MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b
SHA3-384 hash: 0a202f17d55b578dbeb70817fef08efcf58f7a0b70cb710a74d87e13da11661bee4541ae2d171e066da24528cebb71f8
SHA1 hash: a0177be6c0f7b9b3a4d5871894755e1ea31867e7
MD5 hash: 43d9eb9c1e56456242f8c4054fa6fa80
humanhash: winter-rugby-bravo-table
File name:i.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'553 bytes
First seen:2026-03-14 08:35:31 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:I9nXgocRygO1E65VpLpQEEocVGLEXHVKOKNIlEdkgVU0KHErSq7F/opUV/rEvY:SwocR3O11fFQ+cvHq5H517JoOd
TLSH T1EF3164FB204003B78429FB1C6779858F93BA9BBB95B1A7D09C9C3524E4499B5FC07918
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.142.209.47/wlan.x86b01b3b0619cfea63f4571b8e5bf6d7d8ac42fcc575e5bd7fb3de862363581957 Miraielf mirai ua-wget
http://83.142.209.47/wlan.mipsca01e4ee41985c3cd05d3bc63858149b6e0b2a6f6c89fbb24ad04d3388597a27 Miraielf mirai ua-wget
http://83.142.209.47/wlan.mpsl8a03988c30292d8f652dcfe268e6c8754c2921dc64195cc305ef560c80f315c0 Miraielf mips mirai ua-wget
http://83.142.209.47/wlan.arma2c2de4e3cd24dece7fae061225d51584195aa36e347f8e84ad2a42a7742b096 Miraielf mirai ua-wget
http://83.142.209.47/wlan.arm5c39cbdab3346012b5bd8963be09dd793f3e3f4d6f147c3081db38ac7d56ca190 Miraielf mirai ua-wget
http://83.142.209.47/wlan.arm68eb7ee8fb3706ecb8fc1d78f3660698c6c51b73b98715453cd54bb50750eda56 Miraielf mirai ua-wget
http://83.142.209.47/wlan.arm7019670738b1676dfd487140a49d27781f90fbf9a67575ebc5f18c86ddfa8eb00 Miraielf mirai ua-wget
http://83.142.209.47/wlan.ppcbfbf271eca3d08b58433f0bbb817a6f071463ec5057cacc61f444d8a3f893fd6 Miraielf mirai ua-wget
http://83.142.209.47/wlan.m68k0ca5267f3d12b849c41c230b04b244d20f1002995aaa625ce1ada5dcbb12a227 Miraielf mirai ua-wget
http://83.142.209.47/wlan.spc7f802e260878810574f322fc3332a8801726e71fc87527f62afb6a26f80d90fb Miraielf mirai ua-wget
http://83.142.209.47/wlan.arc3877ca1892bd6c2b1be78c81521f87420dfe7bf881d94955a73c0006dc6a44b5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive medusa mirai
Link:
https://www.filescan.io/uploads/69b51dff4ec2f522cc49079a/reports/d5383c9f-91f5-4620-84e8-83405ce5cc28/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/71eb9941-5385-4774-bb05-04150f6b2b58
Behavior Graph:
Download SVG
%3 guuid=7f1a4fa2-1900-0000-121d-a16d3d080000 pid=2109 /usr/bin/sudo guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112 /tmp/sample.bin guuid=7f1a4fa2-1900-0000-121d-a16d3d080000 pid=2109->guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112 execve guuid=f09d3ca5-1900-0000-121d-a16d42080000 pid=2114 /usr/bin/cp guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112->guuid=f09d3ca5-1900-0000-121d-a16d42080000 pid=2114 execve guuid=c38a5bac-1900-0000-121d-a16d4f080000 pid=2127 /usr/bin/wget net send-data write-file guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112->guuid=c38a5bac-1900-0000-121d-a16d4f080000 pid=2127 execve guuid=2fc24ab4-1900-0000-121d-a16d60080000 pid=2144 /usr/bin/curl net send-data write-file guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112->guuid=2fc24ab4-1900-0000-121d-a16d60080000 pid=2144 execve guuid=f71741cf-1900-0000-121d-a16daa080000 pid=2218 /usr/bin/chmod guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112->guuid=f71741cf-1900-0000-121d-a16daa080000 pid=2218 execve guuid=0b80a5cf-1900-0000-121d-a16dac080000 pid=2220 /tmp/wlan.x86 net send-data guuid=0699a7a4-1900-0000-121d-a16d40080000 pid=2112->guuid=0b80a5cf-1900-0000-121d-a16dac080000 pid=2220 execve 1e8c78e4-2996-59ce-b7bf-466b6db6c720 83.142.209.47:80 guuid=c38a5bac-1900-0000-121d-a16d4f080000 pid=2127->1e8c78e4-2996-59ce-b7bf-466b6db6c720 send: 136B guuid=2fc24ab4-1900-0000-121d-a16d60080000 pid=2144->1e8c78e4-2996-59ce-b7bf-466b6db6c720 send: 85B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0b80a5cf-1900-0000-121d-a16dac080000 pid=2220->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 7b864ecf-d23a-5cc7-bc51-8e23247e3b30 83.142.209.67:2139 guuid=0b80a5cf-1900-0000-121d-a16dac080000 pid=2220->7b864ecf-d23a-5cc7-bc51-8e23247e3b30 send: 35B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-03-14 06:09:35 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7szhjgwzmjry6mcwzmni7l3jinn52dipcjy7ocv6i546l6ju7ofq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260314-khpeaabt41/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fcb2749ad962/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fcb2749ad962638f3056cb1a8faf69435bdd0d0f1271f70abe4779e5f934fb8b

(this sample)

Mirai

elf 8a03988c30292d8f652dcfe268e6c8754c2921dc64195cc305ef560c80f315c0

  
URLhaus
https://urlhaus.abuse.ch/url/3795625/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c74c811ef271e4effc9113ad75638db1
  
Dropping
SHA256 8a03988c30292d8f652dcfe268e6c8754c2921dc64195cc305ef560c80f315c0

Comments