MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678
SHA3-384 hash: 0c5e588e7c87806a35e432f239509aaf0a97c4cac3b8e54df5f92a7371b696f114b5adb370d527e8c342eadd622c05d0
SHA1 hash: bb76f6a2404dcde94d803254a4cf322c1bee0a57
MD5 hash: de73fa06ff5f3d5d143a26ffd661a6e4
humanhash: uncle-lamp-alabama-october
File name:cat.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'845 bytes
First seen:2026-02-18 07:40:11 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:HDdQC1WKrBM/hpi1bWK2wc6fko7egKPJd4vH9:iC1WJJo7eg
TLSH T17031AD9FA0F41A81C6CBCE0070E58DCAA39E999473F94732EC851EB69489D943C59B37
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://82.26.74.181/iran.x86_641fc381e68e378a00b766422addaa4fcdca5135bb3c578fb8989d330e9a41c910 Miraielf mirai ua-wget
http://82.26.74.181/iran.aarch640391734eb7aa0ea1e978ca1eb0c2f14b7dfed5fed09c3cf372c4513224e88f1e Miraielf mirai ua-wget
http://82.26.74.181/iran.m68k40c63c16669111687fd70a7dff477c5de0d4315ab4546616952ff9fcbd09dd64 Miraielf mirai ua-wget
http://82.26.74.181/iran.mipsa77342953b19d227b0246218e03b861f48163616413cbd02abc0017cb134e09d Miraielf mirai ua-wget
http://82.26.74.181/iran.mipseln/an/aelf ua-wget
http://82.26.74.181/iran.powerpcn/an/aelf ua-wget
http://82.26.74.181/iran.sparcn/an/aelf ua-wget
http://82.26.74.181/iran.sh447211bc5318a0a940a9bbd822a712ad392f5bf7259f343b126ceaf1a03959ce2 Miraielf mirai ua-wget
http://82.26.74.181/iran.arce0cf5e22f26ad92af04d47b7d6f0cfabb1ca995d494de0c20eee78b2291d0e2b Miraielf mirai ua-wget
http://82.26.74.181/iran.i4860ca32f4de6c7ffff7908e5f2d68408738bb1e1b9d2e65175fa269e3abe414a45 Miraielf mirai ua-wget
http://82.26.74.181/iran.armv4l9989c3049e0c5728cdf5d1ab5ec56feb172e1743ed720acb218649fc2d364fef Miraielf mirai ua-wget
http://82.26.74.181/iran.armv5l0f5ad08e9c2b029898dc2106c9b84e7bede41df4f1d7b63e1dd78755170ece27 Miraielf mirai ua-wget
http://82.26.74.181/iran.armv6la8ecf6c41a97c3cbad799cfa8df7a3c4c2662551cdcfd3c5c506e802197761da Miraielf mirai ua-wget
http://82.26.74.181/iran.armv7l4a7012327dbcf34c13f88a11977950c9a59168f5da3d5c77f5b73782bc940a44 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1b4ed01a-da1f-41ed-a4af-50bbe701561d
Behavior Graph:
Download SVG
%3 guuid=91d5a38b-1800-0000-ea08-22f5a80d0000 pid=3496 /usr/bin/sudo guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499 /tmp/sample.bin guuid=91d5a38b-1800-0000-ea08-22f5a80d0000 pid=3496->guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499 execve guuid=24cac08d-1800-0000-ea08-22f5ac0d0000 pid=3500 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=24cac08d-1800-0000-ea08-22f5ac0d0000 pid=3500 execve guuid=6aa32795-1800-0000-ea08-22f5b60d0000 pid=3510 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=6aa32795-1800-0000-ea08-22f5b60d0000 pid=3510 execve guuid=8c786195-1800-0000-ea08-22f5b80d0000 pid=3512 /home/sandbox/iran.x86_64 mprotect-exec guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=8c786195-1800-0000-ea08-22f5b80d0000 pid=3512 execve guuid=aad61196-1800-0000-ea08-22f5bd0d0000 pid=3517 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=aad61196-1800-0000-ea08-22f5bd0d0000 pid=3517 execve