MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c
SHA3-384 hash: 5f044da6d4f0a0c123099d1de5ca6b19ba1c1ee804f642145fcc086ca8a59d8412dc3cb7d4263ba3121751328e3dcd6c
SHA1 hash: 33455a028054689ace62639e16a4b86d16df977c
MD5 hash: 6208475dd21568c8d6e98a26730208d7
humanhash: one-xray-missouri-carbon
File name:abc2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:696 bytes
First seen:2026-02-25 19:21:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:GLqvjjNIl5zAQ0LKjnOsLCl/2SEPtaKApiAzfAn:GLqPNI7yKjpG+/tBSdA
TLSH T1C601E1CF2BA1F1458A2CAE14F26B0A547949D7C830700F59AB5A787678ED6107CF4F86
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.116.52.44/arm57cdf9b7eb8e2e7d3348c078254983128382e292b94fc93ddc34ec57ff171b506 Miraielf ua-wget
http://103.116.52.44/arm4004df497ed5b01618e4cc6ae8004532f25418b116837f6df31cb73d4cd173b4 Miraielf ua-wget
http://103.116.52.44/arm660e246f7766e7a1cd0d9dd64af84c5510fdbd978377bb860909ee272f5a904cd Miraielf ua-wget
http://103.116.52.44/arm730c0498fd35cef1aff07d42d50219be22124dcf39eee05fa603f8cd1cdf6ed0f Miraielf ua-wget
http://103.116.52.44/m68k176038a6d13f6de54a869aae84110b837d50f10439bbb4cd4041c4ef7e1a1797 Miraielf ua-wget
http://103.116.52.44/mipsb3a24cb6355026c0a5c8d0516bc9bfb0ece76a4870958277df2fd6aebcf97476 Miraielf ua-wget
http://103.116.52.44/mpsl035d44ff97ce79ee9847878983532ff0343188ab6c48e16b21a69ed154984f52 Miraielf ua-wget
http://103.116.52.44/ppc93d61719977e8fa9079eb13a5e3d6d15c0cce2a5209fbbb40c07433d5c9665f9 Miraielf ua-wget
http://103.116.52.44/sh4284beacfb87f61dc15d3558bab24ffc9a07181d7345295f58e79080610452605 Miraielf ua-wget
http://103.116.52.44/x86c3ef7574153f0c3bf9dd4d75f4526b2f1600e7163c312eebc31090b2546dafcb Miraielf ua-wget
http://103.116.52.44/x86_6461a093eba0b6f69662b6c385ebbb3566f483d90a1000f27cc62674fa1cb67bc4 Miraielf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/699f4be810e80629d4f28e2c/reports/3dad3456-f07f-48f1-a5d5-8c314c23dfc8/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-25 19:22:24 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqrndtx5qt4t2spb6iufgwhvo6krtwhg46k7tn3aug7yw7pcje6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260225-x3b1xabx3d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2422d1cefd84f93d49e1f2285358f5779519d8e6e795f9b760a1bf8b7de2493c

(this sample)

Mirai

elf 7cdf9b7eb8e2e7d3348c078254983128382e292b94fc93ddc34ec57ff171b506

  
URLhaus
https://urlhaus.abuse.ch/url/3779635/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a53a4562413a863be84ac7264d9f29ab
  
Dropping
SHA256 7cdf9b7eb8e2e7d3348c078254983128382e292b94fc93ddc34ec57ff171b506

Comments