MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406
SHA3-384 hash: b3fd7512f6bcd540369c56ec2a52123ad8f6f4f1162e8e4d9517ab9485daaa85539171e9d6dc7588c44ecfb901ecb0f7
SHA1 hash: b915550829ffbab4f3adb1331cbcb3dc7292040d
MD5 hash: c51c4c06c2e868c8e99ec8a417312ba1
humanhash: november-north-spaghetti-yellow
File name:pl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:741 bytes
First seen:2025-11-10 17:22:50 UTC
Last seen:2025-11-10 21:55:13 UTC
File type: sh
MIME type:text/plain
ssdeep 6:SAkjKALtL0BXCYHHuQtttLm/lGBf9GjOV9VmDVq0FjBWx7d1sdHtdNd28d2/d2d:c9XADIjOkU7ot3ky
TLSH T14101938E9220552EA8ECDD3C35FD0500FC39858834A21B28ECD8483784D6961BD98E5E
Magika csv
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.30.136.37/main_arm87adf29f3b9a4f29a1166de9b1280236b4908122081007d17ab31b579223fcc7 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_arm542f418e36e22a568b1826f04ba3f957a9fec099c9f8d8ff31484d2342070a696 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_arm68027b93b64f06c420b4d15705e6a5b8b3625a14444c3d26c795649e2ad2abd70 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_arm7b49f839a04fbada7d00e1ada4248c7fa94ef60763a9a01a2875b53620ec8e43c Miraicensys elf mirai ua-wget
http://160.30.136.37/main_m68kb7b446883d2249c4cb3f23c5c48d7099b45e3dcf22258544a6c092a5081469ca Miraielf FBI mirai ua-wget
http://160.30.136.37/main_mipsc609f4ed0e75030800aff9b6b724f3fd9fa22fcba767d70fbbcf6d446548338e Miraielf FBI mirai ua-wget
http://160.30.136.37/main_mpsl7ffc21787706c06a028f7d798b91c75e7b9a6fcd4426b03c2a04944d24daec10 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_ppc30b7a9ad0ec3e9537ca0e8d6fb8b89ebb78f82294a808e2f2820f7893dd31867 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_sh43492537a406df5a5a20d61958a97e6e1c3dbc4f5f51657615cfe36d33f3314c2 Miraielf FBI mirai ua-wget
http://160.30.136.37/main_x86767ca499e9a7b6f1ef385f1f15233d07de1bf929af4a685afacae59d8e092ffa Miraicensys elf mirai ua-wget
http://160.30.136.37/main_x86_6408aef7f08c30632f7eabe7a9cd9c0b92586cdcbefa331ccad566f799969918b7 Miraielf FBI mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.28057.31419.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69121f86d63f755c32c46883/reports/f0c5129c-93b0-4217-8839-fa314dc68fe7/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-10T15:35:00Z UTC
Last seen:
2025-11-10T16:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f015fb3a-ec8d-4d64-8278-bef98536ea00
Behavior Graph:
Download SVG
%3 guuid=a0667a9c-1800-0000-48f9-0d43040b0000 pid=2820 /usr/bin/sudo guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824 /tmp/sample.bin guuid=a0667a9c-1800-0000-48f9-0d43040b0000 pid=2820->guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824 execve guuid=a7c9239f-1800-0000-48f9-0d43090b0000 pid=2825 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=a7c9239f-1800-0000-48f9-0d43090b0000 pid=2825 execve guuid=e4abfae7-1800-0000-48f9-0d43910b0000 pid=2961 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=e4abfae7-1800-0000-48f9-0d43910b0000 pid=2961 execve guuid=1b6a37e8-1800-0000-48f9-0d43920b0000 pid=2962 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=1b6a37e8-1800-0000-48f9-0d43920b0000 pid=2962 clone guuid=5988b4e8-1800-0000-48f9-0d43960b0000 pid=2966 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=5988b4e8-1800-0000-48f9-0d43960b0000 pid=2966 execve guuid=cbed4a36-1900-0000-48f9-0d434a0c0000 pid=3146 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=cbed4a36-1900-0000-48f9-0d434a0c0000 pid=3146 execve guuid=5a08fd36-1900-0000-48f9-0d434b0c0000 pid=3147 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=5a08fd36-1900-0000-48f9-0d434b0c0000 pid=3147 clone guuid=b7fbe937-1900-0000-48f9-0d434e0c0000 pid=3150 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=b7fbe937-1900-0000-48f9-0d434e0c0000 pid=3150 execve guuid=62bfad81-1900-0000-48f9-0d43980c0000 