MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76
SHA3-384 hash:	bb1240dcff8bfad954e35a57d73a35f8db434b026ae779e1b50ac05b419f5642e0e84943d0ceb796d1dc68735e1b092c
SHA1 hash:	2f559a4a699efd61d610838ba3e254e80dc3a6c3
MD5 hash:	bb476c3e22738011c377454b83f3fd19
humanhash:	red-steak-michigan-alanine
File name:	k
Download:	download sample
Signature	Mirai Create hunting rule
File size:	548 bytes
First seen:	2026-02-01 07:32:43 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:zmKdge3s3AzdgL3s3A8dgyZ3s3ApHdgyoH3s3AMW5dgy+3s3/:zmKd1csdccxdRZcCdRoHci5dR+c/
TLSH	T19FF054D9601734E1315D5D442273FC14BB91E15C97B12F911DCC18EB8A8CA04B70CE64
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://130.12.180.20:36695/mpsl	fcc742b8f1948c436d4c9037b8cc2aae0200714fd8d4bad28f87a6b45f718603	Mirai	elf geofenced mips mirai ua-wget USA
http://130.12.180.20:36695/mips	115ba7461c23928d82557c16bf70b0b1b06d0dcec8a28622463d349ee696d4b0	Mirai	elf gafgyt geofenced mips mirai ua-wget USA
http://130.12.180.20:36695/arm	1ac2472a7266925354978d482153be974077046d46a8126b9fbd19bd4646eab2	Mirai	elf mirai ua-wget
http://130.12.180.20:36695/arm5	645e42550a44d8d0e0a2abe2b214eed4a608425b4107b9eac8d13a3121f1971a	Mirai	arm elf geofenced mirai ua-wget USA
http://130.12.180.20:36695/arm7	5f522e269bf35cf78d80e6341ec953775adbffaf35871f710255f81d5ca0723c	Mirai	arm elf geofenced mirai ua-wget USA

Intelligence

File Origin

# of uploads :

1

# of downloads :

93

Origin country :

DE

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive mirai

Link:

https://www.filescan.io/uploads/697f02ac981ff1d38a4367f0/reports/9870476c-7b30-4537-af60-4a4be8891d82/overview

Verdict:

Malicious

File Type:

text

First seen:

2026-02-01T04:49:00Z UTC

Last seen:

2026-02-01T04:56:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/f595bdfd-3ee9-4a73-93de-75411828b68b

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2026-02-01 07:16:58 UTC

File Type:

Text (Shell)

AV detection:

10 of 36 (27.78%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cwg2m45cl5du6brcwvgs5pkyymns23lj4jp5bvsluuelvomndr3a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260201-jfw6nsdx8a/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 158da673a25f474f0622b54d2ebd58c31b2d6d69e25fd0d64ba508bab98d1c76

(this sample)

elf fcc742b8f1948c436d4c9037b8cc2aae0200714fd8d4bad28f87a6b45f718603

URLhaus

https://urlhaus.abuse.ch/url/3767080/

Delivery method

Distributed via web download

Dropping

MD5 8cf35e8a597f814508927e1382a8d503

Dropping

SHA256 fcc742b8f1948c436d4c9037b8cc2aae0200714fd8d4bad28f87a6b45f718603

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample