MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b
SHA3-384 hash: dd6cc39927f09bae6eed8b97cbd7a4194194ea0cb3dba0244733ee2a5889ecf945e300bbda168c26e613c694bdc4efcd
SHA1 hash: f8f09de8b3377b138dbb2623d53aee56c0677bf9
MD5 hash: 1f7a4e570626c7ca631bce05624fdfee
humanhash: ack-wyoming-low-river
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2026-02-06 13:59:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:q876O62JMIDyDbiB8fnfuZUWUWcvyy2DCnCbwLZbL7kzS3tOthM3IEy:qD2JMO0biBOfuZ+Cbw4
TLSH T1DB51FFDB0284DB32D65DC54EB7F4F174610AA1C3A7DF9A08EE84982D8EC9D4C7295F44
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnaarch64xnxn138f53cd84a35d559caf135ba303561ae512cf021a0695007d3f35aa4b2d0ce7 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxni386xnxnb83fffea0b006e6fa2da6996d3def8c456748ac3d0e7c3b66b50dd4487517fe8 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnloongarch64xnxn9ee46d975a62257aae4f89e54567ddc9741fad772edb841945b9b9b1e2eb4ef4 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnm68kxnxn6c3084719885b74ddc4df94315b1e69b8437932c97cf1285991714e07b24a1dc Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnmicroblazexnxnbbf16ef56ce5a7c0a18fe2417630207252ad958851022dcfb83d5d0fbcf80e01 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnmipsxnxne7995882447589b695c9dfcfbccc950c3290d54bb542edbfa9d55b2cb0320a19 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnor1kxnxn676f96d7917701659be60980f72229ef13468fb8d252ca440fb3cb32351a8cb7 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnpowerpcxnxn651badbc0b0fb921ba265a0b2e45d85c545e84176d561b015a7b4f69e6485597 Miraicensys elf ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnriscv32xnxn4f039aded6ab4f03b65c154041c75c4f11afeabe9ffb3ac97c9917899afb848b Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnriscv64xnxn1c4f98b2670703e322dcbe7632ee2710254735e81bb7452fa2b143158a8b7177 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnsh2xnxn68adace32b0c58038f40b6e1e5944b45d538b9235267eaf784fc59154e05e0b6 Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnsh4xnxn5095dc1dd7840e0adcc303bd7fde79860f6ef2f7bbb4efe965ad1504b45732ab Miraicensys elf mirai ua-wget
http://176.65.139.14/bins/xnxnxnxnxnxnxnxnx86_64xnxn6cb7870aae63066b377daeb290a0b423b3506af433b042925299146eb6c0af9c Miraicensys elf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm evasive mirai
Link:
https://www.filescan.io/uploads/6985f413930564ff3c8f612d/reports/0becf38f-2cbb-4643-9b24-cded83563820/overview
Result
Gathering data
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-06 14:00:36 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jx5d7meucjrmp4gye3slbldo2jqg4ub77qxa4yn6es43f3lfj5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260206-ra95cahv2a/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e26fd1fd84a093163f86c1372585637693037281ffe170730df125cd976b2a7b

(this sample)

Mirai

elf 0924efa1769009e593f0a8712133623241ca073d641eb9ec3b3720b1e7f601a4

Mirai

elf 138f53cd84a35d559caf135ba303561ae512cf021a0695007d3f35aa4b2d0ce7

  
URLhaus
https://urlhaus.abuse.ch/url/3773075/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e128d97f7e605908483c200298d57af3
  
Dropping
SHA256 138f53cd84a35d559caf135ba303561ae512cf021a0695007d3f35aa4b2d0ce7

Comments