MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f
SHA3-384 hash: 5e701167227f7461d7dff9393b1b2de63d9a25a9cd6461039c9be7e0b66fe5b2d679007aa2bf16a8e75b9150ac500664
SHA1 hash: 600c9fcc5b4224f9f38fe36fa13a60f8cba6a30f
MD5 hash: 2e1c8123aebb3da062626ee2d62fb323
humanhash: missouri-hot-lima-dakota
File name:download.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'990 bytes
First seen:2026-06-08 10:55:20 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:aYS2w/3HMkmyLI9yYI9yvZnROysQZnROyPfWj/p+WXBWkfyqNgy11PGUOhxTiLd:62w/3HMHeI93I9yZnRODQZnROofIUEBV
TLSH T1525127CF0156706253776B2B3BBAA2ADC04031C318BA5964F91CEF1B4FBD790E4616A3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec
Tags:mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2247.31127.21604.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6a26a0eabf16337e43bb8fc6/reports/ae3c8aaa-aa21-475f-9f86-4246823b8fe1/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cbe85220-018c-4676-9d3f-28038567b40f
Behavior Graph:
Download SVG
%3 guuid=852112ce-3000-0000-eecf-bb8739060000 pid=1593 /usr/bin/sudo guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599 /tmp/sample.bin guuid=852112ce-3000-0000-eecf-bb8739060000 pid=1593->guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599 execve guuid=d21696d0-3000-0000-eecf-bb8741060000 pid=1601 /usr/bin/uname guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=d21696d0-3000-0000-eecf-bb8741060000 pid=1601 execve guuid=062fded0-3000-0000-eecf-bb8742060000 pid=1602 /usr/bin/uname guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=062fded0-3000-0000-eecf-bb8742060000 pid=1602 execve guuid=2f7f35d1-3000-0000-eecf-bb8744060000 pid=1604 /usr/bin/wget net send-data write-file guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=2f7f35d1-3000-0000-eecf-bb8744060000 pid=1604 execve guuid=cca81802-3100-0000-eecf-bb87c9060000 pid=1737 /usr/bin/chmod guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=cca81802-3100-0000-eecf-bb87c9060000 pid=1737 execve guuid=a8696402-3100-0000-eecf-bb87cb060000 pid=1739 /home/sandbox/x86_64 delete-file net guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=a8696402-3100-0000-eecf-bb87cb060000 pid=1739 execve guuid=77938202-3100-0000-eecf-bb87ce060000 pid=1742 /usr/bin/rm guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=77938202-3100-0000-eecf-bb87ce060000 pid=1742 execve guuid=ef62cc02-3100-0000-eecf-bb87d2060000 pid=1746 /usr/bin/rm delete-file guuid=5ad046d0-3000-0000-eecf-bb873f060000 pid=1599->guuid=ef62cc02-3100-0000-eecf-bb87d2060000 pid=1746 execve 682dd4e6-3a33-5f81-b420-ce3d0744040e 38.76.198.108:80 guuid=2f7f35d1-3000-0000-eecf-bb8744060000 pid=1604->682dd4e6-3a33-5f81-b420-ce3d0744040e send: 134B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a8696402-3100-0000-eecf-bb87cb060000 pid=1739->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b5cb7802-3100-0000-eecf-bb87cc060000 pid=1740 /home/sandbox/x86_64 zombie guuid=a8696402-3100-0000-eecf-bb87cb060000 pid=1739->guuid=b5cb7802-3100-0000-eecf-bb87cc060000 pid=1740 clone guuid=c48b8702-3100-0000-eecf-bb87cf060000 pid=1743 /home/sandbox/x86_64 guuid=b5cb7802-3100-0000-eecf-bb87cc060000 pid=1740->guuid=c48b8702-3100-0000-eecf-bb87cf060000 pid=1743 clone guuid=cfc79002-3100-0000-eecf-bb87d0060000 pid=1744 /home/sandbox/x86_64 guuid=b5cb7802-3100-0000-eecf-bb87cc060000 pid=1740->guuid=cfc79002-3100-0000-eecf-bb87d0060000 pid=1744 clone guuid=91559702-3100-0000-eecf-bb87d1060000 pid=1745 /home/sandbox/x86_64 dns net send-data guuid=cfc79002-3100-0000-eecf-bb87d0060000 pid=1744->guuid=91559702-3100-0000-eecf-bb87d1060000 pid=1745 clone guuid=91559702-3100-0000-eecf-bb87d1060000 pid=1745->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 476B 4ca30af3-74ce-5285-83c1-cdb9ccce5c47 js.xiaolin.eu.cc:55650 guuid=91559702-3100-0000-eecf-bb87d1060000 pid=1745->4ca30af3-74ce-5285-83c1-cdb9ccce5c47 con
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-06-08 10:52:47 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=725y6kwcqp5nkflpak6niv2elwxqjo2t4jhdpipryloecfdrtn7q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260608-m1h2bsc19w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Family: Mirai
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.36
Link:
https://yomi.yoroi.company/submissions/febb8f2ac283fad5156f02bcd457445daf04bb53e24e37a1f1c2dc4114719b7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments