MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b217ae8c78148261db1ff58677c970ade2a4239f4e0df5aab01bf77da663e2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b217ae8c78148261db1ff58677c970ade2a4239f4e0df5aab01bf77da663e2e
SHA3-384 hash: 7c5bda757de8479af760561c17c9c45ca17e8844f1c084dfe2b1272931b1e0b5c6e770451592cd0df812ca0724054109
SHA1 hash: c3cf95240c3a5216707b1b7e0b1bfc91d97c3e68
MD5 hash: 9dd0f44134f8e749847d217ea99fe14c
humanhash: spaghetti-mississippi-california-solar
File name:0x83911d24Fx.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'509 bytes
First seen:2025-04-17 04:59:05 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:q0FHo8cPFKX0FOZsBxCMFKX0FqibpYFKX0F/JeFKX0FCLMHJFKX0FkiG8FsFKX0t:veO6XCWqeEqtkc2DRYSJoYckfj
TLSH T1EF51EC8520A7C939BDD59521A1A6407CF75BD09264CAFF22E7F738B881CDD0C3654D83
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://156.253.227.62/LjEZs/uYtea.x8618b2dc09996faf144a23528b9a481d1c83578ab0deb6dba9809de759ac43a464 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.mips5d63581fa18e2143901b884c6c290c955aee83769ebbb61549065602a0dbfe4d Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.mpslfc9761b8ed40ca045bb66f58841bf8ab87d7490e63862509e401e3780c776acc Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.arm724405356c93b60ef56e94bc7a5e2924a20d1279ec2a339ea6919a124bb133ea Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.arm5f47dc7a20def25966bdd9e1b000cc928465b48fd74fdc125f187bc0ba634d9db Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.arm6cab01b6447af4ae6541163399804e5168db26ea79db6e3ee2c48096046bf6635 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.arm7e5d7428c52284dff2fb63541f22c89f16a3e82ae059c1070530d4c1c5d3f385f Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.ppc34099b8dced8b66e85e8197df262b3830059a8e46c8b77fb3495e44901a8f8e7 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.m68kbe50585651c00210831525c16bf909d885acf4659887304a1cfdaa0426bcf574 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.sh4ddbf871d8c0b28d27d528b65da986401d812097985d09552068f7f35a19a92ea Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.spc4e7284ea42d5f2b6e618c8f3565bfa23742b92a67249c12fb682fafb68d481e4 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.arcbc5743dfdc0a4bd95bdf21928d665c7ee1aecabf3844f28cbb4f3010113dc994 Miraicensys elf mirai
http://156.253.227.62/LjEZs/uYtea.x86_64f4f449da0a07840779006fbb8ff8afd8ca44c7d8519dd8bd31b3683fd7348ac5 Miraicensys elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68008c692203b3e10cd0080elinux22vpnfull_triage
Tags:
downloader shellcode agent
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68008aab89fec6b88b9e4def/reports/3bcd75e6-5138-45e7-8387-911ad9ef4541/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4b217ae8c78148261db1ff58677c970ade2a4239f4e0df5aab01bf77da663e2e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b217ae8c78148261db1ff58677c970ade2a4239f4e0df5aab01bf77da663e2e/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-04-17 05:00:15 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jmqxv2ghqfecmhnr75mgo7exblpcuqrz6tqn6wvlag7xpwtghyxa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:demons antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250417-fmh1vaywgx/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh edda7744a5b3693d74900e226b55718ea3316b626e67061d6b95545b62471bc8

Mirai

sh 4b217ae8c78148261db1ff58677c970ade2a4239f4e0df5aab01bf77da663e2e

(this sample)

Mirai

elf 18b2dc09996faf144a23528b9a481d1c83578ab0deb6dba9809de759ac43a464

  
URLhaus
https://urlhaus.abuse.ch/url/3514096/
  
Delivery method
Distributed via web download
  
Dropping
MD5 932234b5352f7776727f465b55702a78
  
Dropping
SHA256 18b2dc09996faf144a23528b9a481d1c83578ab0deb6dba9809de759ac43a464
  
Dropped by
SHA256 edda7744a5b3693d74900e226b55718ea3316b626e67061d6b95545b62471bc8
  
Dropped by
MD5 e91cf1aaf09b6a78f3a83671f4c880fe
  
URLhaus
https://urlhaus.abuse.ch/url/3514104/

Comments