MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91
SHA3-384 hash: 5e40eb711f42248635ecde1f8519479d6f1952af9946e8124929e46c1b7c025f7c9d2404ccfcd432aae4e0c9711193f2
SHA1 hash: 6045ddd8bf443ca1fc8e29a516f4d52c275da3f9
MD5 hash: 76af58e8a93762c3e5e263a9fc290289
humanhash: twelve-four-eighteen-neptune
File name:lil
Download: download sample
Signature Mirai
Create hunting rule
File size:1'018 bytes
First seen:2025-09-19 18:29:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:pwZhk/Zk/tk/Sonk/wI3lIyk/mzyk/Vk/v:pwZhkxkFkPkImXkZktkn
TLSH T1761100EFB18995A20CD8874C39E7C919510485D311C4CE8FA86E0D32ED85B5EF4D8FD8
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.250.134.51/lol.mipsec2242c3dd92d299c04f21243c9685d96eaabc917d09f6c1e579c899b3221716 Gafgytelf gafgyt mirai
http://160.250.134.51/lol.mpsl0f0575b894231b41c986465bd3101f2c05cb9a7f1ff577f9b92a2454985b8897 Miraielf mirai
http://160.250.134.51/lol.armc0313982e93c5f4dbe1514c4410eac77b2302b4848dd8854e72a62fef8fc40af Miraielf mirai
http://160.250.134.51/lol.arm5f75c01945abef82829724fe5ba2090520e43b2b8823d2ae771d056d95cf3c473 Miraielf mirai
http://160.250.134.51/lol.arm729ec58f2cb50f5dd50853b4ffe8f6df1c10f7f8e8aa4a37a7c24072acdd9717a Miraielf mirai
http://160.250.134.51/lol.arc2779127d1abdde4a1746670be4adcb6db44dc017cda5ba1441453ff10fe39824 Miraielf mirai
http://160.250.134.51/lol.aarch6450d66c917e18e9d76926a8cf00633a426d8cde17b3385371f0fed14678d863f7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91
Verdict:
Malicious
File Type:
text
First seen:
2025-09-19T16:54:00Z UTC
Last seen:
2025-09-19T16:54:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5a642255-95b3-4725-9757-47739bf0fdc8
Behavior Graph:
Download SVG
%3 guuid=4a66abec-1900-0000-6273-ff05ca0a0000 pid=2762 /usr/bin/sudo guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769 /tmp/sample.bin guuid=4a66abec-1900-0000-6273-ff05ca0a0000 pid=2762->guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769 execve guuid=842112f0-1900-0000-6273-ff05d20a0000 pid=2770 /usr/bin/cp guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=842112f0-1900-0000-6273-ff05d20a0000 pid=2770 execve guuid=de7690f5-1900-0000-6273-ff05da0a0000 pid=2778 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=de7690f5-1900-0000-6273-ff05da0a0000 pid=2778 clone guuid=4dfd0244-1a00-0000-6273-ff05540b0000 pid=2900 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=4dfd0244-1a00-0000-6273-ff05540b0000 pid=2900 execve guuid=27c85344-1a00-0000-6273-ff05550b0000 pid=2901 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=27c85344-1a00-0000-6273-ff05550b0000 pid=2901 clone guuid=ab50f444-1a00-0000-6273-ff05590b0000 pid=2905 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=ab50f444-1a00-0000-6273-ff05590b0000 pid=2905 execve guuid=27923345-1a00-0000-6273-ff055a0b0000 pid=2906 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=27923345-1a00-0000-6273-ff055a0b0000 pid=2906 clone guuid=859a7c90-1a00-0000-6273-ff05c40b0000 pid=3012 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=859a7c90-1a00-0000-6273-ff05c40b0000 pid=3012 execve guuid=9d19f690-1a00-0000-6273-ff05c60b0000 pid=3014 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=9d19f690-1a00-0000-6273-ff05c60b0000 