MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4
SHA3-384 hash: c0f7a41227b1ffeb7f26c4786fefec7cfd53550f106499b47cce96a9ba83284cd8f8add43289b28541d7f0a3e6530d09
SHA1 hash: a5c4a07a6628d34f34ca3fccb2a4e8c3a2caec88
MD5 hash: 2c1164b35569e6e36ee4f3ec05889e85
humanhash: violet-failed-video-leopard
File name:o
Download: download sample
Signature Mirai
Create hunting rule
File size:447 bytes
First seen:2025-07-28 20:22:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:wuzeJwmMSfmMS02mMS9umMSfhmMSfcmMSs:wuzeJw0beWGe9H
TLSH T10AF0659296447871F8CFB0A3BA47CB4F857150D70C135C30F848D5A8DC84C786C91F45
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.176.20.59/mips7cd5fb5b6d94ac2acf16f8904f6f307f47710df1d51129d55e70590a52dcf823 Miraielf gafgyt mips mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
26
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fd256d83-cdd0-467d-9168-198b33669869
Behavior Graph:
Download SVG
%3 guuid=dba22901-1b00-0000-0974-56f1ab0e0000 pid=3755 /usr/bin/sudo guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766 /tmp/sample.bin guuid=dba22901-1b00-0000-0974-56f1ab0e0000 pid=3755->guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766 execve guuid=cf2af403-1b00-0000-0974-56f1b90e0000 pid=3769 /usr/bin/rm guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=cf2af403-1b00-0000-0974-56f1b90e0000 pid=3769 execve guuid=8c118a04-1b00-0000-0974-56f1bc0e0000 pid=3772 /usr/bin/wget net send-data write-file guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=8c118a04-1b00-0000-0974-56f1bc0e0000 pid=3772 execve guuid=a8871046-1b00-0000-0974-56f1b60f0000 pid=4022 /usr/bin/chmod guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=a8871046-1b00-0000-0974-56f1b60f0000 pid=4022 execve guuid=91d24946-1b00-0000-0974-56f1b70f0000 pid=4023 /usr/bin/dash guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=91d24946-1b00-0000-0974-56f1b70f0000 pid=4023 clone guuid=80eac246-1b00-0000-0974-56f1bb0f0000 pid=4027 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=80eac246-1b00-0000-0974-56f1bb0f0000 pid=4027 execve guuid=68768751-1b00-0000-0974-56f1e40f0000 pid=4068 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=68768751-1b00-0000-0974-56f1e40f0000 pid=4068 execve guuid=52e6a45a-1b00-0000-0974-56f102100000 pid=4098 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=52e6a45a-1b00-0000-0974-56f102100000 pid=4098 execve guuid=08d82c5b-1b00-0000-0974-56f105100000 pid=4101 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=08d82c5b-1b00-0000-0974-56f105100000 pid=4101 execve guuid=ab70ce5b-1b00-0000-0974-56f106100000 pid=4102 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=ab70ce5b-1b00-0000-0974-56f106100000 pid=4102 execve guuid=2308555c-1b00-0000-0974-56f10a100000 pid=4106 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=2308555c-1b00-0000-0974-56f10a100000 pid=4106 execve guuid=5186e15c-1b00-0000-0974-56f10e100000 pid=4110 /usr/sbin/xtables-nft-multi guuid=379b9703-1b00-0000-0974-56f1b60e0000 pid=3766->guuid=5186e15c-1b00-0000-0974-56f10e100000 pid=4110 execve 58517d70-7b02-5fe6-86d3-049c9f17a9ed 103.176.20.59:80 guuid=8c118a04-1b00-0000-0974-56f1bc0e0000 pid=3772->58517d70-7b02-5fe6-86d3-049c9f17a9ed send: 132B
Score:
18%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4/
Threat name:
Script.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2025-07-28 21:42:55 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifckti4qnlanvthr6gpvgabon7zrddhjzydjsoaxjwa3idhebp2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4144a9a3906ac0daccf1f19f53002e6ff3118ce9ce069938174d81b40ce40bf4

(this sample)

Mirai

elf 4c83b3de558a5fab6b3b96372f3fb3cdb1829792bf31baa3a960a68e15585cff

  
URLhaus
https://urlhaus.abuse.ch/url/3591797/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9b14f58fe1855c9283265219b1832aef
  
Dropping
SHA256 4c83b3de558a5fab6b3b96372f3fb3cdb1829792bf31baa3a960a68e15585cff

Comments