MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63
SHA3-384 hash:	9ded77beb708b727d88d8b7627a2664fe9bd519503ba3fa969d9864c28dab2db424ff5cd13ec9c05ea73a3da7791d769
SHA1 hash:	82a8fa43107a2e7a991ab2dd7f9b4f9061985d7f
MD5 hash:	6d49bc47ac2d0ee0ea2e40eef067bc2b
humanhash:	tango-lake-queen-alaska
File name:	k
Download:	download sample
Signature	Mirai Create hunting rule
File size:	82 bytes
First seen:	2025-11-26 17:49:29 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:1MT8q6MfXs5KzSIOUW:1SqisLp
TLSH	T177A012992383857386018E45A02304444030D1C40252D104B41900A805703103014983
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.156.87.25:32843/shaiiiii/arm5	3f474f5bfe5f214df47eb36d16773367f103f88bbbb2010ec19a03e7ba51dcb2	Mirai	arm elf geofenced mirai ua-wget USA

Intelligence

File Origin

# of uploads :

1

# of downloads :

30

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Suspicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/9860a420-5a47-48f9-8735-596bd604d435

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63/

Threat name:

Linux.Worm.Mirai

Status:

Malicious

First seen:

2025-11-26 18:10:27 UTC

File Type:

Text (Shell)

AV detection:

3 of 36 (8.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ifxq2e3aecint54ftwvw5snu4xsy5rfkfugdprjpigjockk5nrq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh da0b78689b010486cfbc2ced5b764da72f2c7625516861be297a0c97094aeb63

(this sample)

elf 3f474f5bfe5f214df47eb36d16773367f103f88bbbb2010ec19a03e7ba51dcb2

URLhaus

https://urlhaus.abuse.ch/url/3717336/

Delivery method

Distributed via web download

Dropping

MD5 b14b0aa510b55240071f9df3f0095682

Dropping

SHA256 3f474f5bfe5f214df47eb36d16773367f103f88bbbb2010ec19a03e7ba51dcb2

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample