MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff
SHA3-384 hash:	e688ef813da4ce0297fbc1485e013f3adbf76201d895ee9e1469150d99ff4ce2dc8a75f0daf22c64aeacf92c1eb592fd
SHA1 hash:	1559bd551946945a3cafcdb5f3761edef8b194d2
MD5 hash:	70301f60cfa959142e2d21c4538330cd
humanhash:	twenty-magnesium-sad-coffee
File name:	bins.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	910 bytes
First seen:	2025-11-05 04:28:52 UTC
Last seen:	2025-11-05 16:03:32 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:XtA/syYzZ3OhXvuS9dLa+Jdz7+y5yswTm6:XtA/J430vu4usdzzoJB
TLSH	T146117C906C851587A8DBFE1C712A93F231412C74E5A0123DD2A7EE16C87EE32B90E631
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Mirai-82.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-2.UNOFFICIAL

Gathering data

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-03T10:14:00Z UTC

Last seen:

2025-11-07T00:44:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Mirai.a

Link:

https://opentip.kaspersky.com/dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/c226e3df-265f-4096-b322-b9ac78fd153c

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff

Threat name:

Linux.Browser.Downlaoder

Status:

Malicious

First seen:

2025-11-05 04:12:01 UTC

File Type:

Text (Shell)

AV detection:

11 of 24 (45.83%)

Threat level:

4/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3vd3l565ukw6tqi66bivrvrnlvpwhpeqtt6oikqdachx4gyzfd7q._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:mirai botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/251105-e7wxrsslhk/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Reads system network configuration

Creates a large amount of network flows

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (4008) amount of remote hosts

Mirai

Mirai family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.54

Link:

https://yomi.yoroi.company/submissions/dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dd47b5f7dda2ade9c11ef05158d62d5d5f63bc909cfce42a03008f7e1b1928ff

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3696719/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3696720/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample