MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588
SHA3-384 hash: 600a303f85becb3435285b65d29c7c6cb7089b84b55d7d1628b57f021c576adbd926cd886f64db73199c49b90cdff4de
SHA1 hash: 93fe0605976d7f60726515be8bfb5f0ce7e1b175
MD5 hash: 10f4292de08aac78af70a64f4f59f665
humanhash: three-pizza-mockingbird-failed
File name:n3881.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:564 bytes
First seen:2025-03-07 00:46:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:afWuE8bf0fWsQGkEd8JlrfWvEkKyEXMhfWIEqX3AWezZfWeNIxEnXSHkSfWD+Ekx:eWuE8rgWsQGkEGJlrWvEkScRWIEqnteu
TLSH T1E0F06DCC0063368684ACEC62F1F392E938108286961F5E8FFC854838C8CE924FD74BC8
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.5/nabmipsf7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886 Miraielf mirai
http://176.65.134.5/nabmpsl43e9eb915b547d4ff40678020a90e406176697f0a0f06982adf572896f8bb440 Miraielf mirai
http://176.65.134.5/nabarm0ec219b2e192aff5aad4f2c61d1757f88e5720808cd676605e39cc32d7185963 Miraielf mirai
http://176.65.134.5/nabarm5b97d3b2d55c0a8fc873da4accd60f26d45031d4a1f45d9cefdac7350bba9dc35 Miraielf mirai
http://176.65.134.5/nabarm61510d70f91ac70aae0651eccbc435e19b0ba58b7a6b199775eccd9ca6aaba761 Miraielf mirai
http://176.65.134.5/nabarm7cac6898b9cb1e97496358cc433e8f2bbc028d06612cd8d4e2014e7c67f974e03 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
159
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ca4324c8d04e92a4bf830blinux22vpnfull_triage
Tags:
mirai agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash evasive lolbin
Link:
https://www.filescan.io/uploads/67ca4211e95d0f9029e5665c/reports/0d8adc1b-d4f3-406b-b0f2-41a830c29f2d/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-07 00:47:14 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4qycqn22z4gkphd3tdkatixr6ethkv25jbk4pcaynd7lacngwea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250307-a5ajja1sbt/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4f218141bad678653ce3dcc6a04d178f8933aabaea42ae3c40c347f5804d3588

(this sample)

Mirai

elf a698d787649fe2a7dfc49250d92232c9f4b96d15076809f33cf532ca1aa513fc

  
URLhaus
https://urlhaus.abuse.ch/url/3458910/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3458683/
  
Dropping
MD5 4e2ff5e5c6fdd578c6d50e196846863c
  
Dropping
SHA256 a698d787649fe2a7dfc49250d92232c9f4b96d15076809f33cf532ca1aa513fc

Comments