MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db
SHA3-384 hash: 25647960d3ad41cac406bf3f67a7cd142d106b2adaa935f243800e6800f50a48928e79376d401f3ee66ece6cc229afce
SHA1 hash: 1da4534781f8ec7694169c24c4628db0269d7b01
MD5 hash: ac275ed37855fe9914ee95a0a614a8ea
humanhash: lake-cup-july-fifteen
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:788 bytes
First seen:2026-02-22 14:50:02 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3n2snW20H2TNIfK2zKlF2FtBs2Xh2Ve2h2gV2Zs2C2Sn:MCB0WklzUIlbXE/EgYZbdS
TLSH T1940184CE216556372B6D4E94BAAEA2485980DAD236740D24DA7408B36CD4302779CF77
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.161/parm33040017d8f254824fc8ca72099977ea95d1eb0657f00fe9712ad8fe17272a17 Miraimirai opendir
http://130.12.180.161/parm5ed7d7b625e820d8ad336faaa62251ea03bc155bd5f2a23193ab154ae9212f4a3 Miraimirai opendir
http://130.12.180.161/parm6ed7d7b625e820d8ad336faaa62251ea03bc155bd5f2a23193ab154ae9212f4a3 Miraimirai opendir
http://130.12.180.161/parm7ed7d7b625e820d8ad336faaa62251ea03bc155bd5f2a23193ab154ae9212f4a3 Miraimirai opendir
http://130.12.180.161/sh42f1b2de9011fe4a9090ce869ee971ffbed76a92221bed34f918fef7736e6213f Miraimirai opendir
http://130.12.180.161/arc2f1b2de9011fe4a9090ce869ee971ffbed76a92221bed34f918fef7736e6213f Miraimirai opendir
http://130.12.180.161/mips7ea46ceb468496df2200343dccffd010c11e944392aeb12fed315613ceb76d5b Miraimirai opendir
http://130.12.180.161/mipsel7ea46ceb468496df2200343dccffd010c11e944392aeb12fed315613ceb76d5b Miraimirai opendir
http://130.12.180.161/sparcn/an/an/a
http://130.12.180.161/x86_64n/an/an/a
http://130.12.180.161/i686n/an/an/a
http://130.12.180.161/i586n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/699b17c797feb4afd651f263/reports/ea27974f-65c9-43d7-afc8-ea8c41af3b5e/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b122785c-496a-449b-9ee0-e613ebaf0f9b
Behavior Graph:
Download SVG
%3 guuid=1d1d2995-1a00-0000-254c-e10e5d0b0000 pid=2909 /usr/bin/sudo guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914 /tmp/sample.bin guuid=1d1d2995-1a00-0000-254c-e10e5d0b0000 pid=2909->guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914 execve guuid=82423b97-1a00-0000-254c-e10e630b0000 pid=2915 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=82423b97-1a00-0000-254c-e10e630b0000 pid=2915 execve guuid=8c172da6-1a00-0000-254c-e10e750b0000 pid=2933 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=8c172da6-1a00-0000-254c-e10e750b0000 pid=2933 execve guuid=a00fb8a6-1a00-0000-254c-e10e760b0000 pid=2934 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=a00fb8a6-1a00-0000-254c-e10e760b0000 pid=2934 clone guuid=d91ddca6-1a00-0000-254c-e10e770b0000 pid=2935 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=d91ddca6-1a00-0000-254c-e10e770b0000 pid=2935 execve guuid=d8fb88b6-1a00-0000-254c-e10e8a0b0000 pid=2954 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=d8fb88b6-1a00-0000-254c-e10e8a0b0000 pid=2954 execve guuid=76fac4b6-1a00-0000-254c-e10e8c0b0000 pid=2956 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=76fac4b6-1a00-0000-254c-e10e8c0b0000 pid=2956 clone guuid=d04ad1b6-1a00-0000-254c-e10e8d0b0000 pid=2957 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=d04ad1b6-1a00-0000-254c-e10e8d0b0000 pid=2957 execve guuid=5b75fbc2-1a00-0000-254c-e10ea10b0000 pid=2977 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=5b75fbc2-1a00-0000-254c-e10ea10b0000 