MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879
SHA3-384 hash: f1a1b19a01e289289bf7f338091564e537795098226328780dbbfdab686c34e339d94f56c115c6b3817bcf0702500545
SHA1 hash: 08187ce8e3073e3ef0473e0f2d091ef0c9a18be2
MD5 hash: 4f49979bbcc3172f50126811941771ab
humanhash: river-neptune-white-hawaii
File name:weed
Download: download sample
Signature Mirai
Create hunting rule
File size:3'472 bytes
First seen:2025-04-08 09:26:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:pgLHM/ftNkAuLggUZfsfGND8eomwXgFz4dwXRCo4LFv:pgUftNCggffGNsFDasLFv
TLSH T17B6116D939536F3A8A89EF02D3A3A574A43BCCB945740E8196EC51BCCDFED08243854B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.15.28.149/nimips5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e Miraiddos elf mirai
http://103.15.28.149/mpsl56ef308400325a2a62ed21c02f155cead105c646f4730e47f206fbf6470405ef Gafgytddos elf gafgyt mirai
http://103.15.28.149/armf49be3b8a42f3901cd040bdefafd7bcec260de8c81187194bc41d32aafe934d1 Miraiddos elf mirai
http://103.15.28.149/arm53b7de09d48ff82ea1e92a3bdc478d34d48d749075abc2dd2470c99e320280171 Gafgytddos elf gafgyt mirai
http://103.15.28.149/arm60863ccfab8853a558ca1953362c94c8e47d18d52f15832935a6cc1ae185d4e5e Gafgytddos elf gafgyt mirai
http://103.15.28.149/arm7354fec084612752460b60642a3cf8b7b415d62fcab48e9b08115e590e6226cbc Miraiddos elf mirai
http://103.15.28.149/ppc335c4dc4d67fc2b6ac7a27ee215799e1954da64d3becfb8429d0bdf65e9018f2 Gafgytelf gafgyt
http://103.15.28.149/sh4cf41ecffccd976b45d5939432dc07b2e06ca5a65ba834fbea992b53241aae9b5 Gafgytelf gafgyt
ftp://3.15.28.149:8021/nimipsn/an/an/a
ftp://3.15.28.149:8021/mpsln/an/an/a
ftp://3.15.28.149:8021/armn/an/an/a
ftp://3.15.28.149:8021/arm5n/an/an/a
ftp://3.15.28.149:8021/arm7n/an/an/a
ftp://3.15.28.149:8021/ppcn/an/an/a
ftp://3.15.28.149:8021/sh4n/an/an/a
ftp://3.15.28.149:8021/arm6n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f4edeee011fe619fad362flinux22vpnfull_triage
Tags:
botnet mirai agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive expand lolbin remote
Link:
https://www.filescan.io/uploads/67f4ebf92d430c849e0ca40a/reports/83875036-40b3-460b-80b5-e1e38658d0be/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879/
Threat name:
Script-Shell.Downloader.MiraiA
Create hunting rule
Status:
Malicious
First seen:
2025-04-08 09:32:16 UTC
File Type:
Text
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqtgcghh5gtafjkupatrw6etyyd2syoadkrzfueqgepskoq3tb4q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250408-lhpkqasxet/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4c266118e7e9a602a55478271b7893c607a961c01aa392d090311f253a1b9879

(this sample)

Mirai

elf 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

  
URLhaus
https://urlhaus.abuse.ch/url/3504258/
  
Delivery method
Distributed via web download
  
Dropping
MD5 833feb0df15c75d09fd2f10ffbd7b5e0
  
Dropping
SHA256 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

Comments