MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2
SHA3-384 hash: 49024d5dd9c650e9bd5d3693ddeb3545c7b2a94ec330dff68265ef7431b713dcde00b5788bfcfafefb35a39897e39e78
SHA1 hash: 4d5f2980a9ddf8f7b9f6ce6af13c3ae31bd086bb
MD5 hash: 04d2e28d2fc4e8ce41d864bcf0f47da9
humanhash: floor-oscar-low-lemon
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:718 bytes
First seen:2025-08-01 12:40:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3sSUEPAQsSYIxapFEQsSvTAQsS/AK9HQsSNKAQsSU/lQsSpqqnQsSDmPQsSfq0:3J3s5ccnGaMhrK9N9cdHWvt11KySR
TLSH T15F015E8F19DB72D296AC4D9CB26BC25CE541D1C8F0F717C9E1548C649194311F0D8BB6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://66.63.187.141/larm4a2f79b984b9120fdbe336b6801f4f745751be878d22fae1200951c3671af16dd MiraiDEU elf gafgyt geofenced mirai ua-wget
http://66.63.187.141/larm5def2ada2b4b3e56153d1acfb2ff5c0c6a5ef279a026899c8b98e7e79822ffcc5 MiraiDEU elf gafgyt geofenced mirai ua-wget
http://66.63.187.141/larm6dfc1186a9e6afbe40937682af7edb89f9fb2931bdf58946354b574014a89667c Miraielf mirai ua-wget
http://66.63.187.141/larm78ddeac81221f80b234e76ee908d12d1075adcacd05b541fde9c3001839f03dbc MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lsh46205a1abcf294fd929f9335c64c0a0b77c42e1604613d110a5a99ed419a26628 Miraielf mirai ua-wget
http://66.63.187.141/larca2d0fc472eca4df3beb5008a02ada4c140418c12aaac11b38b4d41a4244ebadb Miraielf gafgyt mirai ua-wget
http://66.63.187.141/lmips2371828e7734b156b6d1a53c54970ba164c6b28e4fdc6db385ae9549ccdc3c69 MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lmpsladb5177ed548c8ef27c0bd431503021d0e3af507b7f0f865967fa3a02059165e MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lspceab8c7128e534c5e3cf8fb995bdd16aa467ce786ad8ea834df2132870927eb4f Miraielf mirai ua-wget
http://66.63.187.141/lx86584342ec4fd8fefc59c7fbfbcab72f41f277439780500f25469b92ef30a67fab Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/688cb5d432e61090868a2d9d/reports/c87c1249-a31e-456d-9c8b-2b5ac661bfd3/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/491c2a16-c242-4175-b2ec-1834b947eaa3
Behavior Graph:
Download SVG
%3 guuid=5dc8e5db-1a00-0000-a777-b6f8c40b0000 pid=3012 /usr/bin/sudo guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017 /tmp/sample.bin guuid=5dc8e5db-1a00-0000-a777-b6f8c40b0000 pid=3012->guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017 execve guuid=363303df-1a00-0000-a777-b6f8cb0b0000 pid=3019 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=363303df-1a00-0000-a777-b6f8cb0b0000 pid=3019 execve guuid=148bc2e5-1a00-0000-a777-b6f8de0b0000 pid=3038 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=148bc2e5-1a00-0000-a777-b6f8de0b0000 pid=3038 execve guuid=33bf07e6-1a00-0000-a777-b6f8e00b0000 pid=3040 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=33bf07e6-1a00-0000-a777-b6f8e00b0000 pid=3040 clone guuid=c4f81ae6-1a00-0000-a777-b6f8e10b0000 pid=3041 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=c4f81ae6-1a00-0000-a777-b6f8e10b0000 pid=3041 execve guuid=a19dc3e7-1a00-0000-a777-b6f8e80b0000 pid=3048 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=a19dc3e7-1a00-0000-a777-b6f8e80b0000 pid=3048 execve guuid=7dae00e8-1a00-0000-a777-b6f8ea0b0000 pid=3050 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=7dae00e8-1a00-0000-a777-b6f8ea0b0000 pid=3050 clone guuid=0bcf1ce8-1a00-0000-a777-b6f8ec0b0000 pid=3052 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=0bcf1ce8-1a00-0000-a777-b6f8ec0b0000 pid=3052 execve guuid=73d2f1e9-1a00-0000-a777-b6f8f10b0000 pid=3057 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=73d2f1e9-1a00-0000-a777-b6f8f10b0000 pid=3057 execve guuid=9cae50ea-1a00-0000-a777-b6f8f30b0000 pid=3059 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=9cae50ea-1a00-0000-a777-b6f8f30b0000 pid=3059 clone guuid=301974ea-1a00-0000-a777-b6f8f50b0000 pid=3061 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=301974ea-1a00-0000-a777-b6f8f50b0000 pid=3061 execve guuid=2f5c80ee-1a00-0000-a777-b6f8fe0b0000 pid=3070 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=2f5c80ee-1a00-0000-a777-b6f8fe0b0000 