pid=2977 execve guuid=c8b742c3-1a00-0000-254c-e10ea20b0000 pid=2978 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=c8b742c3-1a00-0000-254c-e10ea20b0000 pid=2978 clone guuid=aba74dc3-1a00-0000-254c-e10ea30b0000 pid=2979 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=aba74dc3-1a00-0000-254c-e10ea30b0000 pid=2979 execve guuid=7af066cf-1a00-0000-254c-e10ea70b0000 pid=2983 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=7af066cf-1a00-0000-254c-e10ea70b0000 pid=2983 execve guuid=eb87cdcf-1a00-0000-254c-e10ea90b0000 pid=2985 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=eb87cdcf-1a00-0000-254c-e10ea90b0000 pid=2985 clone guuid=b08be0cf-1a00-0000-254c-e10eaa0b0000 pid=2986 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=b08be0cf-1a00-0000-254c-e10eaa0b0000 pid=2986 execve guuid=697726db-1a00-0000-254c-e10ec30b0000 pid=3011 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=697726db-1a00-0000-254c-e10ec30b0000 pid=3011 execve guuid=72b262db-1a00-0000-254c-e10ec50b0000 pid=3013 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=72b262db-1a00-0000-254c-e10ec50b0000 pid=3013 clone guuid=0ea068db-1a00-0000-254c-e10ec60b0000 pid=3014 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=0ea068db-1a00-0000-254c-e10ec60b0000 pid=3014 execve guuid=707f0fe4-1a00-0000-254c-e10ed60b0000 pid=3030 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=707f0fe4-1a00-0000-254c-e10ed60b0000 pid=3030 execve guuid=80ff51e4-1a00-0000-254c-e10ed70b0000 pid=3031 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=80ff51e4-1a00-0000-254c-e10ed70b0000 pid=3031 clone guuid=6e3560e4-1a00-0000-254c-e10ed80b0000 pid=3032 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=6e3560e4-1a00-0000-254c-e10ed80b0000 pid=3032 execve guuid=182a93ed-1a00-0000-254c-e10eed0b0000 pid=3053 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=182a93ed-1a00-0000-254c-e10eed0b0000 pid=3053 execve guuid=9a47f3ed-1a00-0000-254c-e10eef0b0000 pid=3055 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=9a47f3ed-1a00-0000-254c-e10eef0b0000 pid=3055 clone guuid=2f2002ee-1a00-0000-254c-e10ef00b0000 pid=3056 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=2f2002ee-1a00-0000-254c-e10ef00b0000 pid=3056 execve guuid=8ca509f7-1a00-0000-254c-e10e0a0c0000 pid=3082 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=8ca509f7-1a00-0000-254c-e10e0a0c0000 pid=3082 execve guuid=d0325cf7-1a00-0000-254c-e10e0c0c0000 pid=3084 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=d0325cf7-1a00-0000-254c-e10e0c0c0000 pid=3084 clone guuid=bcc163f7-1a00-0000-254c-e10e0d0c0000 pid=3085 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=bcc163f7-1a00-0000-254c-e10e0d0c0000 pid=3085 execve guuid=0b7451fb-1a00-0000-254c-e10e1a0c0000 pid=3098 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=0b7451fb-1a00-0000-254c-e10e1a0c0000 pid=3098 execve guuid=3384bcfb-1a00-0000-254c-e10e1c0c0000 pid=3100 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=3384bcfb-1a00-0000-254c-e10e1c0c0000 pid=3100 clone guuid=ad48c6fb-1a00-0000-254c-e10e1d0c0000 pid=3101 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=ad48c6fb-1a00-0000-254c-e10e1d0c0000 pid=3101 execve guuid=491dd602-1b00-0000-254c-e10e2d0c0000 pid=3117 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=491dd602-1b00-0000-254c-e10e2d0c0000 