MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91
SHA3-384 hash: 84405952a4e5171b651639e99011a908d35e4c47af5f9d412ac8b246b7faa8b69d4dd743772b7f619b499bf0fbdd6925
SHA1 hash: 1dc6b1bd7ada0a6053aa036da29d1784f3b4db4c
MD5 hash: 9bacb0a86f375029e9e48cfa952f6d89
humanhash: bulldog-don-thirteen-summer
File name:goth.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'558 bytes
First seen:2025-12-10 07:59:25 UTC
Last seen:2025-12-11 00:44:02 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:wyFTZ7v7bJ7T2syIfwZ7ue7uO7msyqmIqxZ7Ku70oia7ysyH1Z7KE7toY7asyhYA:wOXNCAqi1ctyFpWhmWgWyCpI79
TLSH T1617198CE30602A346E1FC976337498D176D649A42987DECCBCD4BCE25C9AD80B4C6BB5
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.243.183/slovsdih/mipsn/an/aelf geofenced mips mirai ua-wget USA
http://91.92.243.183/slovsdih/mpsl31d344ad3851fefecf6deb9b041b002a399bf107180df58176f843af47fefe8a Miraielf geofenced mips mirai ua-wget USA
http://91.92.243.183/slovsdih/armv4lccd050270e02672da2f60cd1dbe2fb313bfb0fa3a6a6c07c88834b750306b021 Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv5l8314c1d1bfbb360884714aff6e7e27864e83094093273e67cf0b3d03f891880a Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv6l505196d4fffb940616b2fdcd82d550984bccd34073898d7b2d363e819acebc30 Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv7l47248f678990f49988c3df5a2f8c41a8e41fbc7ce5c5ace26d02ffb0a97d2cda Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/powerpca95c2797f19501a22ebb32cb33c2c56bdd1b49fc4b4d65e5d2b0bd8c5081b299 Miraielf geofenced mirai PowerPC ua-wget USA
http://91.92.243.183/slovsdih/m68k44ff33a965f7c9227fd39f440e612607ccf0cfac72d9d90ba36a97928f91012e Miraielf geofenced m68k mirai ua-wget USA
http://91.92.243.183/slovsdih/sh4666f79067a139cb03fa80e5fd8732ade3311eadb6e9bd0ce043ca1f4c1a67831 Miraielf geofenced mirai SuperH ua-wget USA
http://91.92.243.183/slovsdih/sparc509ddb3b6d78fb1480cc8bf1d7979a0db088c7da4abe4d8798f9afaa4571ca44 Miraielf geofenced mirai sparc ua-wget USA
http://91.92.243.183/slovsdih/x86_641d60ba0f1c81543138c64f22497f9eadcd61010dea522925c59df423ad81af29 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
2
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6939289b64bd958a520f764e/reports/22675b56-e9d1-4f90-b416-b1e029737ae8/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-10T00:28:00Z UTC
Last seen:
2025-12-10T07:17:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-12-10 07:30:04 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3s7bnflvsxgnmhwzpt2e6b5fsz3yrpkixwid7rui544zlmatf6iq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251210-jv8g9awnaj/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dcbe16957595ccd61ed97cf44f07a5967788bd48bd903fc688ef3995b0132f91

(this sample)

Mirai

elf 207ca7b4d95732a92aa9fd34185084b127bc5e3fcfcd2061874d452f76290dc5

  
URLhaus
https://urlhaus.abuse.ch/url/3730444/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3730451/
  
Dropping
MD5 72491f3633b909cbb94b5bdee0f7ad8a
  
Dropping
SHA256 207ca7b4d95732a92aa9fd34185084b127bc5e3fcfcd2061874d452f76290dc5
  
URLhaus
https://urlhaus.abuse.ch/url/3730221/

Comments