pid=3224 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=62bfad81-1900-0000-48f9-0d43980c0000 pid=3224 execve guuid=37fffc81-1900-0000-48f9-0d439a0c0000 pid=3226 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=37fffc81-1900-0000-48f9-0d439a0c0000 pid=3226 clone guuid=5b41fb82-1900-0000-48f9-0d439d0c0000 pid=3229 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=5b41fb82-1900-0000-48f9-0d439d0c0000 pid=3229 execve guuid=58e20ecd-1900-0000-48f9-0d43060d0000 pid=3334 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=58e20ecd-1900-0000-48f9-0d43060d0000 pid=3334 execve guuid=d3550acf-1900-0000-48f9-0d43070d0000 pid=3335 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=d3550acf-1900-0000-48f9-0d43070d0000 pid=3335 clone guuid=a7391dd1-1900-0000-48f9-0d43090d0000 pid=3337 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=a7391dd1-1900-0000-48f9-0d43090d0000 pid=3337 execve guuid=2a4aef1a-1a00-0000-48f9-0d43a10d0000 pid=3489 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=2a4aef1a-1a00-0000-48f9-0d43a10d0000 pid=3489 execve guuid=3713eb1b-1a00-0000-48f9-0d43a40d0000 pid=3492 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=3713eb1b-1a00-0000-48f9-0d43a40d0000 pid=3492 clone guuid=625e021d-1a00-0000-48f9-0d43a80d0000 pid=3496 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=625e021d-1a00-0000-48f9-0d43a80d0000 pid=3496 execve guuid=712d9667-1a00-0000-48f9-0d43070e0000 pid=3591 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=712d9667-1a00-0000-48f9-0d43070e0000 pid=3591 execve guuid=4221f967-1a00-0000-48f9-0d43080e0000 pid=3592 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=4221f967-1a00-0000-48f9-0d43080e0000 pid=3592 clone guuid=29228c6a-1a00-0000-48f9-0d430e0e0000 pid=3598 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=29228c6a-1a00-0000-48f9-0d430e0e0000 pid=3598 execve guuid=9f7387b6-1a00-0000-48f9-0d43c30e0000 pid=3779 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=9f7387b6-1a00-0000-48f9-0d43c30e0000 pid=3779 execve guuid=62cdd7b6-1a00-0000-48f9-0d43c40e0000 pid=3780 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=62cdd7b6-1a00-0000-48f9-0d43c40e0000 pid=3780 clone guuid=4647cbb8-1a00-0000-48f9-0d43cb0e0000 pid=3787 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=4647cbb8-1a00-0000-48f9-0d43cb0e0000 pid=3787 execve guuid=154d9703-1b00-0000-48f9-0d43b40f0000 pid=4020 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=154d9703-1b00-0000-48f9-0d43b40f0000 pid=4020 execve guuid=7eccdf03-1b00-0000-48f9-0d43b60f0000 pid=4022 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=7eccdf03-1b00-0000-48f9-0d43b60f0000 pid=4022 clone guuid=307ad204-1b00-0000-48f9-0d43ba0f0000 pid=4026 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=307ad204-1b00-0000-48f9-0d43ba0f0000 pid=4026 execve guuid=ae05e04b-1b00-0000-48f9-0d436c100000 pid=4204 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=ae05e04b-1b00-0000-48f9-0d436c100000 pid=4204 execve guuid=f3ca394c-1b00-0000-48f9-0d436d100000 pid=4205 /usr/bin/dash guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=f3ca394c-1b00-0000-48f9-0d436d100000 pid=4205 clone guuid=9c9ef74c-1b00-0000-48f9-0d4370100000 pid=4208 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=9c9ef74c-1b00-0000-48f9-0d4370100000 pid=4208 execve guuid=b887178a-1b00-0000-48f9-0d431d110000 pid=4381 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=b887178a-1b00-0000-48f9-0d431d110000 pid=4381 execve guuid=553c798a-1b00-0000-48f9-0d4320110000 pid=4384 /home/sandbox/main_x86 delete-file net guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=553c798a-1b00-0000-48f9-0d4320110000 pid=4384 execve guuid=d665d08a-1b00-0000-48f9-0d4322110000 pid=4386 /usr/bin/wget net send-data write-file guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=d665d08a-1b00-0000-48f9-0d4322110000 pid=4386 execve