MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019
SHA3-384 hash: 3d06d1d9fe44680ccf01d579085ebb86b78312f22da83826f089d480b1e94a867827cdedb75ebc1d44a0953dad7ed34a
SHA1 hash: 0e4587d497a4c3bafe5f642bc04b8cf167e49204
MD5 hash: df2a0c8dd2da0d1edb00e6108c483228
humanhash: ceiling-indigo-snake-hydrogen
File name:tx
Download: download sample
Signature Mirai
Create hunting rule
File size:278 bytes
First seen:2025-08-22 07:59:34 UTC
Last seen:2025-08-22 21:31:55 UTC
File type: sh
MIME type:text/plain
ssdeep 6:aO4qIl21sgSgpj4z3tVSgWK46S1T7ogSQ:t021sqqtPhSb
TLSH T1A4D0EC8AE9E9BFC3CC001D02F1B18490D197A20C07AEC350EC660EA49DA1514B333E0A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.153.34.225/armv4l0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39 MiraiDEU elf geofenced mirai ua-wget
http://45.153.34.225/armv5l08beb12ebf39658d900bdf775a3386cedda53dca87a6d1129e9fa60ab97c1305 MiraiDEU elf geofenced mirai ua-wget
http://45.153.34.225/armv7l402e39d3259b3ca882b2dda25ea1e7f8039fdfc7307be9f80331116bea023b41 MiraiDEU elf geofenced mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3608872.UNOFFICIAL
Create hunting rule

URLhaus.3608854.UNOFFICIAL
Create hunting rule

URLhaus.3608860.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a823bf7137d684583770ba/reports/14424814-f365-4cd6-b627-1a0a0bf4a58a/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019
Verdict:
Malicious
File Type:
text
First seen:
2025-08-22T05:25:00Z UTC
Last seen:
2025-08-22T05:25:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2e79539e-b353-4535-9c53-323a465c968c
Behavior Graph:
Download SVG
%3 guuid=24dd0f3d-1b00-0000-91a0-200f010c0000 pid=3073 /usr/bin/sudo guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081 /tmp/sample.bin guuid=24dd0f3d-1b00-0000-91a0-200f010c0000 pid=3073->guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081 execve guuid=7d630640-1b00-0000-91a0-200f0b0c0000 pid=3083 /usr/bin/rm guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=7d630640-1b00-0000-91a0-200f0b0c0000 pid=3083 execve guuid=c11c9640-1b00-0000-91a0-200f0e0c0000 pid=3086 /usr/bin/wget net send-data write-file guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=c11c9640-1b00-0000-91a0-200f0e0c0000 pid=3086 execve guuid=0d304a92-1b00-0000-91a0-200f950c0000 pid=3221 /usr/bin/chmod guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=0d304a92-1b00-0000-91a0-200f950c0000 pid=3221 execve guuid=4b0dad92-1b00-0000-91a0-200f960c0000 pid=3222 /usr/bin/dash guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=4b0dad92-1b00-0000-91a0-200f960c0000 pid=3222 clone guuid=abc88d93-1b00-0000-91a0-200f980c0000 pid=3224 /usr/bin/rm guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=abc88d93-1b00-0000-91a0-200f980c0000 pid=3224 execve guuid=eeb2ee93-1b00-0000-91a0-200f990c0000 pid=3225 /usr/bin/wget net send-data write-file guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=eeb2ee93-1b00-0000-91a0-200f990c0000 pid=3225 execve guuid=beb4bceb-1b00-0000-91a0-200f140d0000 pid=3348 /usr/bin/chmod guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=beb4bceb-1b00-0000-91a0-200f140d0000 pid=3348 execve guuid=ee7e0eec-1b00-0000-91a0-200f160d0000 pid=3350 /usr/bin/dash guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=ee7e0eec-1b00-0000-91a0-200f160d0000 pid=3350 clone guuid=282cd3ec-1b00-0000-91a0-200f1a0d0000 pid=3354 /usr/bin/rm guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=282cd3ec-1b00-0000-91a0-200f1a0d0000 pid=3354 execve guuid=fef51bed-1b00-0000-91a0-200f1b0d0000 pid=3355 /usr/bin/wget net send-data write-file guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=fef51bed-1b00-0000-91a0-200f1b0d0000 pid=3355 execve guuid=5c500bfa-1c00-0000-91a0-200fa20f0000 pid=4002 /usr/bin/chmod guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=5c500bfa-1c00-0000-91a0-200fa20f0000 pid=4002 execve guuid=34875dfa-1c00-0000-91a0-200fa30f0000 pid=4003 /usr/bin/dash guuid=2dff7d3f-1b00-0000-91a0-200f090c0000 pid=3081->guuid=34875dfa-1c00-0000-91a0-200fa30f0000 pid=4003 clone 5b7ed37b-dfae-5b6b-8562-ae7b97f88065 45.153.34.225:80 guuid=c11c9640-1b00-0000-91a0-200f0e0c0000 pid=3086->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B guuid=eeb2ee93-1b00-0000-91a0-200f990c0000 pid=3225->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B guuid=fef51bed-1b00-0000-91a0-200f1b0d0000 pid=3355->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B
Score:
97%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019
Threat name:
Linux.Trojan.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-08-22 07:39:01 UTC
File Type:
Text (Shell)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jupceuvnudqougiyq3ngjd3vu65xi4nmtrimbvjrittuvgkioamq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250822-j1bepsdr2x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4d1e2252ada0e0ea191886da648f75a7bb7471ac9c50c0d53144e74a99487019

(this sample)

Mirai

elf 0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39

  
URLhaus
https://urlhaus.abuse.ch/url/3608867/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3608861/
  
Dropping
MD5 f21eca54539608e9fe3eb642ea5a8ac5
  
Dropping
SHA256 0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39

Comments