guuid=e7631c9c-1800-0000-ea08-22f5c90d0000 pid=3529 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=e7631c9c-1800-0000-ea08-22f5c90d0000 pid=3529 execve guuid=6c186d9c-1800-0000-ea08-22f5ca0d0000 pid=3530 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=6c186d9c-1800-0000-ea08-22f5ca0d0000 pid=3530 clone guuid=0a99219d-1800-0000-ea08-22f5cc0d0000 pid=3532 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=0a99219d-1800-0000-ea08-22f5cc0d0000 pid=3532 execve guuid=58e598a2-1800-0000-ea08-22f5d80d0000 pid=3544 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=58e598a2-1800-0000-ea08-22f5d80d0000 pid=3544 execve guuid=2ed3cea2-1800-0000-ea08-22f5da0d0000 pid=3546 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=2ed3cea2-1800-0000-ea08-22f5da0d0000 pid=3546 clone guuid=f25746a3-1800-0000-ea08-22f5dd0d0000 pid=3549 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=f25746a3-1800-0000-ea08-22f5dd0d0000 pid=3549 execve guuid=90d754aa-1800-0000-ea08-22f5f20d0000 pid=3570 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=90d754aa-1800-0000-ea08-22f5f20d0000 pid=3570 execve guuid=9965c4aa-1800-0000-ea08-22f5f40d0000 pid=3572 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=9965c4aa-1800-0000-ea08-22f5f40d0000 pid=3572 clone guuid=183819ac-1800-0000-ea08-22f5f70d0000 pid=3575 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=183819ac-1800-0000-ea08-22f5f70d0000 pid=3575 execve guuid=10067bb2-1800-0000-ea08-22f5070e0000 pid=3591 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=10067bb2-1800-0000-ea08-22f5070e0000 pid=3591 execve guuid=a94ebfb2-1800-0000-ea08-22f5090e0000 pid=3593 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=a94ebfb2-1800-0000-ea08-22f5090e0000 pid=3593 clone guuid=d4231ab4-1800-0000-ea08-22f50e0e0000 pid=3598 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=d4231ab4-1800-0000-ea08-22f50e0e0000 pid=3598 execve guuid=3a4fa2b9-1800-0000-ea08-22f51c0e0000 pid=3612 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=3a4fa2b9-1800-0000-ea08-22f51c0e0000 pid=3612 execve guuid=1d1802ba-1800-0000-ea08-22f51e0e0000 pid=3614 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=1d1802ba-1800-0000-ea08-22f51e0e0000 pid=3614 clone guuid=2646a5bb-1800-0000-ea08-22f5230e0000 pid=3619 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=2646a5bb-1800-0000-ea08-22f5230e0000 pid=3619 execve guuid=f72c08bf-1800-0000-ea08-22f52b0e0000 pid=3627 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=f72c08bf-1800-0000-ea08-22f52b0e0000 pid=3627 execve guuid=b1105bbf-1800-0000-ea08-22f52d0e0000 pid=3629 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=b1105bbf-1800-0000-ea08-22f52d0e0000 pid=3629 clone guuid=17d7dcc0-1800-0000-ea08-22f5330e0000 pid=3635 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=17d7dcc0-1800-0000-ea08-22f5330e0000 pid=3635 execve guuid=e6c6edc5-1800-0000-ea08-22f5490e0000 pid=3657 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=e6c6edc5-1800-0000-ea08-22f5490e0000 pid=3657 execve guuid=06c745c6-1800-0000-ea08-22f54b0e0000 pid=3659 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=06c745c6-1800-0000-ea08-22f54b0e0000 