pid=3070 execve guuid=11a6e2ee-1a00-0000-a777-b6f8010c0000 pid=3073 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=11a6e2ee-1a00-0000-a777-b6f8010c0000 pid=3073 clone guuid=3ae6e7ee-1a00-0000-a777-b6f8020c0000 pid=3074 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=3ae6e7ee-1a00-0000-a777-b6f8020c0000 pid=3074 execve guuid=4a424af0-1a00-0000-a777-b6f8090c0000 pid=3081 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=4a424af0-1a00-0000-a777-b6f8090c0000 pid=3081 execve guuid=0e8e84f0-1a00-0000-a777-b6f80b0c0000 pid=3083 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=0e8e84f0-1a00-0000-a777-b6f80b0c0000 pid=3083 clone guuid=e0cb8df0-1a00-0000-a777-b6f80c0c0000 pid=3084 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=e0cb8df0-1a00-0000-a777-b6f80c0c0000 pid=3084 execve guuid=4caa09f4-1a00-0000-a777-b6f8190c0000 pid=3097 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=4caa09f4-1a00-0000-a777-b6f8190c0000 pid=3097 execve guuid=586146f4-1a00-0000-a777-b6f81b0c0000 pid=3099 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=586146f4-1a00-0000-a777-b6f81b0c0000 pid=3099 clone guuid=e9e04ff4-1a00-0000-a777-b6f81c0c0000 pid=3100 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=e9e04ff4-1a00-0000-a777-b6f81c0c0000 pid=3100 execve guuid=07cdc2f5-1a00-0000-a777-b6f8210c0000 pid=3105 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=07cdc2f5-1a00-0000-a777-b6f8210c0000 pid=3105 execve guuid=1fe900f6-1a00-0000-a777-b6f8230c0000 pid=3107 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=1fe900f6-1a00-0000-a777-b6f8230c0000 pid=3107 clone guuid=e4e709f6-1a00-0000-a777-b6f8240c0000 pid=3108 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=e4e709f6-1a00-0000-a777-b6f8240c0000 pid=3108 execve guuid=45bac9f7-1a00-0000-a777-b6f82b0c0000 pid=3115 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=45bac9f7-1a00-0000-a777-b6f82b0c0000 pid=3115 execve guuid=fa2700f8-1a00-0000-a777-b6f82d0c0000 pid=3117 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=fa2700f8-1a00-0000-a777-b6f82d0c0000 pid=3117 clone guuid=71c20cf8-1a00-0000-a777-b6f82e0c0000 pid=3118 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=71c20cf8-1a00-0000-a777-b6f82e0c0000 pid=3118 execve guuid=fda578f9-1a00-0000-a777-b6f8340c0000 pid=3124 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=fda578f9-1a00-0000-a777-b6f8340c0000 pid=3124 execve guuid=1b41b2f9-1a00-0000-a777-b6f8350c0000 pid=3125 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=1b41b2f9-1a00-0000-a777-b6f8350c0000 pid=3125 clone guuid=26dfbef9-1a00-0000-a777-b6f8360c0000 pid=3126 /usr/bin/curl guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=26dfbef9-1a00-0000-a777-b6f8360c0000 pid=3126 execve guuid=a85429fb-1a00-0000-a777-b6f83c0c0000 pid=3132 /usr/bin/chmod guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=a85429fb-1a00-0000-a777-b6f83c0c0000 pid=3132 execve guuid=6ed16cfb-1a00-0000-a777-b6f83e0c0000 pid=3134 /usr/bin/dash guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=6ed16cfb-1a00-0000-a777-b6f83e0c0000 pid=3134 clone guuid=5d177efb-1a00-0000-a777-b6f83f0c0000 pid=3135 /usr/bin/rm delete-file guuid=4eb298de-1a00-0000-a777-b6f8c90b0000 pid=3017->guuid=5d177efb-1a00-0000-a777-b6f83f0c0000 pid=3135 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-01 12:31:49 UTC
File Type:
Text (Shell)
AV detection:
6 of 37 (16.22%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2n27wsqtvdwhvoxr5tvrq6gd7gny72p32s7txf5vdafjzspvxza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250801-pwjheaaq5s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4e9bafda509d4763d5d78f6758c3c61fccdc7f4fdea5f9dcbda8c054e64fadf2

(this sample)

Mirai

elf c8640fa07a05733915a9debc121b15d62139199aac821430173e6a4c0605d4c0

  
URLhaus
https://urlhaus.abuse.ch/url/3594261/
  
Delivery method
Distributed via web download
  
Dropping
MD5 abfe33e45a65278e3ce44757462727c5
  
Dropping
SHA256 c8640fa07a05733915a9debc121b15d62139199aac821430173e6a4c0605d4c0

Comments