MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c586b34636d436e99d319b8de9c6c44bb187b13c0b88d8472b7cb2cfcefff0dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA 2 File information Comments

SHA256 hash:	c586b34636d436e99d319b8de9c6c44bb187b13c0b88d8472b7cb2cfcefff0dd
SHA3-384 hash:	7af1a42cfd10e1533a99fc0b55b7422c5fa9d7ccaded8f5b8168710ed57ebe67a590b2236c46489cd8db2b6384bffe53
SHA1 hash:	0015d78ceac08617af7977b07fed072ad155cda8
MD5 hash:	6c6ef370af412611d8974eb40874d7f8
humanhash:	minnesota-bravo-oregon-early
File name:	newreaxe.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'183 bytes
First seen:	2026-02-21 14:17:48 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:i+/RKQYaY+ukO4VYhAuGCLmJmxuUqTRTo36jpX:iSYaYUQGCLkmxmdo3gF
TLSH	T1B661B8F693D246305EE55633A378AD04BD89E1E3B0862E209CEB25FEF84CE047005E97
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.x86	9d4303eab069f7f9052f482f94a2cf36d007bc8273348f007e2fb31659fcc255	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.mips	f037b103394bc2621207bfc87a644c2d3921db5f0bc8830e22758038b9af6296	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arc	31e871bf22741430a6da836e773480da675d3094e573cc0776645ba206578293	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.i686	e77b92e6a48b0db91fa71a25942b9944cd9e954413c87ef00b65a4e48e4d0757	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.x86_64	eade00d4707df8586ecdf50ef9860931f8200fa8067f5b2ac03a6cc317a42c59	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.mpsl	d91b528a22124afd79cdc73a5ed158f43b6c07bf90fa854aab581ce151abfec6	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm	4b7d3b3cb2b1399e9f86a5e84691c33d3a4f806a65eec0c2e113cce4a9324182	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm5	c83eeb7ecd43733b6531c7c91ae8fbc7e964b33542a0187461006a039b869daf	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm6	a60936c68f3e00253a0befa778d9517e15e8c8352f728c22b4a64378c6bca8a5	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm7	232faafe013b8a3895383311e3668777bff983272d144a63843b4cffa261c911	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.ppc	61ea6093dea9f115fc84463f00f4466a9904156cad729b88701a8d89a8866383	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.spc	2f94a82d6fa107ca045c7f6bc371d42d4900c4e2548502c23c47b490a8784aa1	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.m68k	c73c4346f62573bc8eea16c12e3b3dd57d7f5d08d9f61bea278c08fe819709fa	Mirai	elf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.sh4	78f538eb0cfe15a3e91abf300dc80724a15025d4466b1a70c17bfdb3d0d985e4	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/240c45b0-d9fe-4c2c-a0ca-cd6056d95e8f

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c586b34636d436e99d319b8de9c6c44bb187b13c0b88d8472b7cb2cfcefff0dd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c586b34636d436e99d319b8de9c6c44bb187b13c0b88d8472b7cb2cfcefff0dd/

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ywdlgrrw2q3othjrtog6trwejoyypmj4boenqrzlpszm7tx76doq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260221-rmcdvafv9e/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/c586b34636d4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Linux_Shellscript_Downloader Create hunting rule
Author:	albertzsigovits
Description:	Generic Approach to Shellscript downloaders

Rule name:	MAL_Linux_IoT_MultiArch_BotnetLoader_Generic Create hunting rule
Author:	Anish Bogati
Description:	Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:	MalwareBazaar sample lilin.sh