MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa
SHA3-384 hash: f93509dc5eebf4abacdf6ad0caee7fa2c0f3a0e592b290e60f658a2222dce6c62cd0f75a58a1aa6619411d5bc2873323
SHA1 hash: 8eb43c376fb2e4320247514695c565e27eab9818
MD5 hash: 1147992be8b943b9feff075603ce973f
humanhash: high-virginia-nine-magnesium
File name:pulse
Download: download sample
Signature Mirai
Create hunting rule
File size:2'863 bytes
First seen:2026-02-08 16:48:43 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vNKNQKNqKN0KNuKNBezEKNLKNqKNlKNkKNqKNPFUfKNjKNmKa:vNKNQKNqKN0KNuKN4EKNLKNqKNlKNkKb
TLSH T1B65180C4B392AA30EFB25D5A75F5401470E0F095E7C7EE85D0EC66BC054EF0D94A8BA2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.210.195/bins/sora.x86725e13862af947197344fcb7ab345488a74762b936e841237df7f433fcbc31d8 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.mipsdec39ef87e6860891a50f3184cb34a0d6b9f80400091f181c68cefb2cdb3e4a4 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.x86_64163a4b5be84e43243e6ccf8c9244e24e04c3429308a563ab20423f2970c65c33 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.i468n/an/aelf ua-wget
http://158.94.210.195/bins/sora.i686ee98b5fd6ee15fe38e33baf14028d87592a86b3efa666d411bc283214b34dac2 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.mpsl96a33a462b4026fa48a0bf747fa37915c04d4bce7f9052effe1767559bf6fa24 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm4n/an/aelf ua-wget
http://158.94.210.195/bins/sora.arm57dcbe81f748cc63db9d293c2dedebb86a9fd2299d9bd50043437c5a75107a64b Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm63a9659465e555c2e7d6ded5e96b14301a7a1fadc539ea6a32383db5250cd5778 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.arm732de63a0ea3a16d33fa478b59d9ac4ca503eabff97a35c5a4d9fa6e841479c28 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.ppc824247c83d959b72bf2287af03ea5a96c496ff7eb077596e4d363e3e04994ced Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.ppc440fpn/an/aelf ua-wget
http://158.94.210.195/bins/sora.m68k5408fbe38b20d2a90df7f4da3f41224a7769ea9ed5ca00442c344afb64cc8306 Miraielf mirai ua-wget
http://158.94.210.195/bins/sora.sh47754516998ed27fc3572da4127e51c381f0ceba586e0b32da846c14fd604cb00 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 16:45:10 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iern3rwktoooqo7stixzrkkg7mqrl6vb6cl7mznygp6hv3gzckva._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:sora antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260208-vbss8sbv4a/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (46223) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4122ddc6ca9b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4122ddc6ca9b9ce83bf29a2f98a946fb2115faa1f097f665b833fc7aecd912aa

(this sample)

Mirai

elf cf8251428340b51e9bc5dfb2ca525ac328f2a46846d1db580e3712f280f97a07

Mirai

elf 725e13862af947197344fcb7ab345488a74762b936e841237df7f433fcbc31d8

  
URLhaus
https://urlhaus.abuse.ch/url/3774592/
  
Delivery method
Distributed via web download
  
Dropping
MD5 305495e9dc5bae2c8eb77eb3fd51d04c
  
Dropping
SHA256 725e13862af947197344fcb7ab345488a74762b936e841237df7f433fcbc31d8

Comments