MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89
SHA3-384 hash: 1339c602dfdc6e5cda415c04df86a363ee8931848ecf4ccd93c8a11df83844fe6116f8310c40b7172283749943e2356d
SHA1 hash: f606c21bd9d5425d30877388df78bb3e067c6d1e
MD5 hash: 0b5ea23a14a63d69825f3bd89559cfa9
humanhash: neptune-texas-stream-shade
File name:bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89
Download: download sample
Signature Mirai
Create hunting rule
File size:710 bytes
First seen:2026-06-04 09:16:13 UTC
Last seen:2026-06-06 06:34:31 UTC
File type: sh
MIME type:text/plain
ssdeep 12:8SAANfL7AANfuM1LKVedAAr7AAOR9ZJAAh7AAwU2I5YGbAAU7AAhyxqaFAA87AAE:yrSKQKNJ9ZWzk5eySkNIc
TLSH T1E10184EA96298236805ADD41E6B35E89B07B77E721E0861CFC8734D804D458EB71DACB
Magika batch
Reporter c2hunter
Tags:mirai sh wraith
URLMalware sample (SHA256 hash)SignatureTags
http://31.56.209.220/arm75c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a Miraiarm elf mirai ua-wget
http://31.56.209.220/arm507bcfe93ba826112d94e11ed81e99e79019187b4cef043806f98fbcb4db4aa2a Miraiarm elf mirai ua-wget
http://31.56.209.220/mips3cf13f6915e916344708b364af4458befb09731bd920a637a3adfec34b6ea219 Miraielf mips mirai ua-wget
http://31.56.209.220/mpsl1bd61f2b5fec4f77c5a12ac5f3ba81b5396a3fabd886c3599e06b00569ad8078 Miraielf mips mirai ua-wget
http://31.56.209.220/x86352698d6103fcbc04f406c30d1c6dc5fef12c57232299d472aba17f59dff2438 Miraimirai

Intelligence

File Origin
# of uploads :
7
# of downloads :
44
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
text
First seen:
2026-06-04T06:27:00Z UTC
Last seen:
2026-06-06T05:49:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89
Threat name:
Win32.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2026-06-04 09:20:38 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xp3j2b2dvxbweojoqlrafsasol6jhtxe3p4s7hmgbtwp5zo35oeq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260604-la1m1scy3k/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bbf69d0743adc362392e82e202c81272fc93cee4dbf92f9d860cecfee5dbeb89

(this sample)

Mirai

elf 5c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a

  
Link
http://31.56.209.220/telnet.sh
  
Dropping
MD5 db326f41279c5fd0863ef8375875b2bd
  
Dropping
SHA256 5c501efadac0000afee68f6e6b8c362f20d66734f036ab26ea23ade50fd7cf3a
  
URLhaus
https://urlhaus.abuse.ch/url/3858056/
  
Delivery method
Distributed via web download

Comments