MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1
SHA3-384 hash: 90f7fa40c7e044e55dc5b7d9eac19cca36e1da17b332ef841c9726501d18b1b22b502977a082585cb125690dbf128aa5
SHA1 hash: 07cdd6a9120cd7893cf01488d7527dd76ee61fc4
MD5 hash: 3f49ff3958084c64a8e249995bb3a68c
humanhash: harry-charlie-tennessee-wyoming
File name:tplink.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:906 bytes
First seen:2025-12-07 23:39:12 UTC
Last seen:2025-12-08 23:26:10 UTC
File type: sh
MIME type:text/plain
ssdeep 12:wYNDAG6fj9ZNgArljzeGzebA2eR8/SjwX5AKzlKfjrZbNI1AKz3jaI6A6K4qfjtA:UNRPF5HLz2Q8/S1AMf/hNIKA3h6K4y/O
TLSH T197110DDBC10023EE60E1DD887C90CF05B51A66E1E891BBDDF6490C3A51B6B1E7805AAB
Magika javascript
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://78.142.18.92/bins/jew.mips51bda3f047b2f361c205f4f96a604473c27098efb8b37ce3670a17fec22c7b76 Miraimirai opendir
http://78.142.18.92/bins/jew.mpsl76c445c10d478c7a0212dd3e7199ad411eea4d856b2dbb252f9f945556984f0d Miraimirai opendir
http://78.142.18.92/bins/jew.arm4n/an/amirai opendir
http://78.142.18.92/bins/jew.arm5e5312511362dc1c7cd197ec556e40f5b7a584a6f334c613bf1b7144617880a60 Miraimirai opendir
http://78.142.18.92/bins/jew.arm679f04fc8cbf92b1bef54e571d4889adec1a77970095c0a25a5a63f7acd443d5e Miraimirai opendir
http://78.142.18.92/bins/jew.arm7378ad2196c0f3b2331190b5eda4463333327f20139a82fd6b1e794b5671c3711 Miraimirai opendir
http://78.142.18.92/bins/jew.x86a539e2354a9aa70d1052f5e814904a332625b06954becb94db7e110573f7754b Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/69361025bc15eab491f68515/reports/c74dff53-4626-4020-ba42-a4fb0fc8e72a/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-08T00:50:00Z UTC
Last seen:
2025-12-08T00:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/89afe08e-12ac-4c96-ba83-ad720ca83f98
Behavior Graph:
Download SVG
%3 guuid=f01cf529-2e00-0000-b09f-bc3743040000 pid=1091 /usr/bin/sudo guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092 /tmp/sample.bin guuid=f01cf529-2e00-0000-b09f-bc3743040000 pid=1091->guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092 execve guuid=3175e62b-2e00-0000-b09f-bc3745040000 pid=1093 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=3175e62b-2e00-0000-b09f-bc3745040000 pid=1093 execve guuid=9aba3095-2e00-0000-b09f-bc3746040000 pid=1094 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=9aba3095-2e00-0000-b09f-bc3746040000 pid=1094 execve guuid=be7f9897-2e00-0000-b09f-bc3747040000 pid=1095 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=be7f9897-2e00-0000-b09f-bc3747040000 pid=1095 execve guuid=f160d797-2e00-0000-b09f-bc3748040000 pid=1096 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=f160d797-2e00-0000-b09f-bc3748040000 pid=1096 clone guuid=95fbac98-2e00-0000-b09f-bc374a040000 pid=1098 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=95fbac98-2e00-0000-b09f-bc374a040000 pid=1098 execve guuid=cca7ca9d-2e00-0000-b09f-bc374b040000 pid=1099 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=cca7ca9d-2e00-0000-b09f-bc374b040000 pid=1099 execve guuid=412f09a0-2e00-0000-b09f-bc374c040000 pid=1100 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=412f09a0-2e00-0000-b09f-bc374c040000 pid=1100 execve guuid=75c251a0-2e00-0000-b09f-bc374d040000 pid=1101 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=75c251a0-2e00-0000-b09f-bc374d040000 pid=1101 clone guuid=7b1201a1-2e00-0000-b09f-bc374f040000 pid=1103 /usr/bin/wget net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=7b1201a1-2e00-0000-b09f-bc374f040000 pid=1103 execve guuid=1413dea3-2e00-0000-b09f-bc3750040000 pid=1104 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=1413dea3-2e00-0000-b09f-bc3750040000 pid=1104 execve guuid=4885f9a5-2e00-0000-b09f-bc3751040000 pid=1105 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=4885f9a5-2e00-0000-b09f-bc3751040000 pid=1105 execve guuid=25c254a6-2e00-0000-b09f-bc3752040000 pid=1106 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=25c254a6-2e00-0000-b09f-bc3752040000 pid=1106 clone guuid=edfa67a6-2e00-0000-b09f-bc3753040000 pid=1107 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=edfa67a6-2e00-0000-b09f-bc3753040000 pid=1107 execve guuid=a4dae1aa-2e00-0000-b09f-bc3754040000 pid=1108 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=a4dae1aa-2e00-0000-b09f-bc3754040000 pid=1108 execve guuid=9b1c2aad-2e00-0000-b09f-bc3755040000 pid=1109 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=9b1c2aad-2e00-0000-b09f-bc3755040000 pid=1109 execve guuid=090569ad-2e00-0000-b09f-bc3756040000 pid=1110 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=090569ad-2e00-0000-b09f-bc3756040000 pid=1110 clone guuid=d1fee9ad-2e00-0000-b09f-bc3758040000 pid=1112 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=d1fee9ad-2e00-0000-b09f-bc3758040000 pid=1112 execve guuid=5e1399b2-2e00-0000-b09f-bc3759040000 pid=1113 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=5e1399b2-2e00-0000-b09f-bc3759040000 pid=1113 execve guuid=d839b7b4-2e00-0000-b09f-bc375a040000 pid=1114 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=d839b7b4-2e00-0000-b09f-bc375a040000 pid=1114 execve guuid=b0df03b5-2e00-0000-b09f-bc375b040000 pid=1115 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=b0df03b5-2e00-0000-b09f-bc375b040000 pid=1115 clone guuid=000b10b5-2e00-0000-b09f-bc375c040000 pid=1116 