MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b
SHA3-384 hash: ad305cf079316a8acb4e4bfc8f96c28cccbdd468b397aa39b51edeae2cc5e8983483cc978b6b0e4b6dd66a71ab95b083
SHA1 hash: 2eeefed951f82456544d40c58068674e175f1069
MD5 hash: f267ba3b60d71b8e327e2d67e1cda1b8
humanhash: music-idaho-item-kentucky
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:861 bytes
First seen:2025-08-27 06:14:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:nlxaWTXTWTONIpM5WT2KlRWT5WTmsWTrWT8WTqWT83WT26O:HaWLTWxuWSURWVWRWPWQWWWw3WiH
TLSH T1FD11D2DA43A235B202948FC5746AAC14B044DAC07647DA5CFDCC09B95ECBB6A7129F8F
Magika html
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.138.16.158/bins/parm95a16d89bb5da774efcba66a80ef843a62ef3fb96dd4eefc9662315a1d481d8a Miraielf mirai ua-wget
http://45.138.16.158/bins/parm539b6b6d9ffecbf4123bbce9254ef52a53f687faf00b8256997cb581c9db9d97a Miraielf mirai ua-wget
http://45.138.16.158/bins/parm6b3a6eb3bd474954fcb2a25090e80142c86f6788d2a4aded225321a2d7951b0c6 Miraielf mirai ua-wget
http://45.138.16.158/bins/parm718acb7139009692c66fb66c620e0e34844df497860a57e8b7095b1769ca592d4 Miraielf mirai ua-wget
http://45.138.16.158/bins/psh4c4c891e901ec7309decc54c9a5a5c94485a3736a806ecffef7dd2e1c6ffe1d5d Miraielf mirai ua-wget
http://45.138.16.158/bins/pmips6f484e15134d6b9e612f93a5f43dd204a856a972ac6591ad8a1770819df42286 Miraielf mirai ua-wget
http://45.138.16.158/bins/pmps1n/an/aelf ua-wget
http://45.138.16.158/bins/pspc143f046b9e8f9d09399912aab6363c5ac4f001dea9a601684447ee03cf63ab3b Miraielf mirai ua-wget
http://45.138.16.158/bins/pm68k8e0d462132373f6e6c2878e939219ffc58b58092e8a9f678cbea6ac8af167da6 Miraielf mirai ua-wget
http://45.138.16.158/bins/px862a1a0b761c5b4e72740aab0db74380f445dbcd58aa0f9e18ffead9e723da0910 Miraielf mirai ua-wget
http://45.138.16.158/bins/pppc1e9e0a6980fedc848bb6ce1c52dec9bb0aabc31d50af8d7ec80af4216db6d239 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a08ccab3-878a-42fc-b838-6468e8ac192f
Behavior Graph:
Download SVG
%3 guuid=7baaa5a0-1900-0000-2990-4c78b50c0000 pid=3253 /usr/bin/sudo guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260 /tmp/sample.bin guuid=7baaa5a0-1900-0000-2990-4c78b50c0000 pid=3253->guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260 execve guuid=9b3ee6a3-1900-0000-2990-4c78be0c0000 pid=3262 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=9b3ee6a3-1900-0000-2990-4c78be0c0000 pid=3262 execve guuid=b39b7ea9-1900-0000-2990-4c78c90c0000 pid=3273 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=b39b7ea9-1900-0000-2990-4c78c90c0000 pid=3273 execve guuid=a1180aaa-1900-0000-2990-4c78cb0c0000 pid=3275 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=a1180aaa-1900-0000-2990-4c78cb0c0000 pid=3275 clone guuid=2e8b3cab-1900-0000-2990-4c78d00c0000 pid=3280 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=2e8b3cab-1900-0000-2990-4c78d00c0000 pid=3280 execve guuid=98ab9fb0-1900-0000-2990-4c78dd0c0000 pid=3293 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=98ab9fb0-1900-0000-2990-4c78dd0c0000 pid=3293 execve guuid=78e2ecb0-1900-0000-2990-4c78de0c0000 pid=3294 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=78e2ecb0-1900-0000-2990-4c78de0c0000 pid=3294 clone guuid=36fad8b1-1900-0000-2990-4c78e10c0000 pid=3297 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=36fad8b1-1900-0000-2990-4c78e10c0000 pid=3297 execve guuid=dfce4bb7-1900-0000-2990-4c78ec0c0000 pid=3308 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=dfce4bb7-1900-0000-2990-4c78ec0c0000 pid=3308 execve guuid=af18acb7-1900-0000-2990-4c78ed0c0000 pid=3309 