pid=3117 execve guuid=09e13703-1b00-0000-254c-e10e2f0c0000 pid=3119 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=09e13703-1b00-0000-254c-e10e2f0c0000 pid=3119 clone guuid=c0bd4303-1b00-0000-254c-e10e300c0000 pid=3120 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=c0bd4303-1b00-0000-254c-e10e300c0000 pid=3120 execve guuid=ca9eb706-1b00-0000-254c-e10e3a0c0000 pid=3130 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=ca9eb706-1b00-0000-254c-e10e3a0c0000 pid=3130 execve guuid=ab241207-1b00-0000-254c-e10e3b0c0000 pid=3131 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=ab241207-1b00-0000-254c-e10e3b0c0000 pid=3131 clone guuid=69191f07-1b00-0000-254c-e10e3c0c0000 pid=3132 /usr/bin/curl net send-data guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=69191f07-1b00-0000-254c-e10e3c0c0000 pid=3132 execve guuid=7046440e-1b00-0000-254c-e10e4f0c0000 pid=3151 /usr/bin/chmod guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=7046440e-1b00-0000-254c-e10e4f0c0000 pid=3151 execve guuid=c404890e-1b00-0000-254c-e10e510c0000 pid=3153 /usr/bin/dash guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=c404890e-1b00-0000-254c-e10e510c0000 pid=3153 clone guuid=11e1940e-1b00-0000-254c-e10e520c0000 pid=3154 /usr/bin/rm delete-file guuid=bc4dfb96-1a00-0000-254c-e10e620b0000 pid=2914->guuid=11e1940e-1b00-0000-254c-e10e520c0000 pid=3154 execve fade6a17-fd72-5a16-941d-5edb5569eb73 130.12.180.161:80 guuid=82423b97-1a00-0000-254c-e10e630b0000 pid=2915->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 82B guuid=d91ddca6-1a00-0000-254c-e10e770b0000 pid=2935->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 83B guuid=d04ad1b6-1a00-0000-254c-e10e8d0b0000 pid=2957->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 83B guuid=aba74dc3-1a00-0000-254c-e10ea30b0000 pid=2979->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 83B guuid=b08be0cf-1a00-0000-254c-e10eaa0b0000 pid=2986->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 81B guuid=0ea068db-1a00-0000-254c-e10ec60b0000 pid=3014->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 81B guuid=6e3560e4-1a00-0000-254c-e10ed80b0000 pid=3032->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 82B guuid=2f2002ee-1a00-0000-254c-e10ef00b0000 pid=3056->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 84B guuid=bcc163f7-1a00-0000-254c-e10e0d0c0000 pid=3085->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 83B guuid=ad48c6fb-1a00-0000-254c-e10e1d0c0000 pid=3101->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 84B guuid=c0bd4303-1b00-0000-254c-e10e300c0000 pid=3120->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 82B guuid=69191f07-1b00-0000-254c-e10e3c0c0000 pid=3132->fade6a17-fd72-5a16-941d-5edb5569eb73 send: 82B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jy6lnmm5l53li4iefnleonk6bk3tsgul6epi6euc6q7z4cp7xhnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-r74c3aav3a/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4e3cb6b19d5f76b471042b5647355e0ab7391a8bf11e8f1282f43f9e09ffb9db

(this sample)

Mirai

elf 33040017d8f254824fc8ca72099977ea95d1eb0657f00fe9712ad8fe17272a17

  
URLhaus
https://urlhaus.abuse.ch/url/3783570/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b1ef45b6a4bcf39de13232bb66271d2b
  
Dropping
SHA256 33040017d8f254824fc8ca72099977ea95d1eb0657f00fe9712ad8fe17272a17

Comments