MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 426ac46e2e709cee13d92136890f5ddc0f32a935f222c2daa0d18465c51f3421. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	426ac46e2e709cee13d92136890f5ddc0f32a935f222c2daa0d18465c51f3421
SHA3-384 hash:	2dc186cb04267a3cdf3f69b9ddc25402216aa3203a9bc0dbb8f3ae5b5c95df75d6cf6fb9da79de5ee58d14008a087ddc
SHA1 hash:	3cbf87919b05d53f6127ec97110739b51fdb96e5
MD5 hash:	6784acc922750994065bac59a978e9bd
humanhash:	pennsylvania-ten-jersey-hotel
File name:	faith
Download:	download sample
Signature	Mirai Create hunting rule
File size:	709 bytes
First seen:	2025-06-26 05:48:35 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:NLGEULnWKDbnPZw5ZMoOF7+MB05L7pZDx7gDNk8Rj7XCx7XRDNk8R9:sEUSIbK5zOt+MB0h1Z1WkMU7ky
TLSH	T1BF01CBCE6162CC308C925DEA79534519F48DD7C536CF8EC8B1CE4132E99CD083092F5A
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://158.51.126.131/mips	n/a	n/a	elf gafgyt mirai ua-wget
http://158.51.126.131/mipsel	68b7a90ca3d6b4034d4428ee1483178d9a69171090087523ecd8d2314aa60603	Mirai	elf gafgyt mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.32150.LX.BOT.UNOFFICIAL

Verdict:

Clean

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=685ce00fb06783b9ebd7e2e5linux22vpnfull_triage

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/685cdf6ad1f1eb5d81c6ac70/reports/f3114106-23c6-4563-a3e3-433ddc164bed/overview

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/9379c960-9dc0-4de3-b605-e1f1fcaedf53

Behavior Graph:

Download SVG

Score:

94%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/426ac46e2e709cee13d92136890f5ddc0f32a935f222c2daa0d18465c51f3421

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/426ac46e2e709cee13d92136890f5ddc0f32a935f222c2daa0d18465c51f3421/

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2025-06-26 05:52:28 UTC

File Type:

Text (Shell)

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ijvmi3roocoo4e6zee3isd253qhtfkjv6irmfwva2gcglri7gqqq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250626-gkytysfk4t/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/426ac46e2e709cee13d92136890f5ddc0f32a935f222c2daa0d18465c51f3421

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.