pid=3014 clone guuid=8e7f9491-1a00-0000-6273-ff05ca0b0000 pid=3018 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=8e7f9491-1a00-0000-6273-ff05ca0b0000 pid=3018 execve guuid=8324e791-1a00-0000-6273-ff05cb0b0000 pid=3019 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=8324e791-1a00-0000-6273-ff05cb0b0000 pid=3019 clone guuid=36dc2ad1-1a00-0000-6273-ff05560c0000 pid=3158 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=36dc2ad1-1a00-0000-6273-ff05560c0000 pid=3158 execve guuid=3204c9d1-1a00-0000-6273-ff05580c0000 pid=3160 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=3204c9d1-1a00-0000-6273-ff05580c0000 pid=3160 clone guuid=2dc2ffd3-1a00-0000-6273-ff055d0c0000 pid=3165 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=2dc2ffd3-1a00-0000-6273-ff055d0c0000 pid=3165 execve guuid=979d46d4-1a00-0000-6273-ff055f0c0000 pid=3167 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=979d46d4-1a00-0000-6273-ff055f0c0000 pid=3167 clone guuid=7437c216-1b00-0000-6273-ff059f0c0000 pid=3231 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=7437c216-1b00-0000-6273-ff059f0c0000 pid=3231 execve guuid=6f832b17-1b00-0000-6273-ff05a00c0000 pid=3232 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=6f832b17-1b00-0000-6273-ff05a00c0000 pid=3232 clone guuid=ba86f317-1b00-0000-6273-ff05a30c0000 pid=3235 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=ba86f317-1b00-0000-6273-ff05a30c0000 pid=3235 execve guuid=199d4818-1b00-0000-6273-ff05a40c0000 pid=3236 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=199d4818-1b00-0000-6273-ff05a40c0000 pid=3236 clone guuid=b45efa5d-1b00-0000-6273-ff05fd0c0000 pid=3325 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=b45efa5d-1b00-0000-6273-ff05fd0c0000 pid=3325 execve guuid=7195375e-1b00-0000-6273-ff05fe0c0000 pid=3326 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=7195375e-1b00-0000-6273-ff05fe0c0000 pid=3326 clone guuid=e46fd55e-1b00-0000-6273-ff05000d0000 pid=3328 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=e46fd55e-1b00-0000-6273-ff05000d0000 pid=3328 execve guuid=a7864d5f-1b00-0000-6273-ff05010d0000 pid=3329 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=a7864d5f-1b00-0000-6273-ff05010d0000 pid=3329 clone guuid=71a9e9a7-1b00-0000-6273-ff05950d0000 pid=3477 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=71a9e9a7-1b00-0000-6273-ff05950d0000 pid=3477 execve guuid=692579a8-1b00-0000-6273-ff05970d0000 pid=3479 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=692579a8-1b00-0000-6273-ff05970d0000 pid=3479 clone guuid=4dbaf7a8-1b00-0000-6273-ff059a0d0000 pid=3482 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=4dbaf7a8-1b00-0000-6273-ff059a0d0000 pid=3482 execve guuid=927437a9-1b00-0000-6273-ff059c0d0000 pid=3484 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=927437a9-1b00-0000-6273-ff059c0d0000 pid=3484 clone guuid=f5ef40e7-1b00-0000-6273-ff05220e0000 pid=3618 /usr/bin/chmod guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=f5ef40e7-1b00-0000-6273-ff05220e0000 pid=3618 execve guuid=01d876e7-1b00-0000-6273-ff05240e0000 pid=3620 /usr/bin/dash guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=01d876e7-1b00-0000-6273-ff05240e0000 pid=3620 clone