MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8
SHA3-384 hash: bf595b28d8939adf51ad27d6825b0eca2b65d96f9bac082475b4213f7fff9869f4dfd1c93252d537f4aa589ad47587fa
SHA1 hash: 87304dc570e41c9e27d2e3b70a823e5c1d7b39f1
MD5 hash: 79fb79d5c5132a6471e4b03ab65d7d77
humanhash: orange-carpet-orange-lactose
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:960 bytes
First seen:2026-01-10 18:32:14 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:HUfw+SUP+SU1k+SUDc+H+SUAAA+SUEA+SUuOs+SUAjC+SUAp+SUE1Z+SU+/pcKA7:rSLYl/ZZytBhJxn
TLSH T1741193AE91B56546C42C5E0870AA16549B8BC7C57EFBCF54EC5C1CB35C879007069F4F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/armv4l6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954 Miraielf mirai ua-wget
http://158.94.208.27/armv5lb9180c611ddf84ffbb1eedb68a12c188b684bc40867ab11e78738e417e07acaa Miraielf mirai ua-wget
http://158.94.208.27/armv6l758b1a7d6126ebf7a706f0db37fe92bddd6d8bec9cf18c7e8c68ce480f697ce6 Miraielf mirai ua-wget
http://158.94.208.27/armv7l9398f4ee9fbbd3a0545c1dad7f32828a54e63dee3d9429ede67cb9b0ea6ff304 Miraielf mirai ua-wget
http://158.94.208.27/i58637aa2c17037a3840080cf58523875ea9c690ed7151bdb93d8173ff4527d2c9f0 Miraielf mirai ua-wget
http://158.94.208.27/i686b914b60bd6ed779eeee07d42598e861352e3cbb8e2377d13920d95b9d78aef10 Miraielf mirai ua-wget
http://158.94.208.27/m68kb898eecac207321d32c8c9427b0ade7f408bab1b4db1292da972ab84a17d8b7e Miraielf mirai ua-wget
http://158.94.208.27/mips1cb169f9b7afe6d1169ea0cc5334cd86f2d9b4ad6992520d3ebebd9c5046a75f Miraielf mirai ua-wget
http://158.94.208.27/mipsel041a575f6849cb644373776a1e90252551a2a4305843b07b2b61d46007b42a13 Miraielf mirai ua-wget
http://158.94.208.27/powerpcc9758e8673f82badfaceb99df6f38b837e4b567f8e6aae5fd9c4b628540633dd Miraielf mirai ua-wget
http://158.94.208.27/powerpc-440fp021681aab424f1cb19bc0d332cd98b8816753355a91b51fb960c44ac3a78add4 Miraielf mirai ua-wget
http://158.94.208.27/sh42980a32ffc3407a8aa51b5600936f840a4041c1cb07c4f23a288e502ff91e2f9 Miraielf mirai ua-wget
http://158.94.208.27/sparc30efb0c3c09e70adc0c067a1109f8d81d9165859717f16f045fcd93dbc0ea664 Miraielf mirai ua-wget
http://158.94.208.27/x86_64b45624c3b4cf4ecc07e00097427b19dc0e0bc83e25e3afe50a5ce74e903aac76 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69629b3a30368802bb7f68d6/reports/44eba364-5621-4a43-a041-d3e30c766b7a/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-10T14:34:00Z UTC
Last seen:
2026-01-12T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/243b9ff8-8885-4eee-a0e6-9a7843a56205
Behavior Graph:
Download SVG
%3 guuid=d17fe6f2-1800-0000-d260-11425d140000 pid=5213 /usr/bin/sudo guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214 /tmp/sample.bin guuid=d17fe6f2-1800-0000-d260-11425d140000 pid=5213->guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214 execve guuid=2df2caf4-1800-0000-d260-11425f140000 pid=5215 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=2df2caf4-1800-0000-d260-11425f140000 pid=5215 execve guuid=1caf5c22-1900-0000-d260-114260140000 pid=5216 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=1caf5c22-1900-0000-d260-114260140000 pid=5216 execve guuid=7299e822-1900-0000-d260-114261140000 pid=5217 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=7299e822-1900-0000-d260-114261140000 pid=5217 clone guuid=f34c6424-1900-0000-d260-114263140000 pid=5219 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=f34c6424-1900-0000-d260-114263140000 pid=5219 execve guuid=b8dad135-1900-0000-d260-114264140000 pid=5220 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=b8dad135-1900-0000-d260-114264140000 pid=5220 execve guuid=a1c26c36-1900-0000-d260-114265140000 pid=5221 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=a1c26c36-1900-0000-d260-114265140000 pid=5221 clone guuid=d9500f37-1900-0000-d260-114267140000 pid=5223 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=d9500f37-1900-0000-d260-114267140000 pid=5223 execve guuid=e67ebd4c-1900-0000-d260-114268140000 pid=5224 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=e67ebd4c-1900-0000-d260-114268140000 pid=5224 execve guuid=52e7614d-1900-0000-d260-114269140000 pid=5225 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=52e7614d-1900-0000-d260-114269140000 pid=5225 clone