MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dbb6edddbca8a72fd6b1554d5737263cf93326262c296595c7d5c3cfb1604b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4dbb6edddbca8a72fd6b1554d5737263cf93326262c296595c7d5c3cfb1604b1
SHA3-384 hash:	ab7ba675cd6284393a8ec1c2f3ec28dcdaaf67e120a93a8045b10dfe80391a9d5c9a574ae978f9ccae8f7647ccae837d
SHA1 hash:	1460416650877a66e1934a97df624a687faddf52
MD5 hash:	b8d895382ce7725fc43b505b312fd095
humanhash:	paris-hydrogen-india-bluebird
File name:	kla.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	5'101 bytes
First seen:	2026-02-26 15:17:15 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:2RKhEcfEnsTE11XACXAkjLNxz7XfNx3/pN3V:2Mu
TLSH	T14EB150C922930AB43DE7DC2371AA8814B5C8B186EDC58F15E0DCF4FA658DF097941AB3
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.148.120.23/bins/px86	cc4f1e1578165b42103d59dae083d27107599c75462477ecaa1923bcd0684097	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/pmips	cf1b3c8d3fa0c89c58af0e7f48eddd1d8c206bd002d1accb0af540a6e2921bee	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/pmpsl	8dc52499441b6194c01a41a006a486098a8e48f9ca4c06f415e3e53969b89207	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/parm	cefdc085851a7317ef39e5df0c5bf71f34ed557ae3691f9518d9e7277e89325f	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/parm5	981f05a7e5352b228cfd175fcdcb27e5c066fbf21b2e942680922b87856ef431	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/parm6	b410fb0b506772a33b2ce29b4f13ad9af1c38c513b10ac310f58faab65a3165f	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/parm7	3b15e851ec9b5d6a1d8122e3ec60b47b251051df98cb3f1dda492764422d0ed8	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/pm68k	f5db4505f9723b43e7332cbed2f9da2d60c323306bf9dd2f9e4e082c140aaf92	Mirai	elf mirai ua-wget
http://45.148.120.23/bins/psh4	521d9724680423f45631397d4185cd6be86abef5489eaab8be647cbf54186865	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox mirai

Link:

https://www.filescan.io/uploads/69a063fd10e80629d4f3e6f9/reports/e255b132-8d44-4c26-a106-7924a9204858/overview

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/5584f20f-4907-4bda-88e7-1885a45bfb57

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4dbb6edddbca8a72fd6b1554d5737263cf93326262c296595c7d5c3cfb1604b1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4dbb6edddbca8a72fd6b1554d5737263cf93326262c296595c7d5c3cfb1604b1/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-26 15:18:23 UTC

File Type:

Text (Shell)

AV detection:

5 of 36 (13.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jw5w5xo3zkfhf7llcvknk43smphzgmtcmlbjmwk4pvodz6ywasyq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/260226-sn58zsgv6b/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

UPX packed file

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/4dbb6edddbca/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4dbb6edddbca8a72fd6b1554d5737263cf93326262c296595c7d5c3cfb1604b1

(this sample)

Mirai

elf 43d1a78981f79627abee0e9ef40e6ae85b13b8a18a07c013aef529541af47439

Mirai

elf cc4f1e1578165b42103d59dae083d27107599c75462477ecaa1923bcd0684097

URLhaus

https://urlhaus.abuse.ch/url/3761924/

Delivery method

Distributed via web download

Dropping

MD5 2fd2f1b7b01bfb01b38f0bc756ecf816

Dropping

SHA256 cc4f1e1578165b42103d59dae083d27107599c75462477ecaa1923bcd0684097

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample