MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701
SHA3-384 hash: c88361072b4dc3af391f7baac50612d97261aa191ff4efbc0ded7400016313b3d8ecc952b563dcc231e3add5202155a8
SHA1 hash: 2909a6597380c449ab4738f85c65f65a520db09c
MD5 hash: bac0f2c3a1586ad4732b321413224f78
humanhash: east-comet-montana-nitrogen
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:922 bytes
First seen:2025-09-08 14:12:30 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ToWBGhBh9Mk8QoW+Bkp/A5V+BE+/I/V7R+B78atkk0:ToGGhL8QoWQVD+wV7RJat/0
TLSH T1A811BD99E680E3655816541CB2C7C22AF06B43F806A61A64FC0E6D74F78C898F861B36
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.45/skid.armd4b3bd0bdf411126d8f45352703c51de5631a35a84a688f7c1007c439ed5a782 Miraiarm elf geofenced mirai ua-wget USA
http://42.112.26.45/skid.arm5255fbd59b1ec6bc04c211ec2a463e8a085cadae617cc3e8c5ec6c042ea0a2daf Miraiarm elf geofenced mirai ua-wget USA
http://42.112.26.45/skid.arm7ba590857bab1a0236965690c8f3ff4278e44cde6291259d466d1d9dc53320015 Miraiarm elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-08T10:47:00Z UTC
Last seen:
2025-09-08T10:47:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/78406444-f522-477d-a669-22ca0e89c5d6
Behavior Graph:
Download SVG
%3 guuid=532d7305-1900-0000-5845-420b66120000 pid=4710 /usr/bin/sudo guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716 /tmp/sample.bin guuid=532d7305-1900-0000-5845-420b66120000 pid=4710->guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716 execve guuid=7900f80d-1900-0000-5845-420b78120000 pid=4728 /usr/bin/rm guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=7900f80d-1900-0000-5845-420b78120000 pid=4728 execve guuid=4ec47a0e-1900-0000-5845-420b7b120000 pid=4731 /usr/bin/wget net send-data write-file guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=4ec47a0e-1900-0000-5845-420b7b120000 pid=4731 execve guuid=76b9df45-1900-0000-5845-420b11130000 pid=4881 /usr/bin/chmod guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=76b9df45-1900-0000-5845-420b11130000 pid=4881 execve guuid=e8176f46-1900-0000-5845-420b12130000 pid=4882 /usr/bin/dash guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=e8176f46-1900-0000-5845-420b12130000 pid=4882 clone guuid=83628947-1900-0000-5845-420b17130000 pid=4887 /usr/bin/rm guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=83628947-1900-0000-5845-420b17130000 pid=4887 execve guuid=ecc9f247-1900-0000-5845-420b19130000 pid=4889 /usr/bin/wget net send-data write-file guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=ecc9f247-1900-0000-5845-420b19130000 pid=4889 execve guuid=5c8f077b-1900-0000-5845-420b88130000 pid=5000 /usr/bin/chmod guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=5c8f077b-1900-0000-5845-420b88130000 pid=5000 execve guuid=3a907a7b-1900-0000-5845-420b8a130000 pid=5002 /usr/bin/dash guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=3a907a7b-1900-0000-5845-420b8a130000 pid=5002 clone guuid=0a543181-1900-0000-5845-420b8f130000 pid=5007 /usr/bin/rm guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=0a543181-1900-0000-5845-420b8f130000 pid=5007 execve guuid=3602bb81-1900-0000-5845-420b90130000 pid=5008 /usr/bin/wget net send-data write-file guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=3602bb81-1900-0000-5845-420b90130000 pid=5008 execve guuid=b426c1c1-1900-0000-5845-420b13140000 pid=5139 /usr/bin/chmod guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=b426c1c1-1900-0000-5845-420b13140000 pid=5139 execve guuid=b13040c2-1900-0000-5845-420b14140000 pid=5140 /usr/bin/dash guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=b13040c2-1900-0000-5845-420b14140000 pid=5140 clone guuid=197804c5-1900-0000-5845-420b18140000 pid=5144 /usr/bin/busybox guuid=7d645107-1900-0000-5845-420b6c120000 pid=4716->guuid=197804c5-1900-0000-5845-420b18140000 pid=5144 execve 7e1f030a-193f-5ef8-b58f-206d09d04b13 42.112.26.45:80 guuid=4ec47a0e-1900-0000-5845-420b7b120000 pid=4731->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 135B guuid=ecc9f247-1900-0000-5845-420b19130000 pid=4889->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 136B guuid=3602bb81-1900-0000-5845-420b90130000 pid=5008->7e1f030a-193f-5ef8-b58f-206d09d04b13 send: 136B
Score:
74%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 13:29:48 UTC
File Type:
Text (Shell)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jshbagco77u2vj6m7mtp5py3y4hx46x7f6bykt3ftmz33fp6q4aq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250908-rjpj1adk4x/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads system network configuration
Reads process memory
Enumerates running processes
Reads MAC address of network interface
Reads system routing table
File and Directory Permissions Modification
Executes dropped EXE
Renames itself
Unexpected DNS network traffic destination
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4c8e10184effe9aaa7ccfb26febf1bc70f7e7aff2f83854f659b33bd95fe8701

(this sample)

Mirai

elf daf19c0d7d08c05cb2c5ce61d2fee7523834dca186a34afe564504a55882a9a9

  
URLhaus
https://urlhaus.abuse.ch/url/3619887/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6f30ee4cc5a27e25601d32953cb6b6af
  
Dropping
SHA256 daf19c0d7d08c05cb2c5ce61d2fee7523834dca186a34afe564504a55882a9a9

Comments