guuid=52f84d4f-1900-0000-d260-11426b140000 pid=5227 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=52f84d4f-1900-0000-d260-11426b140000 pid=5227 execve guuid=76621f60-1900-0000-d260-11426c140000 pid=5228 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=76621f60-1900-0000-d260-11426c140000 pid=5228 execve guuid=3ad1cf60-1900-0000-d260-11426d140000 pid=5229 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=3ad1cf60-1900-0000-d260-11426d140000 pid=5229 clone guuid=39947961-1900-0000-d260-11426f140000 pid=5231 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=39947961-1900-0000-d260-11426f140000 pid=5231 execve guuid=fb3b2073-1900-0000-d260-114270140000 pid=5232 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=fb3b2073-1900-0000-d260-114270140000 pid=5232 execve guuid=9557cb73-1900-0000-d260-114271140000 pid=5233 /home/sandbox/i586 guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=9557cb73-1900-0000-d260-114271140000 pid=5233 execve guuid=a16c1a74-1900-0000-d260-114273140000 pid=5235 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=a16c1a74-1900-0000-d260-114273140000 pid=5235 execve guuid=ea90ee7d-1900-0000-d260-114275140000 pid=5237 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=ea90ee7d-1900-0000-d260-114275140000 pid=5237 execve guuid=4e733a7e-1900-0000-d260-114276140000 pid=5238 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=4e733a7e-1900-0000-d260-114276140000 pid=5238 clone guuid=82d1477e-1900-0000-d260-114277140000 pid=5239 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=82d1477e-1900-0000-d260-114277140000 pid=5239 execve guuid=5f64378e-1900-0000-d260-114278140000 pid=5240 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=5f64378e-1900-0000-d260-114278140000 pid=5240 execve guuid=98667f8e-1900-0000-d260-114279140000 pid=5241 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=98667f8e-1900-0000-d260-114279140000 pid=5241 clone guuid=a3fce491-1900-0000-d260-11427b140000 pid=5243 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=a3fce491-1900-0000-d260-11427b140000 pid=5243 execve guuid=801f0fa3-1900-0000-d260-11427c140000 pid=5244 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=801f0fa3-1900-0000-d260-11427c140000 pid=5244 execve guuid=1d2ca8a3-1900-0000-d260-11427d140000 pid=5245 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=1d2ca8a3-1900-0000-d260-11427d140000 pid=5245 clone guuid=bf99c1a4-1900-0000-d260-11427f140000 pid=5247 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=bf99c1a4-1900-0000-d260-11427f140000 pid=5247 execve guuid=2f48f0b4-1900-0000-d260-114280140000 pid=5248 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=2f48f0b4-1900-0000-d260-114280140000 pid=5248 execve guuid=fe3797b5-1900-0000-d260-114281140000 pid=5249 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=fe3797b5-1900-0000-d260-114281140000 pid=5249 clone guuid=e2ffe0b7-1900-0000-d260-114283140000 pid=5251 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=e2ffe0b7-1900-0000-d260-114283140000 pid=5251 execve guuid=467752c9-1900-0000-d260-11428b140000 pid=5259 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=467752c9-1900-0000-d260-11428b140000 pid=5259 execve guuid=421c96c9-1900-0000-d260-11428c140000 pid=5260 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=421c96c9-1900-0000-d260-11428c140000 pid=5260 clone guuid=da9decca-1900-0000-d260-11428e140000 pid=5262 /usr/bin/wget net guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=da9decca-1900-0000-d260-11428e140000 pid=5262 execve guuid=b41129cd-1900-0000-d260-11428f140000 pid=5263 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=b41129cd-1900-0000-d260-11428f140000 pid=5263 execve guuid=a958becd-1900-0000-d260-114290140000 pid=5264 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=a958becd-1900-0000-d260-114290140000 pid=5264 clone guuid=5a11cbcd-1900-0000-d260-114291140000 pid=5265 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=5a11cbcd-1900-0000-d260-114291140000 pid=5265 execve guuid=ac28a5df-1900-0000-d260-114292140000 pid=5266 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=ac28a5df-1900-0000-d260-114292140000 pid=5266 execve guuid=882061e0-1900-0000-d260-114293140000 pid=5267 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=882061e0-1900-0000-d260-114293140000 