MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6
SHA3-384 hash: 766166e049c8f1473fb53681903f3fad927742f7264c2f1b6cc5077fa8bf588bc3a4d8f4887660b0803c4d3246597919
SHA1 hash: 4e47e70bccfb36c4be9134f0ba62995ed649c275
MD5 hash: 44dd7869b4fbd32af1e7f864844b2b75
humanhash: spaghetti-lake-single-dakota
File name:yarn
Download: download sample
Signature Mirai
Create hunting rule
File size:4'440 bytes
First seen:2025-05-16 16:44:44 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vz8MV4klz91V4RzrOrWV4czAoV4azE0EEV4EezUkV4+z91V4RzJZV49ziSV4szyj:vV7bW3PpD4TEpe3NfaXEXfNlz0/Axq
TLSH T1D79127E93534576A2DA1ED7369D7C652F28521AAE1CC0D0BF2D2F0E5444DF62FC84B82
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86e5fdbd2cc8d22b350589ac01e84bf2fafb7dde6feca9ae1c31d3b0d6dc488a1b Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mipsb060f75c1d3df51e2b9f78a999e808fe7a83d030a1b7d1696de332f6b684e2c8 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl028f81a57e585f15a818eb2154f1b9f29f989ba070f9916d3946eaad6e03b8be Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.armd0c8650980716257ac31156c4748e11f83eeca56e2588f48128fd3f3a018edba Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm51fe4096817723623fb91648a34133554b750ed3436bdef4956becb727da1adbc Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6b28fdc295296e3103e9222370b564eecf68f8d8045f23b952d8b7a84139e3bdc Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7c5088e127c9d61085608509fefa6d464e6ca62d141688eaed313f685dbc18041 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc60066cf117c56eba4b54a187244f0a5c0190c25f5343663907f667a7ea4855c6 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k0c22e537c40e38808160f6be035ea7be9abb51e79bb492527b04a079ed10e1f9 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc3feb734ffb59eccedefb07ea1b9e36d9392c2940fe1d094257e0bec461697e10 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686n/an/awget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4320dbdaaaa512c548867ea08ac354ab7479796fc57a741afecabaa2a0d9dbd35 Miraimirai wget-ua
http://89.42.88.163/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc7fa545aadd1c0bb4eba61cbd61d6416cae3476055fa3623b5982354c63e57903 Miraimirai wget-ua

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68276bb14a59e5a2ce0546b6linux22vpnfull_triage
Tags:
backdoor agent overt spam
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai obfuscated
Link:
https://www.filescan.io/uploads/68276baabff72ff46b6543db/reports/823a61e4-2e06-4c66-bd26-11e202f3f237/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 16:45:31 UTC
File Type:
Text (Shell)
AV detection:
24 of 37 (64.86%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jlrws2lzlskmrp2b3japu2g4l4q7vm5uqxuq66lenrt6ybklks3a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:unstable antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250516-t9l8nscq7s/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (194127) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4ae36969795c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4ae36969795c94c8bf41da40fa68dc5f21fab3b485e90f79646c67ec054b54b6

(this sample)

Mirai

elf e5fdbd2cc8d22b350589ac01e84bf2fafb7dde6feca9ae1c31d3b0d6dc488a1b

  
URLhaus
https://urlhaus.abuse.ch/url/3544751/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3bb05b1ebe275b668c040becf5e85b6f
  
Dropping
SHA256 e5fdbd2cc8d22b350589ac01e84bf2fafb7dde6feca9ae1c31d3b0d6dc488a1b

Comments