MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a
SHA3-384 hash:	fbe308f618c76317d4950e4ac082d50feca4958fbd340ac5e1c0141d4f6479b557e1221df99cd090eead4e19ea761f6c
SHA1 hash:	8a9b6d390bcf3676ebbf5523ecb4ed94227fa3a7
MD5 hash:	d129ff831bb3a7ffed1efdc4ed87d154
humanhash:	video-michigan-sierra-skylark
File name:	p
Download:	download sample
Signature	Mirai Create hunting rule
File size:	830 bytes
First seen:	2026-06-23 04:24:40 UTC
Last seen:	2026-06-23 13:09:36 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:kXCKysE2hi0ziQvZohaLFOoDkbXEARF8X389Pf7:e9Qp+MsxtkbXE0FG381D
TLSH	T19801ABD68410A9204419DA1D22CB5150F440C3CF5A4B0F687F9C6E7EFBA8E14B026F85
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://129.121.114.124/9DB9	59160a685c30b77db8bbd554f2f1bc6e095944bf4bf3daab7c277bac7fca5fb5	Mirai	arm elf mirai ua-wget
http://129.121.114.124/OIx	2d8f91170a27ded0f31aa44ae7afa77c68fe2ca41b4d52750cb3d8cbaaefd2b5	Mirai	arm elf mirai ua-wget
http://129.121.114.124/QIC	b67f4541aa89e84cd5df5c7d4b3dbaaf86808bfabc3047488abf91c15e7a62a2	Mirai	arm elf mirai ua-wget
http://129.121.114.124/3kjE	e3e19b2eafce2b14f27b9a9891496baab47ed18a3b4c1b8634af97581347c36a	Mirai	elf mips mirai ua-wget
http://129.121.114.124/Nwk	989b055516ad13b8f28ce06db256e45db0135e19b91980fae419514ea4abf8b8	Mirai	elf mips mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

File Type:

Script

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/01292fd4-d595-43d4-80fd-b3b0f3c457ff

Behavior Graph:

Download SVG

Score:

94%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=35yjzbcklptk5lvknjmf447cobuihylq5y4ib2jd2qkh3mwvlfva._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery linux

Link:

https://tria.ge/reports/260623-e2dh8saw5s/

Behaviour

Reads runtime system information

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.26

Link:

https://yomi.yoroi.company/submissions/df709c844a5be6aeaeaa6a585e73e2706883e170ee3880e923d4147db2d5596a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.