MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969
SHA3-384 hash: 9fa3d3144bd93e22219a6293c0afd2e152833ef8277d04f9a642a29f652dba06bbd7a4d34fe9debd1b43524a9f41c076
SHA1 hash: fb180bdc3f071ab7265aa2726fdbcf5279975356
MD5 hash: ac710cf53fe9ad00c2c151ad41f3ea08
humanhash: cold-tennessee-six-pluto
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'108 bytes
First seen:2025-08-11 12:40:33 UTC
Last seen:2025-08-12 11:27:21 UTC
File type: sh
MIME type:text/plain
ssdeep 96:UftffDUnns3W8qjfSEFFFFFFFFFFFFFF1v11RWoosZWAkT1GB:n
TLSH T10FC1EFCB12511DB46DB3996377FAA408B9CD90961CC5AEEAE8D83DF442CCD086580FE3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.42.88.217/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget
http:///HBTs/n/an/an/a
http:///HBTs/.ksysdn/an/an/a
http:///HBTs/.udevmonn/an/an/a
http:///HBTs/.dbusdn/an/an/a
http:///HBTs/.upstartn/an/an/a
http:///HBTs/.netdn/an/an/a
http:///HBTs/.syncdn/an/an/a
http:///HBTs/.irqbaln/an/an/a
http:///HBTs/.rsysln/an/an/a
http:///HBTs/.modproben/an/an/a
http:///HBTs/.kthreaddn/an/an/a
http:///HBTs/.klogdn/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/64415374-e2c7-47d5-a138-221c2669f98c
Behavior Graph:
Download SVG
%3 guuid=362e967a-1a00-0000-9204-70c83a0e0000 pid=3642 /usr/bin/sudo guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652 /tmp/sample.bin guuid=362e967a-1a00-0000-9204-70c83a0e0000 pid=3642->guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652 execve guuid=0d65537d-1a00-0000-9204-70c8460e0000 pid=3654 /usr/bin/wget net send-data write-file guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=0d65537d-1a00-0000-9204-70c8460e0000 pid=3654 execve guuid=276af906-1b00-0000-9204-70c8e60e0000 pid=3814 /usr/bin/curl net send-data write-file guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=276af906-1b00-0000-9204-70c8e60e0000 pid=3814 execve guuid=c5480052-1b00-0000-9204-70c8ca0f0000 pid=4042 /usr/bin/cat guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=c5480052-1b00-0000-9204-70c8ca0f0000 pid=4042 execve guuid=d4bb5552-1b00-0000-9204-70c8cb0f0000 pid=4043 /usr/bin/chmod guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=d4bb5552-1b00-0000-9204-70c8cb0f0000 pid=4043 execve guuid=42569a52-1b00-0000-9204-70c8cc0f0000 pid=4044 /usr/bin/dash guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=42569a52-1b00-0000-9204-70c8cc0f0000 pid=4044 clone guuid=507d5854-1b00-0000-9204-70c8d70f0000 pid=4055 /usr/bin/wget net send-data write-file guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=507d5854-1b00-0000-9204-70c8d70f0000 pid=4055 execve guuid=57b42b9a-1b00-0000-9204-70c8db100000 pid=4315 /usr/bin/curl net guuid=e92e0a7d-1a00-0000-9204-70c8440e0000 pid=3652->guuid=57b42b9a-1b00-0000-9204-70c8db100000 pid=4315 execve 04c56e7c-282b-5750-bed9-7d1d59974342 89.42.88.217:80 guuid=0d65537d-1a00-0000-9204-70c8460e0000 pid=3654->04c56e7c-282b-5750-bed9-7d1d59974342 send: 138B guuid=276af906-1b00-0000-9204-70c8e60e0000 pid=3814->04c56e7c-282b-5750-bed9-7d1d59974342 send: 87B guuid=507d5854-1b00-0000-9204-70c8d70f0000 pid=4055->04c56e7c-282b-5750-bed9-7d1d59974342 send: 140B guuid=57b42b9a-1b00-0000-9204-70c8db100000 pid=4315->04c56e7c-282b-5750-bed9-7d1d59974342 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969
Threat name:
Linux.Downloader.ShWg
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 12:42:35 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j366hbu7xkrxtfsqkl3drl56sdwcltsor3u7gfpsh2kf2hqkzfuq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-pwx1ssbn2s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4efde3869fbaa379965052f638afbe90ec25ce4e8ee9f315f23e945d1e0ac969

(this sample)

Mirai

elf ebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f

  
URLhaus
https://urlhaus.abuse.ch/url/3592535/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3e45f23b6342b789ad0d22c33558d36c
  
Dropping
SHA256 ebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f

Comments