pid=5267 clone guuid=4263a1e1-1900-0000-d260-114295140000 pid=5269 /usr/bin/wget net send-data write-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=4263a1e1-1900-0000-d260-114295140000 pid=5269 execve guuid=97e76cf2-1900-0000-d260-114296140000 pid=5270 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=97e76cf2-1900-0000-d260-114296140000 pid=5270 execve guuid=ee99b8f2-1900-0000-d260-114297140000 pid=5271 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=ee99b8f2-1900-0000-d260-114297140000 pid=5271 clone guuid=032091f3-1900-0000-d260-114299140000 pid=5273 /usr/bin/wget net send-data guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=032091f3-1900-0000-d260-114299140000 pid=5273 execve guuid=2eb64dfb-1900-0000-d260-11429a140000 pid=5274 /usr/bin/chmod guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=2eb64dfb-1900-0000-d260-11429a140000 pid=5274 execve guuid=edb0bdfb-1900-0000-d260-11429b140000 pid=5275 /usr/bin/dash guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=edb0bdfb-1900-0000-d260-11429b140000 pid=5275 clone guuid=8d01cefb-1900-0000-d260-11429c140000 pid=5276 /usr/bin/rm delete-file guuid=b6818ef4-1800-0000-d260-11425e140000 pid=5214->guuid=8d01cefb-1900-0000-d260-11429c140000 pid=5276 execve b8c32f6f-e0ff-5b69-a443-652e84386a76 158.94.208.27:80 guuid=2df2caf4-1800-0000-d260-11425f140000 pid=5215->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B guuid=f34c6424-1900-0000-d260-114263140000 pid=5219->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B guuid=d9500f37-1900-0000-d260-114267140000 pid=5223->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B guuid=52f84d4f-1900-0000-d260-11426b140000 pid=5227->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B guuid=39947961-1900-0000-d260-11426f140000 pid=5231->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 132B guuid=bd890b74-1900-0000-d260-114272140000 pid=5234 /home/sandbox/i586 net send-data zombie guuid=9557cb73-1900-0000-d260-114271140000 pid=5233->guuid=bd890b74-1900-0000-d260-114272140000 pid=5234 clone 8ee75894-53f4-5971-bfe4-14833083502f 84.234.96.159:12344 guuid=bd890b74-1900-0000-d260-114272140000 pid=5234->8ee75894-53f4-5971-bfe4-14833083502f send: 615B guuid=8cea2474-1900-0000-d260-114274140000 pid=5236 /home/sandbox/i586 guuid=bd890b74-1900-0000-d260-114272140000 pid=5234->guuid=8cea2474-1900-0000-d260-114274140000 pid=5236 clone guuid=a16c1a74-1900-0000-d260-114273140000 pid=5235->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 132B guuid=82d1477e-1900-0000-d260-114277140000 pid=5239->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 132B guuid=a3fce491-1900-0000-d260-11427b140000 pid=5243->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 132B guuid=bf99c1a4-1900-0000-d260-11427f140000 pid=5247->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B guuid=e2ffe0b7-1900-0000-d260-114283140000 pid=5251->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 135B guuid=da9decca-1900-0000-d260-11428e140000 pid=5262->b8c32f6f-e0ff-5b69-a443-652e84386a76 con guuid=5a11cbcd-1900-0000-d260-114291140000 pid=5265->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 131B guuid=4263a1e1-1900-0000-d260-114295140000 pid=5269->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 133B guuid=032091f3-1900-0000-d260-114299140000 pid=5273->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 134B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8
Threat name:
Document-HTML.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-10 18:32:28 UTC
File Type:
Text (Shell)
AV detection:
17 of 36 (47.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2zpxiorkvpdsj6fxulposuyjujrtr2qhmcb7cairg7jxox7lxl4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260110-w6sx6ah19g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d65f743a2aabc724f8b7a2dee95309a26338ea076083f1011137d3775febbaf8

(this sample)

Mirai

elf 6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954

  
URLhaus
https://urlhaus.abuse.ch/url/3747932/
  
Delivery method
Distributed via web download
  
Dropping
MD5 254c9606b9e52a6705c485f99eac565c
  
Dropping
SHA256 6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954
  
URLhaus
https://urlhaus.abuse.ch/url/3755863/

Comments