MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846
SHA3-384 hash: 4eb45d11ade201fcc6a4fd4975d81c1b339b1d361483a131232870104109ba6862df57bfcf7b0750f5468d4a6c8f0c94
SHA1 hash: 1d7b53e3fa98d6b53af1bbfbdb57c2be498ba2ca
MD5 hash: e2d9b861d442c25b78374e64bf05f20a
humanhash: alanine-wisconsin-summer-princess
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2026-02-23 10:28:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:6tA9O92JMY6C6biBcWLWuZUZEdZEnE2EhEvh4tzLzbwPYQawsCsJUfcX04O4hM3G:b82JMPxbiBHyuZmmcvyfnbwWnhM3G
TLSH T14351849F13008F31A74C85AD7BF0B1385546A4935BEB8B18EE90885E0EC6E4C37CDE60
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnaarch64xnxn9d411d2ea4975d448f9419074bb7ed4af7230e9d71cd21c364b469fd0feb6e6f Miraielf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxni386xnxn3c185216f32db7ef974b6b99d03f099078af2c8326a9d4dd0ee1091e06224981 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnloongarch64xnxne179a564c84da82ae6cd343ee5bccc15c6433382579d5386af2152f760136bc0 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnm68kxnxn8b81cc5589d6c6a76c60e46653585e2e492bce3f62ea1415557b0d5b3fadffe6 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnmicroblazexnxne6d7a59c35a1c0e7f936c824c27244d99bebe813fc0ec281789357db06c28ff3 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnmipsxnxn5dc95fd46ac55877620392211ceaf25f7bc92c123c98399ec22f1de9ac6d63cf Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnor1kxnxncd45ce1719122ae5a86c4f2b07183fb03350e22c861d503ec892b4b5fe151919 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnpowerpcxnxn4ce0cf81db980e021161730effe02c3418e687a83ccb2377638eb9ac4327ad17 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnriscv32xnxn53bc38db1b98c45d55757e8e48623d1d6c9583cb90ca39d1374f5f9f8a7e44a3 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnriscv64xnxnfe5cdfe9b7f80f6b45eac6cab85006bfe5c1ffdc4f9ebbcad7a5a494d062e548 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnsh2xnxnc0a5a83009d82ae7f51649266605ba241c961b3e96149045db88bab52b9dd9d6 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnsh4xnxncd886cd30ecf8bd0d19f21895a016b4bb920bad6cb4c2bf82c903d96349a5420 Miraicensys elf mirai ua-wget
http://130.12.180.64/bins/xnxnxnxnxnxnxnxnx86_64xnxn6a0602e45dce1d0be1ee3d3c8458c7b6356e2ea17c0e0390d7349181fd707aee Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-23 10:29:22 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2wdot22yxglci5fmfyvvmshyymfyephhhymepzoxg4cio46nfbda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260223-mhydasdx9g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d586e9eb58b9962474ac2e2b5648f8c30b823ce73e1847e5d737048773cd2846

(this sample)

Mirai

elf 6e9f27fa421d8217139448e9b89a5e668bc5ea6b9643c66bc7064c23c3575a1e

Mirai

elf 9d411d2ea4975d448f9419074bb7ed4af7230e9d71cd21c364b469fd0feb6e6f

  
URLhaus
https://urlhaus.abuse.ch/url/3784196/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1f38ddef5f04b07db8c91c2873349250
  
Dropping
SHA256 9d411d2ea4975d448f9419074bb7ed4af7230e9d71cd21c364b469fd0feb6e6f

Comments