MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223
SHA3-384 hash:	a062038bc44c032e4a1c6bf8173adeb932365a6ced10a38049d32f61bfe1f815e1ae9b4998121ed1ada09696611fda33
SHA1 hash:	f9b2b83c12d5d045be9d1c9f07449b3181627897
MD5 hash:	70c84837ac7aabec895f7929275d09e0
humanhash:	quiet-blossom-one-video
File name:	zeros6x.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'910 bytes
First seen:	2025-04-23 17:45:20 UTC
Last seen:	2025-04-24 03:46:47 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:v2K1KN2KEKSG2KLDKLp2KBKF2KyK52K9Kd2KEKp2KYKr2KPK92K8Kg:v2sU2DdG2kk2UU2N42C02TY2hG2AE21R
TLSH	T10041EDCA50519FB03FFB9C27A2B6464672D2A2C510D35F8572DEFCE4448DD64F884AC2
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://194.110.247.90/fullosc_x86	f52346fd61791ca4186ed6b5ae7325af69cc4d9da949559d830410607d4e6282	Mirai	elf mirai
http://194.110.247.90/fullosc_mips	974736d5ff0ec5801a4d286e36c1fa39f346f98e1c2f6eceba6be4c0914259fe	Mirai	elf mirai
http://194.110.247.90/fullosc_mpsl	939b262c2619af514e846ab983d099b2b0a9a5f56d502410fce101cf3083dff4	Mirai	elf mirai
http://194.110.247.90/fullosc_arm	0e5f6a92e4f4d7e3fb2a64139de5da4c3c943e8ba231446c73ad5d95cfe48695	Mirai	elf mirai
http://194.110.247.90/fullosc_arm5	0716509d74f7914306ab4c60e778d75a3c98acd9a710fcc4333fec9a3d8afcf1	Mirai	elf mirai
http://194.110.247.90/fullosc_arm6	cc58bb17a131428c5802cd9b695f70731a1e5393a251a53e75a7392227d7c348	Mirai	elf mirai
http://194.110.247.90/fullosc_arm7	1d52fb249e38c275507e3d3ddae076176dd1fd4544ba2246f87846741a11d5a6	Mirai	elf mirai
http://194.110.247.90/fullosc_ppc	41efd9c9a4516d3332b1ca6454e70a890b70f61768d8d777639cf3239948599a	Mirai	elf mirai
http://194.110.247.90/fullosc_m68k	f01afacb5219bc0c4888bf1d888a92765d3747a0682f36b86a45c960ebf37cc4	Mirai	elf mirai
http://194.110.247.90/fullosc_sh4	87a5b26aa52028507dcd870547f580ee69cff9fb35fd2eb8f081ff34a46e51d1	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=680928da3d067f8483987b34linux22vpnfull_triage

Tags:

shellcode agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

bash lolbin mirai remote

Link:

https://www.filescan.io/uploads/68092738218c4a98adde1730/reports/ff39cf5c-2b05-496d-addc-7bb188c2d47b/overview

Result

Verdict:

MALICIOUS

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223/

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-04-23 08:35:50 UTC

File Type:

Text (Shell)

AV detection:

23 of 38 (60.53%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vbtadsw3qu45l3kesjsplesrp3ep47il7bqcmws2ncsmzrgbsirq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/250423-wbx9dsvtbw/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Traces itself

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Mirai

Mirai family

Malware Config

C2 Extraction:

lorda.hopto.org

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a86601cadb8539d5ed449264f592517ec8fe7d0bf860265a5a68a4ccc4c19223

(this sample)

Mirai

elf ea4dfcdcd3ee9177df73dea9cd2de62d68d12bbe8dac4c4566862db698d3813a

URLhaus

https://urlhaus.abuse.ch/url/3522964/

Delivery method

Distributed via web download

Dropping

MD5 3bc2cc61f8c5307c7eb9f9f8d59c4731

Dropping

SHA256 ea4dfcdcd3ee9177df73dea9cd2de62d68d12bbe8dac4c4566862db698d3813a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample