MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c
SHA3-384 hash: 6590446464d389fa70491e66adea83a78b1b10ae8ea3b5049f6f8370c41deddef653e4bdae0216cdaa5fa74c0e42b872
SHA1 hash: de00f7c0a8eac2c0b5132b849aa201a33e15678e
MD5 hash: 6fa439591c829bb1ef03ae7ca5d1ae1a
humanhash: alpha-william-one-fix
File name:x.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:725 bytes
First seen:2025-12-05 18:22:14 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:6h+0jUah+sLqUah+6NIl5zAUah+H0LKjUahFtaKAUah++7nUahVCUahPFEUahHjK:I+0go+sL7o+6NI75o+SKgoFtBlo+oUoc
TLSH T15E011EFE225E9275094C4D41F06E8818766B8BE66071CF4C644CB4B17698E247163F58
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/arm7effcd4169edfb6ee63f1ee384950a19fe8b3187e07a5e8849ef9e921dabb413 Miraielf mirai ua-wget
http://213.209.143.64/arm5c1a704fbb0fb0a441537da2e3571b21f697bc3cc371c985af7789737e3f3ef70 Miraielf mirai ua-wget
http://213.209.143.64/arm6d093e3e8633a4b992141153ba4a9189a0bcae6422e96141f6caeacf27dcd0655 Miraielf mirai ua-wget
http://213.209.143.64/arm7f6a697c5b3d4fd4a10ac00d2c1d95d5a42860aca0cd027f2c161c0a6a1103f0a Miraielf mirai ua-wget
http://213.209.143.64/sh41bde6e79df9ba33e31a7065024ae290361ff274a321cb28ca202b387000a1d47 Miraielf mirai ua-wget
http://213.209.143.64/arcn/an/aelf ua-wget
http://213.209.143.64/mipsbd9c65cc309aa6ef706f8c9681de4cc39c32aa4291072722519b6baab55f349b Miraielf HailBot mirai ua-wget
http://213.209.143.64/mipsln/an/aelf ua-wget
http://213.209.143.64/spc6368f9ffa69fba36d70a566253d2c4706457dcc86a49198953bfb2c7db5fb1ba Miraielf HailBot mirai ua-wget
http://213.209.143.64/x86ce527b630754a440a5e2bb447e34100818291bbc78513533429e148e580eac91 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/693322eabc15eab491f57c56/reports/32a60184-9231-4945-b281-b530e565b678/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T20:50:00Z UTC
Last seen:
2025-12-05T21:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:25:49 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iemfilusgbypkq7gh6chzbiidicszf4gup4kezkibvaqchcpqkoa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-w2ejzahy9g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4118542e923070f543e63f847c85081a052c9786a3f8a265480d41011c4f829c

(this sample)

Mirai

elf b5aff27502187e841763ff681cf081d735f719a7c06b1dbb79d4a34bd494d850

  
URLhaus
https://urlhaus.abuse.ch/url/3726414/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b80a5b557bc108aa69502b1bc220f5b3
  
Dropping
SHA256 b5aff27502187e841763ff681cf081d735f719a7c06b1dbb79d4a34bd494d850
  
URLhaus
https://urlhaus.abuse.ch/url/3727620/

Comments