MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c
SHA3-384 hash:	79cf02402702eb1ebef8eea7cc75a57ea85d1b1a8aeea9083b67cb1b3faaeab5dabd5f070a87c1cf8298edc3c74c0948
SHA1 hash:	ae73eeabc05aedee0a377f7fd37065949a1caad7
MD5 hash:	a1c0b619c4b6eeb9e3afeb5f1bd5d249
humanhash:	harry-red-march-oranges
File name:	res
Download:	download sample
Signature	Mirai Create hunting rule
File size:	290 bytes
First seen:	2025-11-07 23:42:29 UTC
Last seen:	2025-11-08 06:12:19 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	6:hftJ+pUKUF2RVYrV/jkOYf53I4Y3FoF/fkVKhOXqIKXD73IKX+N1IEWYq1IKBKW:ZtJ+jRaV7YJF0ghsOTh4WYO8W
TLSH	T1B2D0C259FC420836B8758CBA77DB3451910B920B6A06958A31CB520AAAE4960A060453
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

File Origin

# of uploads :

2

# of downloads :

29

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-23.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/690e841245d0218fdf1e0254/reports/ac63d8b1-1141-422d-9041-433fe4c228a1/overview

Verdict:

Malicious

Labled as:

Bash.MiraiB.Generic

Link:

https://www.hybrid-analysis.com/sample/04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-07T21:04:00Z UTC

Last seen:

2025-11-07T22:28:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/c4e501c5-d345-434f-8126-d45c44bc73aa

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c/

Threat name:

Linux.Downloader.MiraiB

Status:

Malicious

First seen:

2025-11-08 00:19:00 UTC

File Type:

Text (Shell)

AV detection:

14 of 24 (58.33%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=arjwui5viac3ipwlw4miyoooteviklucjrqiujvhqn5wakak25wa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 04536a23b54005b43ecbb7188c39ce992a852e824c608a26a7837b60280ad76c

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3687015/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3686872/

URLhaus

https://urlhaus.abuse.ch/url/3686867/

URLhaus

https://urlhaus.abuse.ch/url/3686941/

URLhaus

https://urlhaus.abuse.ch/url/3686889/

URLhaus

https://urlhaus.abuse.ch/url/3686792/

URLhaus

https://urlhaus.abuse.ch/url/3687011/

URLhaus

https://urlhaus.abuse.ch/url/3687012/

URLhaus

https://urlhaus.abuse.ch/url/3686874/

URLhaus

https://urlhaus.abuse.ch/url/3687010/

URLhaus

https://urlhaus.abuse.ch/url/3687018/

URLhaus

https://urlhaus.abuse.ch/url/3686915/

URLhaus

https://urlhaus.abuse.ch/url/3687060/

URLhaus

https://urlhaus.abuse.ch/url/3687030/

URLhaus

https://urlhaus.abuse.ch/url/3686895/

URLhaus

https://urlhaus.abuse.ch/url/3686875/

URLhaus

https://urlhaus.abuse.ch/url/3686861/

URLhaus

https://urlhaus.abuse.ch/url/3687016/

URLhaus

https://urlhaus.abuse.ch/url/3686892/

URLhaus

https://urlhaus.abuse.ch/url/3686791/

URLhaus

https://urlhaus.abuse.ch/url/3686945/

URLhaus

https://urlhaus.abuse.ch/url/3686794/

URLhaus

https://urlhaus.abuse.ch/url/3686727/

URLhaus

https://urlhaus.abuse.ch/url/3686868/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample