MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914
SHA3-384 hash: 71286af5041677b023aa0cb10e86c76d2218cd5416c826d37c54bb11c23f558b74515aec7cafb3750aaea185070fb358
SHA1 hash: a75a4aa7ee8dac2d17c852d80bcb5d50ea2a80a7
MD5 hash: 8d514fd49ce44d1c4f0c406d6dd2f1b7
humanhash: august-wolfram-oxygen-colorado
File name:busybox.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'512 bytes
First seen:2025-08-06 07:59:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:mNJuhzJuMEjNNIZ+uj/RKWu3LEad+ua9pK9NU+u9YruVJuczBurzXuczxuxZu8:mNkhzkMEjcDj/Rm3LEadDa9E9NUD9YSx
TLSH T11E3186CF02708B6541A9FF47FD76DFDD200284D42617AF859B9C543EB188D297C99B44
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.123.2.48/hiddenbin/Space.arm3d89ce5420e77831a93a6554ff94397cca4407e781bb19c01c81cad44ec1e8be Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.arm5513bf635c83cd4778d0e20c0e63e0aa2c8f364e1686e56411e940b69aa27922e Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.arm6bc9a70508a1cd983cf33efdb55ecb6671eaef8220f12102c06ed1e9dc0d3b235 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.arm7df18cc811c9f8947ad7490437c1c0396ae70b80800ab98c21a78e6525209ea83 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.mips443aa06a159681b8cfdd7a528a651c7ae7dd08ee3720c746ea7c12951913b1b7 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.mpsl644edc0460ebce6b49ab15a6a95acfbc4c5009a5dd1dabb12b5607ef876b1e61 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.x86904f12cdd935eb1771689401497c567832b44fe5f732691d1737dabd1ea3a47e Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.x86_647a09db51fd42ae8da18a1806f7ed9d3bf29054c3539113e4c52187757d0e81ff Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.ppc13e27d5be8832c2adb1cf8a01fc2ff4282314b46c7b9c2b90f11b71588af7823 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.spccf17883fd6ccf25e8c554ba7cbda5dd868473dcb6285bfb457411770bc123ed9 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.m68k5e24fb1c4fc458551502209b28278a8773a3aa3acb0266cf5b0e10b794b51931 Miraielf mirai ua-wget
http://176.123.2.48/hiddenbin/Space.sh45372416e32381c2274bef37d2794b1e6bc44a5bedb8d781410e37a4fcf49a3ca Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68930b61397fd3ce6f9ed8cc/reports/beae5341-6d9f-4750-a68b-284324c8eb59/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7f860876-9190-4267-9544-9d38275a739c
Behavior Graph:
Download SVG
%3 guuid=f03ff944-1e00-0000-9783-e210490b0000 pid=2889 /usr/bin/sudo guuid=97e56847-1e00-0000-9783-e210500b0000 pid=2896 /tmp/sample.bin guuid=f03ff944-1e00-0000-9783-e210490b0000 pid=2889->guuid=97e56847-1e00-0000-9783-e210500b0000 pid=2896 execve guuid=4034af47-1e00-0000-9783-e210510b0000 pid=2897 /usr/bin/rm guuid=97e56847-1e00-0000-9783-e210500b0000 pid=2896->guuid=4034af47-1e00-0000-9783-e210510b0000 pid=2897 execve guuid=94053d48-1e00-0000-9783-e210530b0000 pid=2899 /usr/bin/busybox guuid=97e56847-1e00-0000-9783-e210500b0000 pid=2896->guuid=94053d48-1e00-0000-9783-e210530b0000 pid=2899 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-06 08:00:55 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4n7kcvok27eldglp34hcnnubz4i2omvdd3klf5ndypllt34xjeka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250806-jvnsvafk71/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e37ea155cad7c8b1996fdf0e26b681cf11a732a31ed4b2f5a3c3d6b9ef974914

(this sample)

Mirai

elf 739ad74215cf6cda3c5fed298484ab958ebca6c86e4a5e65aac81b8906238d60

Mirai

elf 3d89ce5420e77831a93a6554ff94397cca4407e781bb19c01c81cad44ec1e8be

  
URLhaus
https://urlhaus.abuse.ch/url/3597449/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6b7f9fb1463442845b707e9f752651be
  
Dropping
SHA256 3d89ce5420e77831a93a6554ff94397cca4407e781bb19c01c81cad44ec1e8be

Comments