pid=3659 clone guuid=7f6c18c7-1800-0000-ea08-22f54f0e0000 pid=3663 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=7f6c18c7-1800-0000-ea08-22f54f0e0000 pid=3663 execve guuid=f7e131cd-1800-0000-ea08-22f55f0e0000 pid=3679 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=f7e131cd-1800-0000-ea08-22f55f0e0000 pid=3679 execve guuid=20c4a6cd-1800-0000-ea08-22f5600e0000 pid=3680 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=20c4a6cd-1800-0000-ea08-22f5600e0000 pid=3680 clone guuid=80fd09cf-1800-0000-ea08-22f5680e0000 pid=3688 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=80fd09cf-1800-0000-ea08-22f5680e0000 pid=3688 execve guuid=e8dd8bd3-1800-0000-ea08-22f56f0e0000 pid=3695 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=e8dd8bd3-1800-0000-ea08-22f56f0e0000 pid=3695 execve guuid=260e77d4-1800-0000-ea08-22f5700e0000 pid=3696 /home/sandbox/iran.i486 guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=260e77d4-1800-0000-ea08-22f5700e0000 pid=3696 execve guuid=ba89ddd5-1800-0000-ea08-22f5720e0000 pid=3698 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=ba89ddd5-1800-0000-ea08-22f5720e0000 pid=3698 execve guuid=9b1ea6db-1800-0000-ea08-22f5770e0000 pid=3703 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=9b1ea6db-1800-0000-ea08-22f5770e0000 pid=3703 execve guuid=1f62fddb-1800-0000-ea08-22f5790e0000 pid=3705 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=1f62fddb-1800-0000-ea08-22f5790e0000 pid=3705 clone guuid=e79aa1dc-1800-0000-ea08-22f57e0e0000 pid=3710 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=e79aa1dc-1800-0000-ea08-22f57e0e0000 pid=3710 execve guuid=88de94e2-1800-0000-ea08-22f58a0e0000 pid=3722 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=88de94e2-1800-0000-ea08-22f58a0e0000 pid=3722 execve guuid=b3f903e3-1800-0000-ea08-22f58b0e0000 pid=3723 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=b3f903e3-1800-0000-ea08-22f58b0e0000 pid=3723 clone guuid=4eb872e4-1800-0000-ea08-22f5920e0000 pid=3730 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=4eb872e4-1800-0000-ea08-22f5920e0000 pid=3730 execve guuid=08eb75ea-1800-0000-ea08-22f5a20e0000 pid=3746 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=08eb75ea-1800-0000-ea08-22f5a20e0000 pid=3746 execve guuid=83c0dcea-1800-0000-ea08-22f5a60e0000 pid=3750 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=83c0dcea-1800-0000-ea08-22f5a60e0000 pid=3750 clone guuid=addb2bec-1800-0000-ea08-22f5ab0e0000 pid=3755 /usr/bin/wget net send-data write-file guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=addb2bec-1800-0000-ea08-22f5ab0e0000 pid=3755 execve guuid=613941f2-1800-0000-ea08-22f5c10e0000 pid=3777 /usr/bin/chmod guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=613941f2-1800-0000-ea08-22f5c10e0000 pid=3777 execve guuid=68dd9ff2-1800-0000-ea08-22f5c50e0000 pid=3781 /usr/bin/dash guuid=f9697d8d-1800-0000-ea08-22f5ab0d0000 pid=3499->guuid=68dd9ff2-1800-0000-ea08-22f5c50e0000 pid=3781 clone 54246824-ba71-53e6-98c9-429202503f3e 82.26.74.181:80 guuid=24cac08d-1800-0000-ea08-22f5ac0d0000 pid=3500->54246824-ba71-53e6-98c9-429202503f3e send: 138B