MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710
SHA3-384 hash: 3555f8185d8d3dab37fc549801a3b9e78c8ac76d9b852ff2a5dc70e576eb7f33a97746e4fd4b04f1e07dabb702ad7b12
SHA1 hash: 1358717b6f27627c1f22b64d445fddde901608a1
MD5 hash: 7455370fbe05752870807dd0d7ae6ad7
humanhash: robin-november-maine-emma
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'419 bytes
First seen:2025-09-14 12:23:23 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 192:dQ3mBudOBqxSp83o5C12VLk7snfgnATYPOZGYPOZGXofI7+NwDcFGpiJ7Ur8XqxQ:dQ3mBudOBqxSp83o5C12VLk7snfgnATM
TLSH T198D16FF2B5C652BDDD8FCC3A515129BD2085FA8B2B8B8D6887AD20657C89FCC5C448C3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86b720ebdf7af675e22755b23a9c43d200958d3ae7da661fb85c427ad8f06aeaf3 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips792382b8c6c7bb3e464ebb6e04dc0c5288372076d1160294843bb405ca6e983e Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arce3c6cc622a79d3edcb76b52e1e2a3d1007be421481dd1e3802655fc3739d4b6c Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468n/an/aelf ua-wget
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i68661da2338462da56b76715d441f5e013b55ba93666f5eb6cb5e4682ef42723dab Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_647348d7becd55ee6c4ad7ecb605a8ae9f4c3470d8f083250b72819845c695b181 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl1d531af47749ed83fb66e598018d134e651bc4d432ce3cd53c269a9d3d065074 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.armb420bd3eb08be7a46bda86980ce236e01f0e4f537ee66c893eebaa37741bfa6f Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm51fdd082f335e9e532f1039faee3748fb6d60315512158aa82a7f9635f5d00cd6 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6a97ca61c136538ec7ddbe8c5d997b024ead03e2de794b43e14ffbcb82eeb0bc2 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm79a83ad82689920ca739d3788a5af2c528f9e505936fbe4c219d07b405ebd4b9f Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc8bb4df0aa4feb63db8be0bafa8c55c9604f4b3e208494c8908c8211c35212e77 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spcd82bfbab2112ba7bfe20a67c4601647244480344814a4963a4a6005a69cc790d Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k980313e319a6901fc1a0e56e2a8646311ffc185feb29676a6c00c841317c7de8 Miraimirai opendir
http://160.187.246.158/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh46bfb2a7b07e99847de1cfb1549d92097a4e8ef3293de9f5951e66af12d86a076 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-14T09:39:00Z UTC
Last seen:
2025-09-14T09:39:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-14 12:50:23 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcsvmcs3yxily3f4dkw3csyqci6ohg5x2bvbruc2yskh4hbbm4ia._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250914-p1jnzawscx/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
Deletes log files
Enumerates running processes
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
allahmisin.musallat.xyz
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b0a5560a5bc5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b0a5560a5bc5d0bc6cbc1aadb14b10123ce39bb7d06a18d05ac4947e1c216710

(this sample)

Mirai

elf b720ebdf7af675e22755b23a9c43d200958d3ae7da661fb85c427ad8f06aeaf3

  
URLhaus
https://urlhaus.abuse.ch/url/3623955/
  
Delivery method
Distributed via web download
  
Dropping
MD5 0f48834c2b20d659dbd846235de120e8
  
Dropping
SHA256 b720ebdf7af675e22755b23a9c43d200958d3ae7da661fb85c427ad8f06aeaf3

Comments