MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219
SHA3-384 hash: b1024ff3c9bd48cfaf6d4d9fc408017c5b9f2a2af29d69a21002d1e66e60d5c06b1b4167b6516fbcd19f4637cda9a5a9
SHA1 hash: a1d2ab6bb2a942ea3a47c67e8ee14f57dc591622
MD5 hash: 393798b2e6e3d44611577778c4e38e0b
humanhash: double-yankee-fruit-charlie
File name:weball.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'492 bytes
First seen:2025-12-24 08:44:22 UTC
Last seen:2025-12-24 10:25:15 UTC
File type: sh
MIME type:text/plain
ssdeep 48:YXruqQqK0IadUsUaunh6apwMZBnZ+VkRS7AF3OHHZNc4:YbBVNhKT/4aGuBZ+KEzT
TLSH T16C5110ED03801B3A391A4A24A3E359AC89458FC4B25A576CD4C93C279C0F65CB7F9DD3
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.154.35.154/x86_64.uhavenobotsxdc2bde30bd9c006356ffe98004652b3646c5854790e9caa0dca64aecf04a3d040 Miraielf geofenced mirai ua-wget USA x86
http://94.154.35.154/x86_32.uhavenobotsxd414d350e3083740c9ae4fe6f8802a37b94e6ccaf3e1f7ad6538a42359b5488dc Miraielf geofenced mirai ua-wget USA x86
http://94.154.35.154/powerpc.uhavenobotsxd60234fca52e069a9dc260e80041cbf2916acd53d2083bba025535a2b785a16fd Miraielf geofenced mirai PowerPC ua-wget USA
http://94.154.35.154/mips.uhavenobotsxd8c87854bd0292cf2d99b994796343815e60c18b0bf9614279be5393c2e01d6e4 Miraielf geofenced mips mirai ua-wget USA
http://94.154.35.154/mipsel.uhavenobotsxd86d5abd5dde21acd62a1bab766359b07b8056ab5ff2fcf7fe7043500725064fd Miraielf geofenced mips mirai ua-wget USA
http://94.154.35.154/arm.uhavenobotsxdcc924e5fcd0d3b0a60dbd4dd7af49608a38700e018ac051cdf90819575f1ea58 Miraiarm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm5.uhavenobotsxd7d0f0c97386f2f5a62693ae808d386be72ff03e1f3918b8ef6110fe4d62460f8 Miraiarm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm6.uhavenobotsxd4ef8d3838f23d0147efbbfc2965b04bf7a42c9944601020735bd0c25a7a59c2c Miraiarm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm7.uhavenobotsxdfcff5a3aa406899ab947d468969e4c2485c8bdc8ef71f4eac15f3e85d54c79c8 Miraiarm elf geofenced mirai ua-wget USA
http://94.154.35.154/sparc.uhavenobotsxdn/an/aelf ua-wget
http://94.154.35.154/m68k.uhavenobotsxdn/an/aelf ua-wget
http://94.154.35.154/sh4.uhavenobotsxdn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive medusa mirai
Link:
https://www.filescan.io/uploads/694ba8243f8fdbf8e950e40e/reports/587cd4ec-ec2e-4580-a9a4-ede480d050ab/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-24T05:52:00Z UTC
Last seen:
2025-12-24T06:06:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-12-24 08:45:20 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=65vwjvblwyjjnvi7tqys7wuw7c777rk7t2hyuegty6p2u3rriimq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251224-kndvqstrhw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f76b64d42bb61296d51f9c312fda96f8bfffc55f9e8f8a10d3c79faa6e314219

(this sample)

Mirai

elf ea95889e1be7ae3975562b861493eb7ee6d2ef2e01b5d2960b52cd53305db4a3

  
URLhaus
https://urlhaus.abuse.ch/url/3734248/
  
Delivery method
Distributed via web download
  
Dropping
MD5 65834d748a2da9ee4a625160c1b79ff7
  
Dropping
SHA256 ea95889e1be7ae3975562b861493eb7ee6d2ef2e01b5d2960b52cd53305db4a3

Comments