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=000b10b5-2e00-0000-b09f-bc375c040000 pid=1116 execve guuid=5c46c9ba-2e00-0000-b09f-bc375d040000 pid=1117 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=5c46c9ba-2e00-0000-b09f-bc375d040000 pid=1117 execve guuid=2353eebc-2e00-0000-b09f-bc375e040000 pid=1118 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=2353eebc-2e00-0000-b09f-bc375e040000 pid=1118 execve guuid=d50d39bd-2e00-0000-b09f-bc375f040000 pid=1119 /usr/bin/dash guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=d50d39bd-2e00-0000-b09f-bc375f040000 pid=1119 clone guuid=66e7c6bd-2e00-0000-b09f-bc3761040000 pid=1121 /usr/bin/wget net send-data write-file guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=66e7c6bd-2e00-0000-b09f-bc3761040000 pid=1121 execve guuid=d86171c2-2e00-0000-b09f-bc3762040000 pid=1122 /usr/bin/busybox net send-data guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=d86171c2-2e00-0000-b09f-bc3762040000 pid=1122 execve guuid=e21e94c4-2e00-0000-b09f-bc3763040000 pid=1123 /usr/bin/chmod guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=e21e94c4-2e00-0000-b09f-bc3763040000 pid=1123 execve guuid=b5dfdcc4-2e00-0000-b09f-bc3764040000 pid=1124 /home/sandbox/jew.x86 net guuid=a241812b-2e00-0000-b09f-bc3744040000 pid=1092->guuid=b5dfdcc4-2e00-0000-b09f-bc3764040000 pid=1124 execve 16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 78.142.18.92:80 guuid=3175e62b-2e00-0000-b09f-bc3745040000 pid=1093->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=9aba3095-2e00-0000-b09f-bc3746040000 pid=1094->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=95fbac98-2e00-0000-b09f-bc374a040000 pid=1098->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=cca7ca9d-2e00-0000-b09f-bc374b040000 pid=1099->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=7b1201a1-2e00-0000-b09f-bc374f040000 pid=1103->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=1413dea3-2e00-0000-b09f-bc3750040000 pid=1104->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=edfa67a6-2e00-0000-b09f-bc3753040000 pid=1107->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=a4dae1aa-2e00-0000-b09f-bc3754040000 pid=1108->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=d1fee9ad-2e00-0000-b09f-bc3758040000 pid=1112->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=5e1399b2-2e00-0000-b09f-bc3759040000 pid=1113->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=000b10b5-2e00-0000-b09f-bc375c040000 pid=1116->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 140B guuid=5c46c9ba-2e00-0000-b09f-bc375d040000 pid=1117->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 88B guuid=66e7c6bd-2e00-0000-b09f-bc3761040000 pid=1121->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 139B guuid=d86171c2-2e00-0000-b09f-bc3762040000 pid=1122->16000ce6-00a3-5b04-a1c6-1c6a5cf107e6 send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=b5dfdcc4-2e00-0000-b09f-bc3764040000 pid=1124->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fe8b02c5-2e00-0000-b09f-bc3765040000 pid=1125 /home/sandbox/jew.x86 guuid=b5dfdcc4-2e00-0000-b09f-bc3764040000 pid=1124->guuid=fe8b02c5-2e00-0000-b09f-bc3765040000 pid=1125 clone guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126 /home/sandbox/jew.x86 net send-data zombie guuid=b5dfdcc4-2e00-0000-b09f-bc3764040000 pid=1124->guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126 clone guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1941f841-0879-5c34-9a5b-6a6c48661ae8 78.142.18.92:9931 guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126->1941f841-0879-5c34-9a5b-6a6c48661ae8 send: 18B guuid=77830fc5-2e00-0000-b09f-bc3767040000 pid=1127 /home/sandbox/jew.x86 guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126->guuid=77830fc5-2e00-0000-b09f-bc3767040000 pid=1127 clone guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128 /home/sandbox/jew.x86 net net-scan send-data guuid=e93706c5-2e00-0000-b09f-bc3766040000 pid=1126->guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128 clone guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 6ca2d0dc-e50a-5e8a-9b4d-7bbbb1858a6e 120.119.34.54:23 guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128->6ca2d0dc-e50a-5e8a-9b4d-7bbbb1858a6e send: 40B 6d0ae59a-4a2b-587b-a4f7-713dd9264442 199.47.104.201:23 guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128->6d0ae59a-4a2b-587b-a4f7-713dd9264442 send: 40B guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128|send-data send-data to 4097 IP addresses review logs to see them all guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128->guuid=16c112c5-2e00-0000-b09f-bc3768040000 pid=1128|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-07 23:39:18 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkfagzmhucsj74qwmnshioknyyou2uyf2l7nojs5tepbtmamgsyq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251207-3nefdagk51/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh aa8a036587a0a49ff216636474394dc61d4d5305d2fed7265d991e19b00c34b1

(this sample)

Mirai

elf 51bda3f047b2f361c205f4f96a604473c27098efb8b37ce3670a17fec22c7b76

  
URLhaus
https://urlhaus.abuse.ch/url/3728001/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b2e3fda1168d31156593d73da42027ea
  
Dropping
SHA256 51bda3f047b2f361c205f4f96a604473c27098efb8b37ce3670a17fec22c7b76

Comments