MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e
SHA3-384 hash: 8e168e772bf6a8edb058c061cae8dae0405ef7905ec3576802cfadce6927c6df696d2257b009b1ae14aefa8cab362479
SHA1 hash: e29c4b9790332c6bef2174e531bcef3d3eb8dd7a
MD5 hash: 4629c3e1df7d8f4229d84c07f3f1f180
humanhash: spring-arizona-massachusetts-steak
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:1'770 bytes
First seen:2025-05-07 17:27:03 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:QvZi4w8D0kq7izSj8vTkxWiOSOMvxfyzJ:AZiLfTQJ
TLSH T1AF31FA987CA19F279601DF86F3324225B603DE8B80D00E5DA5AA107DDCBC918357AE1B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.29.68/mipsf84d591eb643e47542bf9665307d909fcb252b170f31280b6c18f6dac877fdc9 Miraicensys elf mirai ua-wget
http://103.149.29.68/mpsl147125b7314161e8eeaacc8887ec43c85f38936bd96c534276ac90c97594fd56 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm4db24eade25ad55c9f76db969f88ae866d330d2d2d30d85533ec9831bfaa0b55c Miraicensys elf mirai ua-wget
http://103.149.29.68/arm57acfedd2b92a0d344c1ae07d037be2dadcf1f27f64fbd72c18ceb03d53c2d6b9 Miraicensys elf mirai ua-wget
http://103.149.29.68/arm744ae290eefb70f644382bd2f1ff6232150ba5872b8a4d7feef1fe45e2371de94 Miraicensys elf mirai ua-wget
http://103.149.29.68/ppcac75e324b6f26b2629d51d72732c97275cbb0b7d1082adaa3172ce279ef86a42 Miraicensys elf mirai ua-wget
http://103.149.29.68/sh4aa83d64c92decfb4ef8ad8aa9f8d7a6f30c9b6128ddaea3d7d20acf451acc3f7 Miraicensys elf mirai ua-wget
ftp://3.149.29.68:8021/mipsn/an/an/a
ftp://3.149.29.68:8021/mpsln/an/an/a
ftp://3.149.29.68:8021/arm4n/an/an/a
ftp://3.149.29.68:8021/arm5n/an/an/a
ftp://3.149.29.68:8021/arm7n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681ba16291991ead82b5e76blinux22vpnfull_triage
Tags:
trojan hype sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681b97fe0b64e174c41c55e7/reports/6f830de7-e9d7-45c2-a708-d9a5d8bfad62/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-07 18:05:31 UTC
File Type:
Text (Shell)
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ioc2676zx3mhx4vvsxj5efwudhlnmszmqck2ywbrqug6gvw5hm7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250507-wpdrxavsaw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4385af7fd9bed87bf2b595d3d216d419d6d64b2c8095ac5831850de356dd3b3e

(this sample)

Mirai

elf 0a9d0e12b6a35c38b4c099d219f726ac86f6c14f860c1d72677132a01adf0007

  
URLhaus
https://urlhaus.abuse.ch/url/3537890/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fcd6d4fe244e689a14ebc3e1d10d2284
  
Dropping
SHA256 0a9d0e12b6a35c38b4c099d219f726ac86f6c14f860c1d72677132a01adf0007

Comments