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=af18acb7-1900-0000-2990-4c78ed0c0000 pid=3309 clone guuid=042164b8-1900-0000-2990-4c78f00c0000 pid=3312 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=042164b8-1900-0000-2990-4c78f00c0000 pid=3312 execve guuid=b37924bf-1900-0000-2990-4c78020d0000 pid=3330 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=b37924bf-1900-0000-2990-4c78020d0000 pid=3330 execve guuid=2be558bf-1900-0000-2990-4c78030d0000 pid=3331 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=2be558bf-1900-0000-2990-4c78030d0000 pid=3331 clone guuid=3c5de1bf-1900-0000-2990-4c78060d0000 pid=3334 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=3c5de1bf-1900-0000-2990-4c78060d0000 pid=3334 execve guuid=a81b8cc6-1900-0000-2990-4c78170d0000 pid=3351 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=a81b8cc6-1900-0000-2990-4c78170d0000 pid=3351 execve guuid=d96df1c6-1900-0000-2990-4c781a0d0000 pid=3354 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=d96df1c6-1900-0000-2990-4c781a0d0000 pid=3354 clone guuid=6d2e9ac7-1900-0000-2990-4c781d0d0000 pid=3357 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=6d2e9ac7-1900-0000-2990-4c781d0d0000 pid=3357 execve guuid=189cd1cc-1900-0000-2990-4c782a0d0000 pid=3370 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=189cd1cc-1900-0000-2990-4c782a0d0000 pid=3370 execve guuid=133612cd-1900-0000-2990-4c782c0d0000 pid=3372 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=133612cd-1900-0000-2990-4c782c0d0000 pid=3372 clone guuid=f15498cd-1900-0000-2990-4c782f0d0000 pid=3375 /usr/bin/busybox net send-data guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=f15498cd-1900-0000-2990-4c782f0d0000 pid=3375 execve guuid=1fc155d1-1900-0000-2990-4c78360d0000 pid=3382 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=1fc155d1-1900-0000-2990-4c78360d0000 pid=3382 execve guuid=986fbed1-1900-0000-2990-4c78380d0000 pid=3384 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=986fbed1-1900-0000-2990-4c78380d0000 pid=3384 clone guuid=f23cd1d1-1900-0000-2990-4c78390d0000 pid=3385 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=f23cd1d1-1900-0000-2990-4c78390d0000 pid=3385 execve guuid=b6a2bad8-1900-0000-2990-4c784a0d0000 pid=3402 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=b6a2bad8-1900-0000-2990-4c784a0d0000 pid=3402 execve guuid=120dfcd8-1900-0000-2990-4c784c0d0000 pid=3404 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=120dfcd8-1900-0000-2990-4c784c0d0000 pid=3404 clone guuid=8baf7dd9-1900-0000-2990-4c78500d0000 pid=3408 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=8baf7dd9-1900-0000-2990-4c78500d0000 pid=3408 execve guuid=25e07be0-1900-0000-2990-4c78660d0000 pid=3430 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=25e07be0-1900-0000-2990-4c78660d0000 pid=3430 execve guuid=73e6d9e0-1900-0000-2990-4c78670d0000 pid=3431 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=73e6d9e0-1900-0000-2990-4c78670d0000 pid=3431 clone guuid=31786fe1-1900-0000-2990-4c786b0d0000 pid=3435 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=31786fe1-1900-0000-2990-4c786b0d0000 pid=3435 execve guuid=dab9b7e6-1900-0000-2990-4c787c0d0000 pid=3452 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=dab9b7e6-1900-0000-2990-4c787c0d0000 pid=3452 execve guuid=b2941de7-1900-0000-2990-4c787e0d0000 pid=3454 /home/sandbox/px86 delete-file net guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=b2941de7-1900-0000-2990-4c787e0d0000 pid=3454 execve guuid=49ff87e7-1900-0000-2990-4c78810d0000 pid=3457 /usr/bin/busybox net send-data