MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3
SHA3-384 hash:	4ef071ad8ac7ca7d1fc33da45026df1dbe7597f77f812c9db9e91652633382dc0688622ed19f9aebcbf312205b96a34a
SHA1 hash:	6d9e42ab676515b997ed923202ef34a6cbc02e49
MD5 hash:	e920e8e746881012e701f528bd5f7e95
humanhash:	magazine-speaker-mockingbird-music
File name:	tbk
Download:	download sample
Signature	Mirai Create hunting rule
File size:	677 bytes
First seen:	2026-03-25 03:32:39 UTC
Last seen:	2026-03-25 06:39:57 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:BN1n1UoFaJewzpOWNn+031nviEU5JewtXpZt+JGy:7qB6BK
TLSH	T16D018FD20332EB75B8957D1970B1758A63C7FEA4219E6F8CF9B8492114598B0B801B69
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://162.248.102.107/n2/armv5l	471a9b058e62d97215ef1dd291d8a20f7993cc2b2d925989c1e351c5f539bc52	Mirai	arm elf mirai ua-wget

Intelligence

File Origin

# of uploads :

72

# of downloads :

23

Origin country :

DE

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive

Link:

https://www.filescan.io/uploads/69c383cc78128e2f15dd683a/reports/9319a262-aa8b-4dd8-a0d4-f0eab1a6292a/overview

Verdict:

Malicious

File Type:

text

Link:

https://opentip.kaspersky.com/3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/b8b7ab89-4d83-4114-8208-f60aa79912ff

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3/

Threat name:

Script.Downloader.Heuristic

Status:

Malicious

First seen:

2026-03-25 04:26:41 UTC

File Type:

Text (Shell)

AV detection:

4 of 24 (16.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ha424vqlgezy77varfez6mlaqfqf6skrzwmav2ctktjxbn4xugzq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260325-hghh8sbs71/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 3839ae560b31338ffea089499f316081605f4951cd980ae85354d370b797a1b3

(this sample)

elf c7a44949071a475a85d9b6858afbbd7ac1e6405fd9857e376e220341eeb33b1e

elf 1ebb00f9161825d2827bc90a2efa80dae9911d26b01f38879a27f2176954ea2e

URLhaus

https://urlhaus.abuse.ch/url/3804517/

Delivery method

Distributed via web download

Dropping

MD5 c87638699d89be33d0d1b8cb7f1e664d

Dropping

SHA256 1ebb00f9161825d2827bc90a2efa80dae9911d26b01f38879a27f2176954ea2e

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample