MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6
SHA3-384 hash: 1b60b8cee359276d9ab6f8be15ffab6a69d3ab01a703c3201303741c65784db0b7df034e1291308908bb81ebef16c1c7
SHA1 hash: f99f1bd298c8bf41a36f6951def5f9e418999b17
MD5 hash: 4a921eb4873595c4393b70a6ad9440b3
humanhash: chicken-muppet-march-tango
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:919 bytes
First seen:2025-10-16 05:40:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:B0O0XYEc0cNI7e0kKu0d+R0Wj70uTj0nla06t30La0A908R:BlkY94eVflR9XLjPnGaxH
TLSH T1F111AFCF66B121B224C0CDA4A465CA68982EDBC031418F5FDCCD0CF6D5D5D657726E6C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.60.107.93/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://72.60.107.93/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://72.60.107.93/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://72.60.107.93/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://72.60.107.93/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://72.60.107.93/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://72.60.107.93/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://72.60.107.93/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://72.60.107.93/systemcl/sh4n/an/an/a
http://72.60.107.93/systemcl/spcn/an/an/a
http://72.60.107.93/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://72.60.107.93/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68f08852df5cb32bf1ef6003/reports/e67f9b26-8f47-4f62-9a53-7d3d117d9f12/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b15f202a-735c-40e2-8a67-c82d53ba7630
Behavior Graph:
Download SVG
%3 guuid=2b641a7e-2000-0000-9071-504467090000 pid=2407 /usr/bin/sudo guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415 /tmp/sample.bin guuid=2b641a7e-2000-0000-9071-504467090000 pid=2407->guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415 execve guuid=9f0b6381-2000-0000-9071-504470090000 pid=2416 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=9f0b6381-2000-0000-9071-504470090000 pid=2416 execve guuid=76ac0c9f-2000-0000-9071-50449b090000 pid=2459 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=76ac0c9f-2000-0000-9071-50449b090000 pid=2459 execve guuid=121c5c9f-2000-0000-9071-50449c090000 pid=2460 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=121c5c9f-2000-0000-9071-50449c090000 pid=2460 clone guuid=8d86e19f-2000-0000-9071-50449e090000 pid=2462 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=8d86e19f-2000-0000-9071-50449e090000 pid=2462 execve guuid=55577ebd-2000-0000-9071-50449f090000 pid=2463 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=55577ebd-2000-0000-9071-50449f090000 pid=2463 execve guuid=144dc9bd-2000-0000-9071-5044a0090000 pid=2464 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=144dc9bd-2000-0000-9071-5044a0090000 pid=2464 clone guuid=1c9b51be-2000-0000-9071-5044a2090000 pid=2466 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=1c9b51be-2000-0000-9071-5044a2090000 pid=2466 execve guuid=d714ccdc-2000-0000-9071-5044e9090000 pid=2537 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=d714ccdc-2000-0000-9071-5044e9090000 pid=2537 execve guuid=a21c2add-2000-0000-9071-5044ea090000 pid=2538 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=a21c2add-2000-0000-9071-5044ea090000 pid=2538 clone guuid=71f3b0dd-2000-0000-9071-5044ee090000 pid=2542 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=71f3b0dd-2000-0000-9071-5044ee090000 pid=2542 execve guuid=617acd05-2100-0000-9071-5044610a0000 pid=2657 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=617acd05-2100-0000-9071-5044610a0000 pid=2657 execve guuid=ac511206-2100-0000-9071-5044620a0000 pid=2658 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=ac511206-2100-0000-9071-5044620a0000 pid=2658 clone guuid=02aee006-2100-0000-9071-5044670a0000 pid=2663 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=02aee006-2100-0000-9071-5044670a0000 pid=2663 execve guuid=e82a442f-2100-0000-9071-5044d90a0000 pid=2777 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=e82a442f-2100-0000-9071-5044d90a0000 pid=2777 execve guuid=746c8d2f-2100-0000-9071-5044da0a0000 pid=2778 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=746c8d2f-2100-0000-9071-5044da0a0000 pid=2778 clone guuid=d826f630-2100-0000-9071-5044e00a0000 pid=2784 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=d826f630-2100-0000-9071-5044e00a0000 pid=2784 execve guuid=03e48a4f-2100-0000-9071-5044210b0000 pid=2849 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=03e48a4f-2100-0000-9071-5044210b0000 pid=2849 execve guuid=1b3ac74f-2100-0000-9071-5044220b0000 pid=2850 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=1b3ac74f-2100-0000-9071-5044220b0000 pid=2850 clone guuid=ec67a850-2100-0000-9071-5044240b0000 pid=2852 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=ec67a850-2100-0000-9071-5044240b0000 pid=2852 execve guuid=87f59877-2100-0000-9071-5044770b0000 pid=2935 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=87f59877-2100-0000-9071-5044770b0000 pid=2935 execve guuid=b2430478-2100-0000-9071-5044780b0000 pid=2936 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=b2430478-2100-0000-9071-5044780b0000 pid=2936 clone guuid=90868578-2100-0000-9071-50447b0b0000 pid=2939 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=90868578-2100-0000-9071-50447b0b0000 pid=2939 execve guuid=65bedb96-2100-0000-9071-5044b50b0000 pid=2997 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=65bedb96-2100-0000-9071-5044b50b0000 pid=2997 execve guuid=ab8d1e97-2100-0000-9071-5044b60b0000 pid=2998 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=ab8d1e97-2100-0000-9071-5044b60b0000 pid=2998 clone guuid=afc8f297-2100-0000-9071-5044b90b0000 pid=3001 /usr/bin/busybox net send-data guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=afc8f297-2100-0000-9071-5044b90b0000 pid=3001 execve guuid=6414a7ab-2100-0000-9071-5044e10b0000 pid=3041 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=6414a7ab-2100-0000-9071-5044e10b0000 pid=3041 execve guuid=b1a3eeab-2100-0000-9071-5044e30b0000 pid=3043 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=b1a3eeab-2100-0000-9071-5044e30b0000 pid=3043 clone guuid=90e2fdab-2100-0000-9071-5044e40b0000 pid=3044 /usr/bin/busybox net send-data guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=90e2fdab-2100-0000-9071-5044e40b0000 pid=3044 execve guuid=495718c0-2100-0000-9071-5044180c0000 pid=3096 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=495718c0-2100-0000-9071-5044180c0000 pid=3096 execve guuid=b2436cc0-2100-0000-9071-50441a0c0000 pid=3098 /usr/bin/dash guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=b2436cc0-2100-0000-9071-50441a0c0000 pid=3098 clone guuid=c11873c0-2100-0000-9071-50441b0c0000 pid=3099 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=c11873c0-2100-0000-9071-50441b0c0000 pid=3099 execve guuid=6200fadd-2100-0000-9071-50445b0c0000 pid=3163 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=6200fadd-2100-0000-9071-50445b0c0000 pid=3163 execve guuid=cb3d4bde-2100-0000-9071-50445d0c0000 pid=3165 /home/sandbox/x86 net guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=cb3d4bde-2100-0000-9071-50445d0c0000 pid=3165 execve guuid=d2cc07ee-2100-0000-9071-5044850c0000 pid=3205 /usr/bin/busybox net send-data write-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=d2cc07ee-2100-0000-9071-5044850c0000 pid=3205 execve guuid=8feaa40c-2200-0000-9071-5044a70c0000 pid=3239 /usr/bin/chmod guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=8feaa40c-2200-0000-9071-5044a70c0000 pid=3239 execve guuid=bc2f010d-2200-0000-9071-5044a90c0000 pid=3241 /home/sandbox/x86_64 net guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=bc2f010d-2200-0000-9071-5044a90c0000 pid=3241 execve guuid=b8fd1522-2200-0000-9071-5044bd0c0000 pid=3261 /usr/bin/rm delete-file guuid=2ec32281-2000-0000-9071-50446f090000 pid=2415->guuid=b8fd1522-2200-0000-9071-5044bd0c0000 pid=3261 execve 9cc41eb0-d097-5015-ba3b-85bd9aed9e49 72.60.107.93:80 guuid=9f0b6381-2000-0000-9071-504470090000 pid=2416->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 87B guuid=8d86e19f-2000-0000-9071-50449e090000 pid=2462->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=1c9b51be-2000-0000-9071-5044a2090000 pid=2466->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=71f3b0dd-2000-0000-9071-5044ee090000 pid=2542->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=02aee006-2100-0000-9071-5044670a0000 pid=2663->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=d826f630-2100-0000-9071-5044e00a0000 pid=2784->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=ec67a850-2100-0000-9071-5044240b0000 pid=2852->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 88B guuid=90868578-2100-0000-9071-50447b0b0000 pid=2939->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 87B guuid=afc8f297-2100-0000-9071-5044b90b0000 pid=3001->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 87B guuid=90e2fdab-2100-0000-9071-5044e40b0000 pid=3044->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 87B guuid=c11873c0-2100-0000-9071-50441b0c0000 pid=3099->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=cb3d4bde-2100-0000-9071-50445d0c0000 pid=3165->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ce3efaed-2100-0000-9071-5044830c0000 pid=3203 /home/sandbox/x86 guuid=cb3d4bde-2100-0000-9071-50445d0c0000 pid=3165->guuid=ce3efaed-2100-0000-9071-5044830c0000 pid=3203 clone guuid=1b6efeed-2100-0000-9071-5044840c0000 pid=3204 /home/sandbox/x86 net send-data zombie guuid=cb3d4bde-2100-0000-9071-50445d0c0000 pid=3165->guuid=1b6efeed-2100-0000-9071-5044840c0000 pid=3204 clone guuid=1b6efeed-2100-0000-9071-5044840c0000 pid=3204->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=1b6efeed-2100-0000-9071-5044840c0000 pid=3204->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=d2cc07ee-2100-0000-9071-5044850c0000 pid=3205->9cc41eb0-d097-5015-ba3b-85bd9aed9e49 send: 90B guuid=bc2f010d-2200-0000-9071-5044a90c0000 pid=3241->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1b12fa21-2200-0000-9071-5044bb0c0000 pid=3259 /home/sandbox/x86_64 guuid=bc2f010d-2200-0000-9071-5044a90c0000 pid=3241->guuid=1b12fa21-2200-0000-9071-5044bb0c0000 pid=3259 clone guuid=603e0322-2200-0000-9071-5044bc0c0000 pid=3260 /home/sandbox/x86_64 net send-data zombie guuid=bc2f010d-2200-0000-9071-5044a90c0000 pid=3241->guuid=603e0322-2200-0000-9071-5044bc0c0000 pid=3260 clone guuid=603e0322-2200-0000-9071-5044bc0c0000 pid=3260->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=603e0322-2200-0000-9071-5044bc0c0000 pid=3260->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-15 21:51:17 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=atgttixw6l5ivkkd2zqn4gnxxe62eo52coxlhe5yzrehgpv2wsta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251016-gll7jsvtf1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 04cd39a2f6f2fa8aa943d660de19b7b93da23bba13aeb393b8cc48733ebab4a6

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3679149/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments