MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28
SHA3-384 hash: c768b70c64b39fdca5bb3b8569364a53be4489f8e807a0d5f9a7194c6d7a9215c3c4028c87a20559b981154254bce6cf
SHA1 hash: 5ce1a4ebc467b0bfe368fcc8f565da520fa95544
MD5 hash: 214c3873a5c74bfa0a482ad248f7e126
humanhash: fruit-kansas-yellow-echo
File name:huh.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'661 bytes
First seen:2025-01-05 14:16:55 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:CxwR2wR1wR5wR0wR7wR6wRxkwRlwR2kwRowRSwROkwe:qXAk
TLSH T1217183C7F875A5312C92981277F583147F9D8ED6C2E75EF5AADAEA68C1CCC00E2852C1
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.x86a297dc164481a17e147069520c0c9ad0463078d7ea0879843d57e35d0b85d5c1 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.mips2e3707b84c691b4c68d2826be50ece7ce989a9eed1076cc8a36e45359f63e96d Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.mpsl20e0fb1af9aa7d0d162087ad61db439f690706019daa13c7998742bff28c4799 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.arm3ae451c82cef941a17d4c07f469999fe77f92d2fdd4c08436109a99c024ac3d5 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.arm51a4850b502e0600c3ed6c9916cb9f7d8ee161fc42932f62daa47cd31cee84716 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.arm6561c9149f751a26a64c14b7d7138060fd76b9785ce286f70a8550c6d0064c8cc Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.arm739081308223a95724d945655162b54baca50acaaeff5110b45e4ec521ac5e603 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.ppce424be2a22b2468925b571933735e518b5f2f5ae8e1a1588ed31c42ed9e4984d Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.m68k0238b4523a250517d9392e65fef42570986e9e6a53c5fc956e7dcf423e84b0f7 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.spc56c23ee9e82b9c504019a97cc8d44b67adeed6f178e8503fadeebb8d6145c71a Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.i686da38e3f623a52bf9faaace39b6dfc6bf4e91a92ad8b13679a9e7869c8b93c362 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.sh414ebac85bde4bafab65f795eb7f10465ee2a2eb9f28edf1e6722826dff1a9651 Miraielf mirai ua-wget
http://vmi2357498.contaboserver.net/x0ox0ox0oxDefault/z0r0.arc1a381ad0e1783201fe561aacce4a86912462bd14ed6e8560feabea029a7a97f7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677ac4d3c029bd73f2832294linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug masquerade
Link:
https://www.filescan.io/uploads/677a946b4623b7f2c0ac9d15/reports/ab4029c7-eec1-40ac-bac5-77a8e0fcbe4e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28
Result
Verdict:
MALICIOUS
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28/
Threat name:
Win32.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-05 14:06:16 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ihkailvsjzlej4nb64njnw3p6dwpqxv7lzsakn2ki53en4bw5iua._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250105-v9edha1lax/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 41d4042eb24e5644f1a1f71a96db6ff0ecf85ebf5e6405374a477646f036ea28

(this sample)

Mirai

elf a297dc164481a17e147069520c0c9ad0463078d7ea0879843d57e35d0b85d5c1

  
URLhaus
https://urlhaus.abuse.ch/url/3389804/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3390371/
  
URLhaus
https://urlhaus.abuse.ch/url/3390372/
  
Dropping
MD5 1fd64dd326aedc86f9e5cd89016afeb7
  
Dropping
SHA256 a297dc164481a17e147069520c0c9ad0463078d7ea0879843d57e35d0b85d5c1

Comments