guuid=5aa3f9e7-1b00-0000-6273-ff05280e0000 pid=3624 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=5aa3f9e7-1b00-0000-6273-ff05280e0000 pid=3624 execve guuid=58cb39e8-1b00-0000-6273-ff05290e0000 pid=3625 /usr/bin/rm delete-file guuid=7370d8ef-1900-0000-6273-ff05d10a0000 pid=2769->guuid=58cb39e8-1b00-0000-6273-ff05290e0000 pid=3625 execve guuid=e80ba0f5-1900-0000-6273-ff05db0a0000 pid=2779 /usr/bin/busybox net send-data write-file guuid=de7690f5-1900-0000-6273-ff05da0a0000 pid=2778->guuid=e80ba0f5-1900-0000-6273-ff05db0a0000 pid=2779 execve 1d308332-b4a8-571e-bb87-6027ccfc29b6 160.250.134.51:80 guuid=e80ba0f5-1900-0000-6273-ff05db0a0000 pid=2779->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 85B guuid=8c113a45-1a00-0000-6273-ff055b0b0000 pid=2907 /usr/bin/busybox net send-data write-file guuid=27923345-1a00-0000-6273-ff055a0b0000 pid=2906->guuid=8c113a45-1a00-0000-6273-ff055b0b0000 pid=2907 execve guuid=8c113a45-1a00-0000-6273-ff055b0b0000 pid=2907->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 85B guuid=6adcf891-1a00-0000-6273-ff05cc0b0000 pid=3020 /usr/bin/busybox net send-data write-file guuid=8324e791-1a00-0000-6273-ff05cb0b0000 pid=3019->guuid=6adcf891-1a00-0000-6273-ff05cc0b0000 pid=3020 execve guuid=6adcf891-1a00-0000-6273-ff05cc0b0000 pid=3020->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 84B guuid=72c04ed4-1a00-0000-6273-ff05600c0000 pid=3168 /usr/bin/busybox net send-data write-file guuid=979d46d4-1a00-0000-6273-ff055f0c0000 pid=3167->guuid=72c04ed4-1a00-0000-6273-ff05600c0000 pid=3168 execve guuid=72c04ed4-1a00-0000-6273-ff05600c0000 pid=3168->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 85B guuid=91cb5518-1b00-0000-6273-ff05a50c0000 pid=3237 /usr/bin/busybox net send-data write-file guuid=199d4818-1b00-0000-6273-ff05a40c0000 pid=3236->guuid=91cb5518-1b00-0000-6273-ff05a50c0000 pid=3237 execve guuid=91cb5518-1b00-0000-6273-ff05a50c0000 pid=3237->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 85B guuid=5414655f-1b00-0000-6273-ff05020d0000 pid=3330 /usr/bin/busybox net send-data write-file guuid=a7864d5f-1b00-0000-6273-ff05010d0000 pid=3329->guuid=5414655f-1b00-0000-6273-ff05020d0000 pid=3330 execve guuid=5414655f-1b00-0000-6273-ff05020d0000 pid=3330->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 84B guuid=4b7045a9-1b00-0000-6273-ff059d0d0000 pid=3485 /usr/bin/busybox net send-data write-file guuid=927437a9-1b00-0000-6273-ff059c0d0000 pid=3484->guuid=4b7045a9-1b00-0000-6273-ff059d0d0000 pid=3485 execve guuid=4b7045a9-1b00-0000-6273-ff059d0d0000 pid=3485->1d308332-b4a8-571e-bb87-6027ccfc29b6 send: 88B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-19 18:16:23 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jvqam2uwnbrt4iucwxwfvbei4o5m42niatcuachublvjh3ionwiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4d60066a9668633e2282b5ec5a8488e3bace69a804c54008f40aea93ed0e6d91

(this sample)

Gafgyt

elf 6c29cf7cac95941b444a34f7b60800c3a574f3238174d7581c5d21cafe00921e

  
URLhaus
https://urlhaus.abuse.ch/url/3627169/
  
Delivery method
Distributed via web download
  
Dropping
MD5 da9f7c287b608a44d91ea3faa291da84
  
Dropping
SHA256 6c29cf7cac95941b444a34f7b60800c3a574f3238174d7581c5d21cafe00921e

Comments