ad6cccbc7ca96ac0809d84f27dc7aa8da0887860154e3ae0abedafe4c	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.x86_64	76a9b2464617325066ceaefbf896e0ff2d7059b4f3a7260e4258421a70ef43df	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.mpsl	3297c330348c04db005ffd296a5c7eac1f393059d49c1b96d3871231def4a09d	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm	4f58e8af8f23cb9cf4e646d1d7c4197a3d52863938289c52b053f9a2d1109cdd	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm5	a8adf65ea705ac71a530e817f7aecffc8ed06c110e442b5a4e290d7c531110c0	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm6	a7275bf4817d6891df025dbd78c096d616ffe9ae9d8798c6ed7975ecd3ed8c80	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm7	fb5f1f75df7b54ba34dca815a08ecfa9068b42e8ef7b96526a0ee83fdb3bce2c	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.ppc	50c28932d4519f101c14d6fd24b62f4e2c3bedea86d397eac92adf2a6d6e14df	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.spc	n/a	n/a	elf ua-wget
http://143.20.185.245/windyluvexecutor/executor.m68k	91f1ef333e0672e786bd01aa96ea81af1746633cad05230501922d33f202bc9e	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.sh4	b9ffa90c19a9fceb8b265a5a8446a973bb1f8ac7caa4bb48aff667649fab7775	Mirai	elf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm64	74c97bb88b737c7d720ceb976c8a6a19c2b4b724f995e5cdae46e371cd07952f	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Gathering data

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-27T06:14:00Z UTC

Last seen:

2025-11-27T07:00:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/1820b54c-1424-4e96-849e-732138e8a276

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-11-27 10:48:13 UTC

File Type:

Text (Shell)

AV detection:

10 of 36 (27.78%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u6bttdvs7zqejf4tbrxu6w3447phhou6nbqw6eucubso3dmggvyq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery linux

Link:

https://tria.ge/reports/251127-mv59nsylel/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

File and Directory Permissions Modification

Executes dropped EXE

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a783398eb2fe/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a783398eb2fe604497930c6f4f5b7ce7de73ba9e68616f1282a064ed8d863571

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.