MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbfdf1a42137345fef628f8d1a44e4d7429d8f77d0e78ab38f51a391311cd606. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	dbfdf1a42137345fef628f8d1a44e4d7429d8f77d0e78ab38f51a391311cd606
SHA3-384 hash:	9573bfa9986ee9eda2bf6e9f326ff095dd929834abe0fef177600e6b30d7586c2cee191a5556deabdd53b42214b87bc7
SHA1 hash:	a598692993194ea4a83dc008167ee24fa0c95e1c
MD5 hash:	79ba20c5f661838fd6e4c607b453f2b3
humanhash:	autumn-twelve-cold-bakerloo
File name:	get.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'610 bytes
First seen:	2025-05-16 16:29:19 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:vf//nfQ/ikfzxayfsnfabfXSXWc7fsKXFfHTfqrfyK9fcDfSeEfdrfDC0f8RI:vPngLNs+j+kYrKvEedW01
TLSH	T1ED5152C6635395343CB29A37B6BA1A193280E09D9EC67B58BDFC3CB9528CE1C3454B47
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.135.194.43/bins/get.x86	6a889a1fc6489ff0adb0fa87cc61ae0a42b569e8cf89b469e725bdad760ca785	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.mips	13cab87cd2580d34f0c60b31897281fc5870f1a979b8ee71683374dfe0c250e1	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.arc	40f802238cd04544e52554910d665c34b0c79ecc889aa399d494812ada813580	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.i468	n/a	n/a	elf ua-wget
http://45.135.194.43/bins/get.i686	n/a	n/a	elf ua-wget
http://45.135.194.43/bins/get.x86_64	n/a	n/a	elf ua-wget
http://45.135.194.43/bins/get.mpsl	3f6efeb115b2c69c73c25799395824bd428024cdcc708036eeafe23cc08096ee	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.arm	4cd5a0b8f450bb4b1eaeabe20ed1d9ff59aae87e272998d56e73d813da5040c1	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.arm5	99bebadd78994cbddd0102281a400751050338ee7c6f1926f29093c966b6a0e5	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.arm6	7505011063ab00bcd3113fe2d7c3855d50af49a753015cd9018cbbfe65bd84db	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.arm7	fe9a5117526681f8c5c0b73d9ebca60f64b3c534c000374b1fe3f70dbc462a27	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.ppc	1225c2ed8afdb69733b59a23f77b6aa6ccd62c5f817c9da8a9c169c3aa157322	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.spc	bdd6d6b9b6a5c36ed92b6781ae0132cf361eeb27d32e9539581564663dccc29c	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.m68k	d980ea20258d480e3f0de0ec4db24a65ee3b90ee277df2098ddc201b674cf7c2	Mirai	elf mirai ua-wget
http://45.135.194.43/bins/get.sh4	1a212f5d854cd5a21239232901ff2f5783ebabc73906304644b486474de6a1b3	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=682768a1e16384d6a705076blinux22vpnfull_triage

Tags:

downloader agent overt

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6827685a1de1514c6873ba21/reports/91f4cfa4-635e-496c-9655-38cebad6519a/overview

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/dbfdf1a42137345fef628f8d1a44e4d7429d8f77d0e78ab38f51a391311cd606

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dbfdf1a42137345fef628f8d1a44e4d7429d8f77d0e78ab38f51a391311cd606/

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-05-16 16:31:56 UTC

File Type:

Text (Shell)

AV detection:

17 of 24 (70.83%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3p67djbbg42f733cr6grurhe25bj3d3x2dtyvm4pkgrzcmi42yda._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250516-t1lwjscn5s/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

Modifies Watchdog functionality

File and Directory Permissions Modification

Executes dropped EXE

Contacts a large (657210) amount of remote hosts

Creates a large amount of network flows

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/dbfdf1a42137/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/dbfdf1a42137345fef628f8d1a44e4d7429d8f77d0e78ab38f51a391311cd606

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.