MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e
SHA3-384 hash:	5078ce778a28fab21b7c8221fc306117fe4f0bc442556e74bc04f2ae3790ad3b4ff0bf91d4dcca44cb8f41606cd26d36
SHA1 hash:	7ecbc4b7a4fb6ec41bd604fa262fa95de27be98f
MD5 hash:	7851a2211999232df0fc25e70a3d11af
humanhash:	mockingbird-lemon-two-september
File name:	docker
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'382 bytes
First seen:	2026-01-13 01:41:17 UTC
Last seen:	2026-01-13 02:11:41 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:gYFywir3bBaKfEXYcRMTwJQlQWcRqbsisrb0SoREKTCsKxcDcgrB4iG0ai0arnaD:gYFywir3bBaKfEXYcRMTwJcRcRqblWA0
TLSH	T12B41435E0F5069831500E87AEA69E6DC0411C8F76C7FEB92ACEB06B7C1740AC753E718
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://newbinhost.giize.com:8083/SupplySrvarm	bc8e56b086d6dff8c4bbc0024306f2f368dad282fb69e01f832facedd66f52c5	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvarm6	3be70fc3e9f54f38da5acb854babcce2bea80d5a38987dabd9d60c9dde6d917c	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvarm5	n/a	n/a	elf geofenced opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvarm7	n/a	n/a	elf geofenced opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvm68k	37444aaf2a15551e182f35b0501adb44ae52705c0b385d709e822ee18ae6b286	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvmips	8751b7895a6f1b8b37e6024b7477fd5c979a351ee3d073ca415a7ded3387f786	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvmpsl	e33743491df24ba92b79656fea6b398302042a6d07bbff9bbf254243317b1f7e	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvppc	964b22f03b8c29dd5a24b8b2bd5648eaec1a750ada4e0f1a4a001e9f2dc27bb7	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvsh4	a22da1d4612d40341e19294ada8de0e399d56de4da6d2ae5bdb62d228072861b	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvspc	24b8846706503e38321a71be85d68169326030a20a8efb64bedc8145103d22ee	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvx64	16b870f6de57049a36b6a8b6c8ce5610efa69cb5b6d6495d82d549cb74bd38bb	Mirai	elf geofenced mirai opendir ua-wget USA
http://newbinhost.giize.com:8083/SupplySrvx86	dddd16cb5c5e035211360a5458544611738fc8571ced8ba4138e5e13158c9cbe	Mirai	elf geofenced mirai opendir ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

139

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive mirai

Link:

https://www.filescan.io/uploads/6965a3013827c9e1249a0b1a/reports/968377eb-ae70-4590-9193-08f10b7944fc/overview

Result

Gathering data

Verdict:

Malicious

File Type:

unix shell

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/56a1c4e2-8a60-4982-990a-6ef8b143d12c

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e

Threat name:

Script-Shell.Worm.Mirai

Status:

Malicious

First seen:

2026-01-13 01:42:26 UTC

File Type:

Text (Shell)

AV detection:

8 of 36 (22.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xxjlxfxikhuyf4tmbafa2zokjesruoto5zgd6esitq2itg3ngbxa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:owari antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260113-b4wk2ses9a/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Unexpected DNS network traffic destination

Mirai

Mirai family

Malware Config

C2 Extraction:

sophos1997.camdvr.org

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.34

Link:

https://yomi.yoroi.company/submissions/bdd2bb96e851e982f26c080a0d65ca49251a3a6eee4c3f12489c34899b6d306e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.