MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69
SHA3-384 hash: 24395406558057caa374e52851a6bfee41f6d22da38cad80f99c2230ca1f61b9012bec61c4930ebccd11eb84858b9a23
SHA1 hash: 6458494bc2ff3fa6aba47bb8a5a19a921d3e2542
MD5 hash: 01e8610dac02b3a8498c1d5a49b0fab9
humanhash: lima-indigo-freddie-mobile
File name:zte
Download: download sample
Signature Mirai
Create hunting rule
File size:2'184 bytes
First seen:2025-02-16 12:16:56 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vJIzIIUeJIIIJHnLJIZImqIJJIeIfZhJIfI0wnsJIGIn9j9JIu6IoAQJIEIVXtJo:v0ZaHLW92LqcsW9hmhWdm1wxYZig
TLSH T163418E891756C6753CF29E2A71E9880872B4B15739E06B85EDD83CB7404EF183C6BB4A
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.171.131.21/main_armbd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef Miraielf mirai
http://31.171.131.21/main_arm597744afb839e31ac5bccbd36751e49239bb28f8dc8543e016ad377ee0fd364a7 Miraielf mirai ua-wget
http://31.171.131.21/main_arm676beab1a2a1362ecb4f09a68480ec83be83b92bb4f325677a75d95f6ab7493ed Miraielf mirai ua-wget
http://31.171.131.21/main_arm78583dd8a912a6689b1b6a30662fb9756a4191d3a42dbf73761dcb9b9ef15f04f Miraielf mirai
http://31.171.131.21/main_m68k765d2fcd868547d56ca65d1a1607dbd716846ade55a21763c1ba27d6095d4c2f Miraielf mirai ua-wget
http://31.171.131.21/main_mips93c6360339aed0489885e7ffb51f591258b8f1b62b69a063c285197cd4d9b2a9 Miraielf mirai ua-wget
http://31.171.131.21/main_mpslc91a88f2fae16832f27cdd29511afa98b9bb4097f073a495911e577d2b147122 Miraielf mirai ua-wget
http://31.171.131.21/main_ppc71f26983cea8a321439fdb2413590211a2c0d34e961550f898981e7f3aec1570 Miraielf mirai ua-wget
http://31.171.131.21/main_sh4d844fb6df57d4339e1d970d417b21b422466e64e0ed1c6d586d9d11ad093f151 Miraielf mirai ua-wget
http://31.171.131.21/main_spc8b5ba26f0af7ae78f47f4167fce756a8905ac120193691062c230fdcf86da5bd Miraicensys elf mirai
http://31.171.131.21/main_x8662957dcecfdaa90da9e4d31191222a66efd760119b6b400f70fb34792692d038 Miraielf mirai ua-wget
http://31.171.131.21/main_x86_64a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b1d8bc28ab76d43a5b35d6linux22vpnfull_triage
Tags:
trojandownloader agent virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin mirai remote
Link:
https://www.filescan.io/uploads/67b1d75521602376c582b008/reports/9883eee8-3a7a-4274-ad80-881b7fcd838b/overview
Result
Verdict:
MALICIOUS
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69/
Threat name:
Win32.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 12:17:20 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=joqwxwehx42cyf4b2775idvqwangpn5mikpkux3m4ek64ub27juq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250216-pf5qpsxjgk/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Traces itself
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4ba16bd887bf342c1781d7ffd40eb0b01a67b7ac429eaa5f6ce115ee503afa69

(this sample)

Mirai

elf bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

  
URLhaus
https://urlhaus.abuse.ch/url/3441692/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6edcb298e7732b81b54bac412d0bc6c
  
Dropping
SHA256 bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef
  
URLhaus
https://urlhaus.abuse.ch/url/3441770/

Comments