guuid=a1420896-1800-0000-ea08-22f5bc0d0000 pid=3516 /home/sandbox/iran.x86_64 zombie guuid=8c786195-1800-0000-ea08-22f5b80d0000 pid=3512->guuid=a1420896-1800-0000-ea08-22f5bc0d0000 pid=3516 clone guuid=15551596-1800-0000-ea08-22f5be0d0000 pid=3518 /home/sandbox/iran.x86_64 delete-file net send-data zombie guuid=a1420896-1800-0000-ea08-22f5bc0d0000 pid=3516->guuid=15551596-1800-0000-ea08-22f5be0d0000 pid=3518 clone guuid=aad61196-1800-0000-ea08-22f5bd0d0000 pid=3517->54246824-ba71-53e6-98c9-429202503f3e send: 139B 271adf77-225e-569c-9474-d50befc01bfd 82.26.74.181:7080 guuid=15551596-1800-0000-ea08-22f5be0d0000 pid=3518->271adf77-225e-569c-9474-d50befc01bfd send: 223B guuid=0a99219d-1800-0000-ea08-22f5cc0d0000 pid=3532->54246824-ba71-53e6-98c9-429202503f3e send: 136B guuid=f25746a3-1800-0000-ea08-22f5dd0d0000 pid=3549->54246824-ba71-53e6-98c9-429202503f3e send: 136B guuid=183819ac-1800-0000-ea08-22f5f70d0000 pid=3575->54246824-ba71-53e6-98c9-429202503f3e send: 138B guuid=d4231ab4-1800-0000-ea08-22f50e0e0000 pid=3598->54246824-ba71-53e6-98c9-429202503f3e send: 139B guuid=2646a5bb-1800-0000-ea08-22f5230e0000 pid=3619->54246824-ba71-53e6-98c9-429202503f3e send: 137B guuid=17d7dcc0-1800-0000-ea08-22f5330e0000 pid=3635->54246824-ba71-53e6-98c9-429202503f3e send: 135B guuid=7f6c18c7-1800-0000-ea08-22f54f0e0000 pid=3663->54246824-ba71-53e6-98c9-429202503f3e send: 135B guuid=80fd09cf-1800-0000-ea08-22f5680e0000 pid=3688->54246824-ba71-53e6-98c9-429202503f3e send: 136B guuid=3bcad2d5-1800-0000-ea08-22f5710e0000 pid=3697 /home/sandbox/iran.i486 guuid=260e77d4-1800-0000-ea08-22f5700e0000 pid=3696->guuid=3bcad2d5-1800-0000-ea08-22f5710e0000 pid=3697 clone guuid=e6f9e1d5-1800-0000-ea08-22f5730e0000 pid=3699 /home/sandbox/iran.i486 delete-file net send-data zombie guuid=3bcad2d5-1800-0000-ea08-22f5710e0000 pid=3697->guuid=e6f9e1d5-1800-0000-ea08-22f5730e0000 pid=3699 clone guuid=ba89ddd5-1800-0000-ea08-22f5720e0000 pid=3698->54246824-ba71-53e6-98c9-429202503f3e send: 138B guuid=e6f9e1d5-1800-0000-ea08-22f5730e0000 pid=3699->271adf77-225e-569c-9474-d50befc01bfd send: 19B guuid=e79aa1dc-1800-0000-ea08-22f57e0e0000 pid=3710->54246824-ba71-53e6-98c9-429202503f3e send: 138B guuid=4eb872e4-1800-0000-ea08-22f5920e0000 pid=3730->54246824-ba71-53e6-98c9-429202503f3e send: 138B guuid=addb2bec-1800-0000-ea08-22f5ab0e0000 pid=3755->54246824-ba71-53e6-98c9-429202503f3e send: 138B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-02-18 03:10:34 UTC
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ni4ymhvvrb2ttco5dqdnwqdcnp57w24fbowkfuc5fwueva72z4a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260218-jhsk9scv6f/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
UPX packed file
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fb51cc30f5ac43a9cc4ee8e036da03135fdfdb5c285d651682e96d42541fd678

(this sample)

elf cdf6274b285a878c90ab83043f151754e46b957db39631e598f34b1d6b99424d

  
URLhaus
https://urlhaus.abuse.ch/url/3780158/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f062256a728938037f48e484fbe39e2c
  
Dropping
SHA256 cdf6274b285a878c90ab83043f151754e46b957db39631e598f34b1d6b99424d

Comments