MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4aca098bdfcd3ff9dc1ba3d15f6f461321c58a3dbb1d688ca731d95eac8e1ffa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4aca098bdfcd3ff9dc1ba3d15f6f461321c58a3dbb1d688ca731d95eac8e1ffa
SHA3-384 hash:	7522c9fff02fb2f24485c47237fc1f40450ba806bb6f2d51da32f3668dd36c2eec8d150e5d6c7dd0142a72533816e526
SHA1 hash:	45818386c2be4a1d93cfacd8a22f69586ce92c0a
MD5 hash:	1dbcbcbb64d81965ecaebbebcfb6a1df
humanhash:	summer-spaghetti-bakerloo-summer
File name:	kla.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'560 bytes
First seen:	2026-05-08 18:48:59 UTC
Last seen:	2026-05-09 13:05:30 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:It8uvuWCw8k4k3w8SBdoKOw8by8w8fP+w88BOBw8xOw8yHCw8qSCz:ihGWXcVwKjX+zNwrr
TLSH	T1B631D4CA0B12A5306DA2D91F7EA4C809F3D5ADCFACC1294594D878E894DCF49EA42A43
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://89.32.41.16/bins/px86	f51d6a9837ac5868175ba0c57e7d2ef4a98e0d6131bef755f404c313ca049652	Mirai	elf mirai opendir ua-wget x86
http://89.32.41.16/bins/pmips	c5b338d9e78bb2152913a5f9b3ad682f3f7fd41e51793843f6600c546c536d61	Mirai	elf mips mirai opendir ua-wget
http://89.32.41.16/bins/pmpsl	44a0840a1f12163824e3a61c849c785741c1cb3be194abc937648a8e4a8d4d44	Mirai	elf mips mirai opendir ua-wget
http://89.32.41.16/bins/parm	5e30e4677b2b91eb0b57a646a14bd4fcbe8538967d44598347c7b157ee4f9115	Mirai	elf mirai ua-wget
http://89.32.41.16/bins/parm5	7e45e9769cb7f1db7b20cd3a06d61a2977e8f31e9774e0a4a70e048384041f58	Mirai	elf mirai ua-wget
http://89.32.41.16/bins/parm6	05445d58ae969fc9f98eeef8c2f7ba40ddbdbc6085934a05763e8c82584c26bf	Mirai	arm elf mirai opendir ua-wget
http://89.32.41.16/bins/parm7	f23ad05baffc1e5f13a87c8f800001c0b4b72a1c239aa2f77c3fe8c545402ea4	Mirai	elf mirai ua-wget
http://89.32.41.16/bins/pm68k	n/a	n/a	elf ua-wget
http://89.32.41.16/bins/psh4	c6486adf985db95d787e1e1b064465513aaa1fa582e24163b83324aab67a5725	Mirai	elf mirai opendir SuperH ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox medusa mirai

Link:

https://www.filescan.io/uploads/69fe30352fcb905ec2893d1d/reports/438796e3-18e1-4ee2-b0e1-c7dedb46b100/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-05-08T15:55:00Z UTC

Last seen:

2026-05-09T02:40:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.bc HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen

Link:

https://opentip.kaspersky.com/4aca098bdfcd3ff9dc1ba3d15f6f461321c58a3dbb1d688ca731d95eac8e1ffa/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/a7da1c07-4363-4f10-8a3d-28a5e03cacd3

Behavior Graph:

Download SVG