MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e
SHA3-384 hash:	b33370277635567e995e7911c6129e5e623863662c40089cc2679977f0ae989c4eadfdf85d1e009aaace2d6162b99187
SHA1 hash:	c50afb2e71cd1cb6295f446f5918c3e8df58d0d1
MD5 hash:	8a161346f8d6dca60ed72d4025038f76
humanhash:	violet-cola-fruit-low
File name:	lol.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'776 bytes
First seen:	2025-08-01 22:03:30 UTC
Last seen:	2025-08-02 20:48:30 UTC
File type:	sh
MIME type:	text/plain
ssdeep	48:olqnzvahPpTipQoRS5fS/1B3evk+Ho9h3mLOg01OFJ+jSWd8gv:oSGD2WeXOK9BmeIGbv
TLSH	T1303193CE5941621299CACF15E3BAF989914D81D228C30E7ADD597C3E864FB5C705FF20
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://141.11.62.4/x86_64.nn	fbe1aaa1037ddceae279745c7ec4435ca2a343e78fa766113e40332b26f15625	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/x86_34.nn	n/a	n/a	elf geofenced ua-wget USA
http://141.11.62.4/powerpc.nn	e367518f1343b4196c8e32207ea7fee2ed374fc6cf556768e76365372b2f6af5	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/mips.nn	b2ad71184d7ccc265f7d4f9ba366a5c173eab687e6b52615d409a42dac540288	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/mipsel.nn	84e2dcd4f9377d758a3e0ad2f26aff33a990c9967de82beda592e44cca0183dd	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/arm.nn	86a77643ac33e490cf49512d223e3c9b167337875ea727751cb1560d1a1460e0	Mirai	arm elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/arm5.nn	68a2d3abee5f7b71c5428ec744712d36c9a24f3a323fad4c4bb3b8cea2993b5a	Mirai	arm elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/arm6.nn	f1590dbb7f242d7a8212a1108ced0b2feff991ba958b2109e826fa35b6f6fe70	Mirai	arm elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/arm7.nn	7fa61d96545d9723646d109fa0303ea8c97adb12f411f3b44f49e178b7922d74	Mirai	arm elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/sparc.nn	bcaf40809284280b10b48a7b78bb9fbb04f8a0f1341ecddaa18ed286def8f26e	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/m68k.nn	4316a20821a1eba161a7ab18b4a3efa763310cf5e91dff83fb61cbbfba7c5fa6	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA
http://141.11.62.4/sh4.nn	1dbe006076a725cf351e32e38688e035b7c3b7f87a3e15937b0bda163b0812c9	Mirai	elf geofenced GorillaBotnet mirai ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/888edee8-8931-4553-a99f-398a2baaf6ce

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e/

Verdict:

Malicious

Threat:

HEUR:Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e

Threat name:

Linux.Trojan.Geninst

Status:

Malicious

First seen:

2025-08-01 22:04:20 UTC

File Type:

Text (Shell)

AV detection:

13 of 23 (56.52%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3mzmifovxnzmxl67r4kj2lbekzjqjihfiiqteetgdevlstshyvpa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250801-1y1p9agm7w/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/db32c415d5bb72cbafdf8f149d2c24565304a0e54221321266192ab94e47c55e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.