MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0
SHA3-384 hash: 106057407bea382e28a7e90a4eb53fdd3019ddf8873656c13be754053ec22b4cb6dfbb3e53a1fe36e3a6e8dbbdf9dadd
SHA1 hash: 182f0e844ab91c0dc7608637b92d6b830ec03170
MD5 hash: e610ba439221d4ff69275551f3bf1fb8
humanhash: glucose-berlin-xray-uniform
File name:cat.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'680 bytes
First seen:2025-08-22 05:53:05 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:jtqzuZm9NbG9m5SzHebm5KZdtlYBoCad69WRI:yJZdwv
TLSH T1DA3144C9D3A09ED2C692CE60B871D7C893FD95CAAA91CBB0A44F1C61D8DE9407C3572D
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.248.150.68:84/x86_64b67f7fe1169e6c6139b92f3d3daee8ba1bb19b3c1c3267f29cbbd1a4f7d09b93 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/aarch64f38db67a038dec44df5b6d3e4a36b81f05574f7105da26bd75d64bd701ae1399 Miraielf mirai ua-wget
http://87.248.150.68:84/m68kc9328f788c095471ba7ba4a9bf702bcda6e5e7d20119da8db261279bd1333211 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/mips42fbc617be354079673bd2fe0ddca9980e834e631681cf5460cd87eb39e2391e Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:84/mipsel10042c1b8692a8bf567a8be9a20f52b333aaeb79f5a60fb8ae9dc9a1a32bf323 Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:84/powerpcc8393ef6fa63cb5e8df05f72037b6505bf7f5591fee32881a84c5fa639fc3da5 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/sparcb8e1835879b4aeb84fcaf19d9775adb28848bc031e0634df5f092cc27136fa5e Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/sh4805f7622938b17b78660339b7c353edfb470ab1df42274c17a5b9a758a58fce6 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/arc20c7fe63ea801e2b60bd06e6568dfa1afb8f5a10950d06ce84269737d2e9e867 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/i486a7c7a4e2f42040cd94d2dc2104a93c86b2c5a83b7f113861a1184eda2752073f Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/armv4l6f435eb2236d179a36333f714817b0e83c536600faf3a5559af200d25304df4f Miraielf gafgyt geofenced mirai ua-wget USA
http://87.248.150.68:84/armv5l6b895dd5abe5372171cb9571f6afb129c678559602d17730762cb86797a559a7 Miraielf gafgyt geofenced mirai ua-wget USA
http://87.248.150.68:84/armv6l06dfacf4bb22758e1743be816e982b9af64da11c4889ecf68009469a5e5b1b67 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/armv7l40b70454a2e34804db7ee8e6eed43bcf55f1bab7b6473bce7e1b0e6ae3a5aab7 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.683.29037.14413.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-22 03:41:35 UTC
AV detection:
11 of 38 (28.95%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idlmjxcbtekro4qd5gmnfyfusl2hb563co2fzkbuf2gwti26isqa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/250822-gmcdqszzev/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Enumerates running processes
Modifies init.d
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 40d6c4dc419915177203e998d2e0b492f470f7db13b45ca8342e8d69a35e44a0

(this sample)

Mirai

elf ec07f47a1a1c0a74f99c0a1ed44c94d4536a736064020e73e0c842573c32a28d

  
URLhaus
https://urlhaus.abuse.ch/url/3608779/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7335dad5b8af7994f987aad33188035c
  
Dropping
SHA256 ec07f47a1a1c0a74f99c0a1ed44c94d4536a736064020e73e0c842573c32a28d
  
URLhaus
https://urlhaus.abuse.ch/url/3608935/
  
URLhaus
https://urlhaus.abuse.ch/url/3608938/
  
URLhaus
https://urlhaus.abuse.ch/url/3608939/
  
URLhaus
https://urlhaus.abuse.ch/url/3608940/

Comments