MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a3cb19457bef557ede860ec1b92aad9e82b48764e783bfbc5fc88a2918b36dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	4a3cb19457bef557ede860ec1b92aad9e82b48764e783bfbc5fc88a2918b36dd
SHA3-384 hash:	e2940d87bf12d713ca390c21b1ec9d7b980483a11fa56ba9800dc4c8d5d467f08b62b66f2463983748457302bc5a58b0
SHA1 hash:	eadaf6b5ebd9f1688b17e90c94bff18059f2eec8
MD5 hash:	e3f441ef9e56b4d368b6c2301ce31bda
humanhash:	blue-kitten-asparagus-twelve
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'940 bytes
First seen:	2025-11-23 15:52:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vl7k7N7hlv6GlgXzPlfKWlhoUl7h7o7Ulfq3bl09RlNcgl4pVlXSOl7+Cl6fTlCW:vl7k7N7hlv6GlgXzPlfKWlhoUl7h7o7O
TLSH	T1755184CD71440C3459B3EA13FAB7F12C32C9919219ED7B9699E4BAF4839ED143A40B63
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://87.121.84.111/hiddenbin/boatnet.x86	4ecaa18a5b022c8a5117c58255403f0895c4dc50420fad611813b42e089349f8	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.mips	c1d2c0bd3e06459f996a3ff76393d713e6b247b8abc6faae99cef0d5f6d53f3a	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.arc	85498378057cb52b5ace62d7002de39fe4dc1cb85f87d4431ad016933cadb889	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.i468	n/a	n/a	elf ua-wget
http://87.121.84.111/hiddenbin/boatnet.i686	n/a	n/a	elf ua-wget
http://87.121.84.111/hiddenbin/boatnet.x86_64	n/a	n/a	elf ua-wget
http://87.121.84.111/hiddenbin/boatnet.mpsl	0bf8d4c96479982a4659168b3d6af9e32735bf6d7543051483b9b3605b6c6f84	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.arm	fee40bafac78ddf07a4ab46a06d65a5f883248e5eaec69a75f737fc58910af41	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.arm5	4159d8e199ee13ea7ec2355317cae2fca4cd49a27c44adea6dc9c0b7a6b52732	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.arm6	cfb9703c836214ea39423eccb616af841f5f484a6e989b7cd3796113e70aaec4	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.arm7	a209de0c1e19da5680dbaf81ac8bf49bfd772f574aa6906ba7b0b8e2de1cc374	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.ppc	8aee5d92f69ee92a841a5e6333839009a628559f28ccedf6ba652dabf7222dcf	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.spc	48e878a69ec02c9e6abe9766c12aa07f9872406c90b3152ead895d5c038afb52	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.m68k	4cced9b97754b924fe13183a07afb0fca7ba9ee3773ea1fccc6e00a29002e48f	Mirai	elf mirai ua-wget
http://87.121.84.111/hiddenbin/boatnet.sh4	061469b2aa9aa1528f939be37ac60a60fc7c3c3ef3290968ace82b8ad9bc751f	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69232ded6c89728b9825fd32/reports/9c43f7fc-69cd-4273-83b2-d3c5c2d41e6c/overview

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/ea3cc7b5-5a8c-4bec-8c71-c6bf986efa9c

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4a3cb19457bef557ede860ec1b92aad9e82b48764e783bfbc5fc88a2918b36dd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4a3cb19457bef557ede860ec1b92aad9e82b48764e783bfbc5fc88a2918b36dd/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-11-23 15:53:17 UTC

File Type:

Text (Shell)

AV detection:

23 of 36 (63.89%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ji6ldfcxx32vp3pimdwbxevk3hucwsdwjz4dx66f7sekfemlg3oq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251123-tbp7nstkej/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/4a3cb19457be/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.