guuid=3949f7d4-1b00-0000-48f9-0d4315120000 pid=4629 /usr/bin/chmod guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=3949f7d4-1b00-0000-48f9-0d4315120000 pid=4629 execve guuid=70f46cd5-1b00-0000-48f9-0d4317120000 pid=4631 /home/sandbox/main_x86_64 delete-file net guuid=d84ad49e-1800-0000-48f9-0d43080b0000 pid=2824->guuid=70f46cd5-1b00-0000-48f9-0d4317120000 pid=4631 execve 459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 160.30.136.37:80 guuid=a7c9239f-1800-0000-48f9-0d43090b0000 pid=2825->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 136B guuid=5988b4e8-1800-0000-48f9-0d43960b0000 pid=2966->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=b7fbe937-1900-0000-48f9-0d434e0c0000 pid=3150->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=5b41fb82-1900-0000-48f9-0d439d0c0000 pid=3229->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=a7391dd1-1900-0000-48f9-0d43090d0000 pid=3337->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=625e021d-1a00-0000-48f9-0d43a80d0000 pid=3496->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=29228c6a-1a00-0000-48f9-0d430e0e0000 pid=3598->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 137B guuid=4647cbb8-1a00-0000-48f9-0d43cb0e0000 pid=3787->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 136B guuid=307ad204-1b00-0000-48f9-0d43ba0f0000 pid=4026->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 136B guuid=9c9ef74c-1b00-0000-48f9-0d4370100000 pid=4208->459b4ac1-bb1e-5d8b-b1c2-a301ff9c4159 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=553c798a-1b00-0000-48f9-0d4320110000 pid=4384->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9135bd8a-1b00-0000-48f9-0d4321110000 pid=4385 /home/sandbox/main_x86 dns net send-data zombie guuid=553c798a-1b00-0000-48f9-0d4320110000 pid=4384->guuid=9135bd8a-1b00-0000-48f9-0d4321110000 pid=4385 clone guuid=9135bd8a-1b00-0000-48f9-0d4321110000 pid=4385->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 34B d3050308-6e18-57dc-8764-2ca35e907d54 botnet.hqdata.vn:1995 guuid=9135bd8a-1b00-0000-48f9-0d4321110000 pid=4385->d3050308-6e18-57dc-8764-2ca35e907d54 send: 7B guuid=acbdda8a-1b00-0000-48f9-0d4323110000 pid=4387 /home/sandbox/main_x86 guuid=9135bd8a-1b00-0000-48f9-0d4321110000 pid=4385->guuid=acbdda8a-1b00-0000-48f9-0d4323110000 pid=4387 clone d3c4a4db-d0c2-5b53-9c40-37c39ced01c3 botnet.hqdata.vn:80 guuid=d665d08a-1b00-0000-48f9-0d4322110000 pid=4386->d3c4a4db-d0c2-5b53-9c40-37c39ced01c3 send: 139B guuid=70f46cd5-1b00-0000-48f9-0d4317120000 pid=4631->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4a2181d5-1b00-0000-48f9-0d4318120000 pid=4632 /home/sandbox/main_x86_64 dns net send-data zombie guuid=70f46cd5-1b00-0000-48f9-0d4317120000 pid=4631->guuid=4a2181d5-1b00-0000-48f9-0d4318120000 pid=4632 clone guuid=4a2181d5-1b00-0000-48f9-0d4318120000 pid=4632->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 34B guuid=4a2181d5-1b00-0000-48f9-0d4318120000 pid=4632->d3050308-6e18-57dc-8764-2ca35e907d54 send: 7B guuid=9f7492d5-1b00-0000-48f9-0d431a120000 pid=4634 /home/sandbox/main_x86_64 guuid=4a2181d5-1b00-0000-48f9-0d4318120000 pid=4632->guuid=9f7492d5-1b00-0000-48f9-0d431a120000 pid=4634 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-10 17:12:49 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jcum2xa5neki4odnapum6ivdnzyg4jegjkufjwxerbicq46ikqda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251110-vyaaeaskex/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 48a8cd5c1d69148e386d03e8cf22a36e706e24864aa854dae488502873c85406

(this sample)

Mirai

elf 87adf29f3b9a4f29a1166de9b1280236b4908122081007d17ab31b579223fcc7

  
URLhaus
https://urlhaus.abuse.ch/url/3702346/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3702367/
  
Dropping
MD5 3ce09559a37cad5ec570f858f66ee163
  
Dropping
SHA256 87adf29f3b9a4f29a1166de9b1280236b4908122081007d17ab31b579223fcc7

Comments