MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53481078d0091b99c1102b01149e3034c190995ebea21fc26f8899c7fcd2452d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53481078d0091b99c1102b01149e3034c190995ebea21fc26f8899c7fcd2452d
SHA3-384 hash: 2a09c65094f8f0fd5f877d82244f5a042abcf8111dc6d0a2a509fe847d099951bddababa35e15231c20eb615c61890be
SHA1 hash: 985aa8f686b0fa7ad4bcce225044722e3e2516a4
MD5 hash: 752753133c56ecaf27339242cce1b37e
humanhash: cola-lake-grey-zulu
File name:f
Download: download sample
Signature Mirai
Create hunting rule
File size:2'106 bytes
First seen:2026-04-15 21:31:46 UTC
Last seen:2026-04-16 05:07:16 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:mDf7DIH7Dr7DW7D57DO7DJ7Di7De7Dh7DzGDfGDIHGDrGDWGD5GDOGDJGDiGDeG0:mDf7D47Dr7DW7D57DO7DJ7Di7De7Dh7/
TLSH T13B41205E01493C84C04CD43A3397861EB0A85BDA18AF4B97AEE405BD90F8CCE7935E4A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://93.95.115.14/splarm889648ff2939921071925b0b2da652784e939fd3b42e6c775e2fe7644a83cec7 Miraiarm elf mirai ua-wget
http://93.95.115.14/splarm553bae1d7791fa29270ff00f59b3a32b2f676c699f1ebd77d7f681cabe87d3232 Miraiarm elf mirai ua-wget
http://93.95.115.14/splarm68af3bba4ba06cf7fde6e50a4a1312f3acc9975e5c6b078cad8a98c8fc8915e36 Miraiarm elf mirai ua-wget
http://93.95.115.14/splarm7f625fb09f4e2b0f0293eaf262a7e9d19ef2973792249c8eec139876c73ac212f Miraiarm elf mirai ua-wget
http://93.95.115.14/splm68k54dd4bf12c8fb35b09df06f3de33ab8dfff5e5cb682d1f38baf532f5716396ed Miraielf m68k mirai ua-wget
http://93.95.115.14/splmipscb8d90fad2651742d19e49bf137ac8f08b2b27a86bd21423b9581a9029a3200e Miraielf mips mirai ua-wget
http://93.95.115.14/splmpsla54e6668cd82259813246bdab7b9b028eb670c016d991f361caff7aaf98b0e38 Miraielf mips mirai ua-wget
http://93.95.115.14/splppcbdf829d6547f18c50fd48ad9a5f8776632c30107da4a0143d77248538466535b Miraielf mirai PowerPC ua-wget
http://93.95.115.14/splsh4173af8c8680cdf956849932df46300f3aee391bcc5aca2610fbb4e909f7a71e6 Miraielf mirai SuperH ua-wget
http://93.95.115.14/splspc558174cf658e20e4a889a6d64667d9db05e1bfecefa9890f0ff6677032fa3c49 Miraielf mirai sparc ua-wget
http://93.95.115.14/splx8618b6f291240a98103a3a4dd12ae63202b3d009fab5d5f49fb90deac0b495c77b Miraielf mirai ua-wget x86

Intelligence

File Origin
# of uploads :
65
# of downloads :
13
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/69e06fc2799d5bf325018fc6/reports/efe615bf-35c2-45a8-a225-aa161e76da9f/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-15T18:45:00Z UTC
Last seen:
2026-04-16T03:36:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/53481078d0091b99c1102b01149e3034c190995ebea21fc26f8899c7fcd2452d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/280722d7-e8ff-4bb7-a668-8430a857048c
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/53481078d0091b99c1102b01149e3034c190995ebea21fc26f8899c7fcd2452d
Gathering data
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-04-15 22:48:57 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kneba6gqbenztqiqfmarjhrqgtazbgk6x2rb7qtprcm4p7gsiuwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 53481078d0091b99c1102b01149e3034c190995ebea21fc26f8899c7fcd2452d

(this sample)

Mirai

elf 889648ff2939921071925b0b2da652784e939fd3b42e6c775e2fe7644a83cec7

  
URLhaus
https://urlhaus.abuse.ch/url/3822950/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d28513c57588d0262bc039e77245d70f
  
Dropping
SHA256 889648ff2939921071925b0b2da652784e939fd3b42e6c775e2fe7644a83cec7

Comments