MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2
SHA3-384 hash: d6a640195a65c65d6ec4d8a419ee4892829fa1d7f42755dbd40e7f227f8b3ba243a1a64f7c9a534205838fa717de5bdc
SHA1 hash: 3c5966dd1b22906a1ec4f29154739824cb56330f
MD5 hash: 6515baa97ac936930b3464f5691f69b3
humanhash: sad-echo-oregon-bakerloo
File name:dvr
Download: download sample
Signature Mirai
Create hunting rule
File size:1'582 bytes
First seen:2025-09-03 04:14:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:sF+l/2rvQT/2emc/2gAd/25HBtl/2n8t/226s/2MX/2Df7/2lR/2zu2O/2L:eiF7JcN8K8t5PSLAUuZg
TLSH T1503181CA54A096B67CE49E8B756AC80E7016E58E1DCA5F89DECC31FD58DCD81B061703
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.177.197.168/x86_647e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f Miraielf mirai
http://139.177.197.168/mpsl73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f Miraielf mirai
http://139.177.197.168/mips4e589892f95fe0035dbda7f3c189adee300dd94ee2de6bff873822f450080696 Miraielf mirai
http://139.177.197.168/arm4a2d3763d65108aea92fcbea331ae846d7f9d4ce0e8da0102b807b74eaecc7b7b Miraielf mirai
http://139.177.197.168/arm54b556c1816c13581e8391b6db17a9c1b1541adb871a29885129883e85f23b41a Miraielf mirai
http://139.177.197.168/arm6d36f3c629742f780da8f8a520381eb82bd8b3df8ad89a3b95d133354b3c836f0 Miraielf mirai
http://139.177.197.168/arm71037110be4c7ed0ab6be853d1bf99d95faac02e9ffdb5b3e8420ad5c3750bd8d Gafgytbotnet gafgyt mirai
http://139.177.197.168/m68kn/an/aelf mirai
http://139.177.197.168/x865356de50d524ed4ff2f4c815ee2e0d389542df51eda110feca31615e4aca7c31 Miraielf mirai
http://139.177.197.168/spcb23980490a512200d8d9b799a7f6a11279859862a5a151730a9548bdd079565e Gafgytelf mirai
http://139.177.197.168/ppcc2d57db0733962630a62af61e4c5150469715c967439ab17b224a5e0e28e8915 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68b7c18c39a6221faa7bc71d/reports/516af4b5-6b13-47b2-8ef2-a7cf945f0f2e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2
Verdict:
Malicious
File Type:
text
First seen:
2024-04-14T16:45:00Z UTC
Last seen:
2024-04-14T16:45:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0aca9411-94da-449f-87d4-b6ba84fbe285
Behavior Graph:
Download SVG
%3 guuid=f6eda209-1b00-0000-11e4-fe5ada0c0000 pid=3290 /usr/bin/sudo guuid=9111590b-1b00-0000-11e4-fe5ae10c0000 pid=3297 /tmp/sample.bin guuid=f6eda209-1b00-0000-11e4-fe5ada0c0000 pid=3290->guuid=9111590b-1b00-0000-11e4-fe5ae10c0000 pid=3297 execve guuid=e09da60b-1b00-0000-11e4-fe5ae30c0000 pid=3299 /usr/bin/rm guuid=9111590b-1b00-0000-11e4-fe5ae10c0000 pid=3297->guuid=e09da60b-1b00-0000-11e4-fe5ae30c0000 pid=3299 execve guuid=5f54490c-1b00-0000-11e4-fe5ae60c0000 pid=3302 /usr/bin/busybox guuid=9111590b-1b00-0000-11e4-fe5ae10c0000 pid=3297->guuid=5f54490c-1b00-0000-11e4-fe5ae60c0000 pid=3302 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-07-04 04:23:08 UTC
File Type:
Text (Shell)
AV detection:
17 of 36 (47.22%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j67n3s32hg7kjt2z5wkxlxcghd5i4vt4554c2qy77264xem2p7za._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250903-eye8naeq81/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4fbeddcb7a39bea4cf59ed9575dc4638fa8e567cef782d431ffebdcb919a7ff2

(this sample)

Mirai

elf 7e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f

  
URLhaus
https://urlhaus.abuse.ch/url/3615965/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fcfef12901b0eb48e34e9a238d163089
  
Dropping
SHA256 7e0d2f07bd4352603e9e99a4aedc597448dc02f75cb2c14928226b4551ae403f

Comments