write-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=49ff87e7-1900-0000-2990-4c78810d0000 pid=3457 execve guuid=27ff46ee-1900-0000-2990-4c78940d0000 pid=3476 /usr/bin/chmod guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=27ff46ee-1900-0000-2990-4c78940d0000 pid=3476 execve guuid=1a5c82ee-1900-0000-2990-4c78960d0000 pid=3478 /usr/bin/dash guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=1a5c82ee-1900-0000-2990-4c78960d0000 pid=3478 clone guuid=5cc154ef-1900-0000-2990-4c789a0d0000 pid=3482 /usr/bin/rm delete-file guuid=fe9d83a3-1900-0000-2990-4c78bc0c0000 pid=3260->guuid=5cc154ef-1900-0000-2990-4c789a0d0000 pid=3482 execve acfe3e17-3cf6-5059-a54d-17895a0ecd03 45.138.16.158:80 guuid=9b3ee6a3-1900-0000-2990-4c78be0c0000 pid=3262->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 85B guuid=2e8b3cab-1900-0000-2990-4c78d00c0000 pid=3280->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=36fad8b1-1900-0000-2990-4c78e10c0000 pid=3297->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=042164b8-1900-0000-2990-4c78f00c0000 pid=3312->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=3c5de1bf-1900-0000-2990-4c78060d0000 pid=3334->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 85B guuid=6d2e9ac7-1900-0000-2990-4c781d0d0000 pid=3357->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=f15498cd-1900-0000-2990-4c782f0d0000 pid=3375->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=f23cd1d1-1900-0000-2990-4c78390d0000 pid=3385->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 85B guuid=8baf7dd9-1900-0000-2990-4c78500d0000 pid=3408->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 86B guuid=31786fe1-1900-0000-2990-4c786b0d0000 pid=3435->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 85B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=b2941de7-1900-0000-2990-4c787e0d0000 pid=3454->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456 /home/sandbox/px86 net send-data zombie guuid=b2941de7-1900-0000-2990-4c787e0d0000 pid=3454->guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456 clone guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 58a084c5-9e6b-5745-90ad-9f44a64dfe1c 45.138.16.158:18129 guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456->58a084c5-9e6b-5745-90ad-9f44a64dfe1c send: 14B guuid=4dc08ce7-1900-0000-2990-4c78820d0000 pid=3458 /home/sandbox/px86 guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456->guuid=4dc08ce7-1900-0000-2990-4c78820d0000 pid=3458 clone guuid=f6fa90e7-1900-0000-2990-4c78830d0000 pid=3459 /home/sandbox/px86 guuid=30a77ce7-1900-0000-2990-4c78800d0000 pid=3456->guuid=f6fa90e7-1900-0000-2990-4c78830d0000 pid=3459 clone guuid=49ff87e7-1900-0000-2990-4c78810d0000 pid=3457->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 85B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b/
Threat name:
Document-HTML.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-08-26 20:27:15 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzgduv2x5xc6m7k4cbrn6xfod4yp6j2kqciujh5plng7iswsryvq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250827-g1fcjsxkt6/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2e4c3a5757edc5e67d5c1062df5cae1f30ff274a8091449faf5b4df44ad28e2b

(this sample)

Mirai

elf eb6d797683b6e4544f84968c43b73914c7a38c30fa567586b1f6cc9e5a9d53fb

Mirai

elf bf90d308fc669cddda9680e835cf37804e501dce2e94ad428a2cb80b4e9b8752

  
URLhaus
https://urlhaus.abuse.ch/url/3612343/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d67cd7bec27acc510089a1e611254f20
  
Dropping
SHA256 bf90d308fc669cddda9680e835cf37804e501dce2e94ad428a2cb80b4e9b8752

Comments