MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e
SHA3-384 hash: 02db86b99ea676c1991cb98c619e74ad28a3c0b8c8ea61fce2345f668360a60f7f800974ea7a2a80d9664e016c8b6811
SHA1 hash: 7109b83970f71d956c6dfaea84c3312bbeaee911
MD5 hash: 6e6a4d7cdce2ad606fd6901ea367b8fc
humanhash: iowa-lithium-football-nineteen
File name:l
Download: download sample
Signature Mirai
Create hunting rule
File size:609 bytes
First seen:2025-09-19 18:08:18 UTC
Last seen:2025-09-19 22:18:49 UTC
File type: sh
MIME type:text/plain
ssdeep 12:ydfJAKo4ugZENI3dgZihpgZRohlugZH1xZmTo3xJfy:y4KcyENItyyyRoTuyH9KUK
TLSH T11CF044DAD0041D1275449EC4D83F82F4750D9CF2824CAE9D5D4E3A7EB39C520BA6A548
Magika html
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/kvariant.arm795c84d2cb01247b415f57c19c291ff83f7f2e5da207db1fe775ae6df6f8414fe Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm6464e01d54829277f90c3a6079e7296056090aff9f57d5b399903470f40628536 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm5b348e5b70ab7e0d8bb74afbd7749daaab6d7becf6854dfc75486a71da1430ab9 Miraielf mirai ua-wget
http://109.205.213.5/kvariant.arm376ca979cb4140b86393ee85cf7f66f18f5cee9ad886102ac207238e88562c6a Miraielf mirai ua-wget
http://109.205.213.5/kvariant.mips2567a20e3f0ef8975cd3858233f0e5dc17c1dfd38c00dad365079532a2628b6b Miraielf mirai ua-wget
http://109.205.213.5/kvariant.mpsle50556949a508ce964676b0b8c9b075abc11bb649fbfa8849e25de5c6c6c54c0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68cd9c3173af424b47e7ddfc/reports/d7457a63-a3f5-4b03-8f28-f4fe9b8bd0ab/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e
Verdict:
Malicious
File Type:
text
First seen:
2025-09-19T17:02:00Z UTC
Last seen:
2025-09-19T17:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0de860f9-1a2b-479f-8b2e-e7b6d667b14a
Behavior Graph:
Download SVG
%3 guuid=ed9dff56-1a00-0000-c13c-b752cb0c0000 pid=3275 /usr/bin/sudo guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282 /tmp/sample.bin guuid=ed9dff56-1a00-0000-c13c-b752cb0c0000 pid=3275->guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282 execve guuid=e277a458-1a00-0000-c13c-b752d40c0000 pid=3284 /usr/bin/busybox net send-data write-file guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=e277a458-1a00-0000-c13c-b752d40c0000 pid=3284 execve guuid=388bc371-1a00-0000-c13c-b752010d0000 pid=3329 /usr/bin/chmod guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=388bc371-1a00-0000-c13c-b752010d0000 pid=3329 execve guuid=e3f50172-1a00-0000-c13c-b752030d0000 pid=3331 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=e3f50172-1a00-0000-c13c-b752030d0000 pid=3331 clone guuid=1eff8772-1a00-0000-c13c-b752060d0000 pid=3334 /usr/bin/busybox net send-data write-file guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=1eff8772-1a00-0000-c13c-b752060d0000 pid=3334 execve guuid=a05b7686-1a00-0000-c13c-b752390d0000 pid=3385 /usr/bin/chmod guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=a05b7686-1a00-0000-c13c-b752390d0000 pid=3385 execve guuid=6afadf86-1a00-0000-c13c-b7523b0d0000 pid=3387 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=6afadf86-1a00-0000-c13c-b7523b0d0000 pid=3387 clone guuid=319bb387-1a00-0000-c13c-b752400d0000 pid=3392 /usr/bin/busybox net send-data write-file guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=319bb387-1a00-0000-c13c-b752400d0000 pid=3392 execve guuid=d566b29b-1a00-0000-c13c-b752770d0000 pid=3447 /usr/bin/chmod guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=d566b29b-1a00-0000-c13c-b752770d0000 pid=3447 execve guuid=49321e9c-1a00-0000-c13c-b752790d0000 pid=3449 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=49321e9c-1a00-0000-c13c-b752790d0000 pid=3449 clone guuid=68b1ce9d-1a00-0000-c13c-b752800d0000 pid=3456 /usr/bin/busybox net send-data write-file guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=68b1ce9d-1a00-0000-c13c-b752800d0000 pid=3456 execve guuid=e9fd86b1-1a00-0000-c13c-b752b70d0000 pid=3511 /usr/bin/chmod guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=e9fd86b1-1a00-0000-c13c-b752b70d0000 pid=3511 execve guuid=f776bcb1-1a00-0000-c13c-b752b90d0000 pid=3513 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=f776bcb1-1a00-0000-c13c-b752b90d0000 pid=3513 clone guuid=e8b233b2-1a00-0000-c13c-b752bd0d0000 pid=3517 /usr/bin/busybox net send-data guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=e8b233b2-1a00-0000-c13c-b752bd0d0000 pid=3517 execve guuid=821c43bc-1a00-0000-c13c-b752ce0d0000 pid=3534 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=821c43bc-1a00-0000-c13c-b752ce0d0000 pid=3534 clone guuid=dce454bc-1a00-0000-c13c-b752cf0d0000 pid=3535 /usr/bin/busybox net send-data write-file guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=dce454bc-1a00-0000-c13c-b752cf0d0000 pid=3535 execve guuid=ffb3ced4-1a00-0000-c13c-b752060e0000 pid=3590 /usr/bin/chmod guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=ffb3ced4-1a00-0000-c13c-b752060e0000 pid=3590 execve guuid=554a53d5-1a00-0000-c13c-b752070e0000 pid=3591 /usr/bin/dash guuid=9e507658-1a00-0000-c13c-b752d20c0000 pid=3282->guuid=554a53d5-1a00-0000-c13c-b752070e0000 pid=3591 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=e277a458-1a00-0000-c13c-b752d40c0000 pid=3284->9df19bce-d755-5940-91ff-d0e847757959 send: 89B guuid=1eff8772-1a00-0000-c13c-b752060d0000 pid=3334->9df19bce-d755-5940-91ff-d0e847757959 send: 89B guuid=319bb387-1a00-0000-c13c-b752400d0000 pid=3392->9df19bce-d755-5940-91ff-d0e847757959 send: 89B guuid=68b1ce9d-1a00-0000-c13c-b752800d0000 pid=3456->9df19bce-d755-5940-91ff-d0e847757959 send: 88B guuid=e8b233b2-1a00-0000-c13c-b752bd0d0000 pid=3517->9df19bce-d755-5940-91ff-d0e847757959 send: 90B guuid=dce454bc-1a00-0000-c13c-b752cf0d0000 pid=3535->9df19bce-d755-5940-91ff-d0e847757959 send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-19 18:00:02 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 24 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jovyrwnei6hlu27yjhy2jmfb4vgjnymo5ztxkawc2vscakhwh4xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4bab88d9a4478eba6bf849f1a4b0a1e54c96e18eee677502c2d5642028f63f2e

(this sample)

Mirai

elf c53f3f4aabd55bc53fe374940c9b1e443563833572ecd4dcac458fe8883b8dc3

  
URLhaus
https://urlhaus.abuse.ch/url/3627141/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3f08730059509f77c6fddde058dcb457
  
Dropping
SHA256 c53f3f4aabd55bc53fe374940c9b1e443563833572ecd4dcac458fe8883b8dc3

Comments