MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5
SHA3-384 hash:	53c39a9344179ac50744364eb601806fb93abd274678cec5ada498985664e290121105fe57c80d3869e4593adf5b5a85
SHA1 hash:	8610b8206b0144a70d68e76d02fdf9bb89f6518f
MD5 hash:	5e7fc5def8429c9f1e8192065be2c29f
humanhash:	ink-washington-utah-leopard
File name:	jaws
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'825 bytes
First seen:	2025-08-23 06:27:51 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:cUltoc7tAPvWe+CIpc2odkUuuuaiGk/h8O3:cULdCIpc+aiG4p3
TLSH	T1F851C5EF712716A6499CAE0BF1B6846C7062C3C520968B8DF99C3CBD62DDA04B014B66
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.125.66.56/arm	1c6ad7da3701f41af453d1701d5656e256a6dcf08023270b2926685b82a19d07	Mirai	ddos DEU elf geofenced mirai
http://45.125.66.56/arm5	ff2d4387cb624cfb0eb01dfe59d09c8acc09eec41873016cc1590b6cffdd10c7	Mirai	ddos DEU elf geofenced mirai
http://45.125.66.56/arm6	5e29e6ac19c524f249a4e5800d6458735f5d131a6d9d59ea37dc716f7215dc31	Mirai	ddos DEU elf geofenced mirai
http://45.125.66.56/arm7	b772d55640399dee9b277a0ffd7ef8f65bb87363dbfdd0634cb88328528f369d	Mirai	404 censys DEU elf geofenced mirai ua-wget
http://45.125.66.56/mips	6d8b92be20e13565fd61d105c44acadca0a7dac38eca5bc5693c5867b84fe62f	Mirai	ddos DEU elf geofenced mirai
http://45.125.66.56/mpsl	3c2e72b972e03e620def95ca99d0af072db842dd0d016891fc30527770190a92	Mirai	ddos DEU elf geofenced mirai
http://45.125.66.56/spc	39fae3e0e9e2ba27ffa0eb62a244b16552abc21083dfceeb66dfc080c316696c	Mirai	DEU elf geofenced mirai ua-wget
http://45.125.66.56/sh4	ac4a61edcb0c971f8f6b4b13f51e4105b4c838a344022091f1dcf351240a80b5	Mirai	DEU elf geofenced mirai ua-wget
http://45.125.66.56/ppc	fd07238570884beaa7f26c644408b18524fd2cc7c3b765ec24a0e9a36069d45a	Mirai	DEU elf geofenced mirai ua-wget
http://45.125.66.56/x86_64	c39196e5ab865850c997492cc40ea9e9533ce1bcf915b255647f4ad82418be25	Mirai	DEU elf geofenced mirai ua-wget
http://45.125.66.56/x86	b137e7049facd81bf0e15a0bb6b0135732a43e126b799e903798f05ef87ca98e	Mirai	ddos DEU elf gafgyt geofenced mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive mirai

Link:

https://www.filescan.io/uploads/6919a09ba130a437f88eb0d4/reports/a231c060-f47d-464d-8236-99938136faf4/overview

Verdict:

Malicious

Labled as:

Bash.MiraiA.Generic

Link:

https://www.hybrid-analysis.com/sample/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5

Verdict:

Malicious

File Type:

text

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/216583c6-df8c-4859-9c97-e979675e9dd7

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5

Threat name:

Script-Shell.Worm.Mirai

Status:

Malicious

First seen:

2025-08-23 07:10:21 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ajpevcucl345zql5xhclch4icyvlveyjjagvh5mznpcawxotn2sq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250823-hzs3paam7y/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 025e4a8a825ef9dcc17db9c4b11f88162aba9309480d53f5996bc40b5dd36ea5

(this sample)

Mirai

elf c21d7c148613fb4ab451aac48986372ff50b566dfff298f6acb585633c8788ad

URLhaus

https://urlhaus.abuse.ch/url/3464239/

Delivery method

Distributed via web download

Dropping

MD5 3725ca06329a35c602f5640d4fbf58dd

Dropping

SHA256 c21d7c148613fb4ab451aac48986372ff50b566dfff298f6acb585633c8788ad

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample