MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954
SHA3-384 hash:	e90fab32fe77f257980acb1cb7d8f9d2e807638b38711657ded868f4deadd48cfc6209cd6ea3ae9766fcf8d3aafb7d84
SHA1 hash:	0aba57ca52f2f63fae06e5dff23f27ae97bb931b
MD5 hash:	44ffbacb7329a86b06739bf1ea370520
humanhash:	december-fillet-lemon-romeo
File name:	kitty.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	851 bytes
First seen:	2025-03-20 11:18:07 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:pNUdkQiou9ggBCQ5H2aj2LdnRmKV7zHTo5UdvpztfWv1ZdO2Z79XQRbqkvb:wGhBX5HXvitHzMtZl7JQRJ
TLSH	T1110182B6794160B2742D8D3A53EA4085B14165571D0D4A18320F65791F3F551B8E8D4D
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://213.209.150.48/kitty.sh	04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954	Mirai	censys mirai sh

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67dbf9be115e7b48b48f148flinux22vpnfull_triage

Tags:

trojan agent hype

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67dbf9ab1dd35ee4a0e955c6/reports/05420ecf-eb3f-41ce-abb8-d29334b3ee82/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954/

Threat name:

Win32.Trojan.Mirai

Status:

Malicious

First seen:

2025-03-20 11:18:43 UTC

File Type:

Text (Shell)

AV detection:

4 of 24 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=atrcjwvwdjuoynnr6q4iruvj76g57mqrsfp5zfhvxrpva6m6jfka._file

Result

Malware family:

n/a

Score:

9/10

Tags:

credential_access defense_evasion discovery execution linux persistence privilege_escalation

Link:

https://tria.ge/reports/250320-nekhpsvn15/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Changes its process name

Reads process memory

Creates/modifies Cron job

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Renames itself

Unexpected DNS network traffic destination

Contacts a large (31779) amount of remote hosts

Creates a large amount of network flows

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.37

Link:

https://yomi.yoroi.company/submissions/04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 04e224dab61a68ec35b1f43888d2a9ff8ddfb211915fdc94f5bc5f50799e4954

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3483670/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample