MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae
SHA3-384 hash: d12db8d1989d7c3fa3bcce6fb643f05a253b5d0ea42ed0f80102ad25cb2ab01efe46cdfc2c2b2fbe6e9bbf49095a70c9
SHA1 hash: af1fe0251a9df605fdd71ea8f1e7413e9b211837
MD5 hash: e424f4f1c1563f4c1a0f3a74b4ec3b91
humanhash: bacon-eleven-comet-friend
File name:bins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:398 bytes
First seen:2026-01-23 07:36:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SJDO2ebAhTu/DO2QSA1qDO2Saa6A3UDOTAASPnD1DOa6AAhDOo1A+eX4y:gD+QUDUSYqDO61DkQ/D1D8TDJ1YXT
TLSH T19FE0ED8E64126782C6ABEE3BE063DC10F00BDBC105401F00F0C4AA37BCD8A893011AF9
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://bigbins.rebirth.st/armbda8da9591a4cddac8c94a60a84c012f7686855b8444465ec9b43a1b5b17eac1 Miraielf ua-wget
http://bigbins.rebirth.st/arm5974dfaab25bc4d94c689627e71183c128e6480f7cf1de13da329d4286a459dd9 Miraielf ua-wget
http://bigbins.rebirth.st/arm76e6a2aa1f7858271d1926469a933bee846f5abf1da1661fc86d6954e885020a5 Miraielf ua-wget
http://bigbins.rebirth.st/mipssn/an/aelf ua-wget
http://bigbins.rebirth.st/mipsel15da48c82e7b95da9e8c23c1ff0c90e70578da4a521a768dec60528d29235b37 Miraielf ua-wget
http://bigbins.rebirth.st/x86_647a6ee78590313d7bb4d4a874cf76c71634e49939abfacbd34faba205b74e4063 Miraielf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive expand lolbin mirai
Link:
https://www.filescan.io/uploads/6973253455805a763ff202fb/reports/1647a6dd-fb54-4a5f-ae0d-3ec073907615/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-23T04:50:00Z UTC
Last seen:
2026-01-24T04:22:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b84484b4-185e-44af-8cfe-c3263d2c1a96
Behavior Graph:
Download SVG
%3 guuid=9361c43b-1600-0000-bfaf-5d2c8d0c0000 pid=3213 /usr/bin/sudo guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220 /tmp/sample.bin guuid=9361c43b-1600-0000-bfaf-5d2c8d0c0000 pid=3213->guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220 execve guuid=cb0ef43d-1600-0000-bfaf-5d2c960c0000 pid=3222 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=cb0ef43d-1600-0000-bfaf-5d2c960c0000 pid=3222 execve guuid=1191ed51-1600-0000-bfaf-5d2cac0c0000 pid=3244 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=1191ed51-1600-0000-bfaf-5d2cac0c0000 pid=3244 execve guuid=e4327b52-1600-0000-bfaf-5d2cad0c0000 pid=3245 /usr/bin/dash guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=e4327b52-1600-0000-bfaf-5d2cad0c0000 pid=3245 clone guuid=ec048c53-1600-0000-bfaf-5d2caf0c0000 pid=3247 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=ec048c53-1600-0000-bfaf-5d2caf0c0000 pid=3247 execve guuid=aa4ca463-1600-0000-bfaf-5d2cd00c0000 pid=3280 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=aa4ca463-1600-0000-bfaf-5d2cd00c0000 pid=3280 execve guuid=bf0ff663-1600-0000-bfaf-5d2cd10c0000 pid=3281 /usr/bin/dash guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=bf0ff663-1600-0000-bfaf-5d2cd10c0000 pid=3281 clone guuid=e319b766-1600-0000-bfaf-5d2cd90c0000 pid=3289 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=e319b766-1600-0000-bfaf-5d2cd90c0000 pid=3289 execve guuid=a0cbfd76-1600-0000-bfaf-5d2cfb0c0000 pid=3323 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=a0cbfd76-1600-0000-bfaf-5d2cfb0c0000 pid=3323 execve guuid=7e984877-1600-0000-bfaf-5d2cfc0c0000 pid=3324 /usr/bin/dash guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=7e984877-1600-0000-bfaf-5d2cfc0c0000 pid=3324 clone guuid=cb73e977-1600-0000-bfaf-5d2cfe0c0000 pid=3326 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=cb73e977-1600-0000-bfaf-5d2cfe0c0000 pid=3326 execve guuid=6eb7818c-1600-0000-bfaf-5d2c270d0000 pid=3367 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=6eb7818c-1600-0000-bfaf-5d2c270d0000 pid=3367 execve guuid=69c9d98c-1600-0000-bfaf-5d2c290d0000 pid=3369 /usr/bin/dash guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=69c9d98c-1600-0000-bfaf-5d2c290d0000 pid=3369 clone guuid=e08e528d-1600-0000-bfaf-5d2c2c0d0000 pid=3372 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=e08e528d-1600-0000-bfaf-5d2c2c0d0000 pid=3372 execve guuid=dfe411bf-1600-0000-bfaf-5d2ca60d0000 pid=3494 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=dfe411bf-1600-0000-bfaf-5d2ca60d0000 pid=3494 execve guuid=f20e80bf-1600-0000-bfaf-5d2ca70d0000 pid=3495 /usr/bin/dash guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=f20e80bf-1600-0000-bfaf-5d2ca70d0000 pid=3495 clone guuid=0720b8c0-1600-0000-bfaf-5d2ca90d0000 pid=3497 /usr/bin/wget dns net send-data write-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=0720b8c0-1600-0000-bfaf-5d2ca90d0000 pid=3497 execve guuid=636fd4e3-1600-0000-bfaf-5d2ccf0d0000 pid=3535 /usr/bin/chmod guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=636fd4e3-1600-0000-bfaf-5d2ccf0d0000 pid=3535 execve guuid=1c9f67e4-1600-0000-bfaf-5d2cd10d0000 pid=3537 /home/sandbox/x86_64 guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=1c9f67e4-1600-0000-bfaf-5d2cd10d0000 pid=3537 execve guuid=49eb9ae4-1600-0000-bfaf-5d2cd20d0000 pid=3538 /usr/bin/rm delete-file guuid=7f56a03d-1600-0000-bfaf-5d2c940c0000 pid=3220->guuid=49eb9ae4-1600-0000-bfaf-5d2cd20d0000 pid=3538 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=cb0ef43d-1600-0000-bfaf-5d2c960c0000 pid=3222->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B 8284839a-da90-562d-a53b-57e65fd0775b bigbins.rebirth.st:0 guuid=cb0ef43d-1600-0000-bfaf-5d2c960c0000 pid=3222->8284839a-da90-562d-a53b-57e65fd0775b con 0d250153-8175-5679-98e6-d501edd3d7d1 bigbins.rebirth.st:80 guuid=cb0ef43d-1600-0000-bfaf-5d2c960c0000 pid=3222->0d250153-8175-5679-98e6-d501edd3d7d1 send: 136B guuid=ec048c53-1600-0000-bfaf-5d2caf0c0000 pid=3247->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=ec048c53-1600-0000-bfaf-5d2caf0c0000 pid=3247->8284839a-da90-562d-a53b-57e65fd0775b con guuid=ec048c53-1600-0000-bfaf-5d2caf0c0000 pid=3247->0d250153-8175-5679-98e6-d501edd3d7d1 send: 137B guuid=e319b766-1600-0000-bfaf-5d2cd90c0000 pid=3289->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=e319b766-1600-0000-bfaf-5d2cd90c0000 pid=3289->8284839a-da90-562d-a53b-57e65fd0775b con guuid=e319b766-1600-0000-bfaf-5d2cd90c0000 pid=3289->0d250153-8175-5679-98e6-d501edd3d7d1 send: 137B guuid=cb73e977-1600-0000-bfaf-5d2cfe0c0000 pid=3326->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=cb73e977-1600-0000-bfaf-5d2cfe0c0000 pid=3326->8284839a-da90-562d-a53b-57e65fd0775b con guuid=cb73e977-1600-0000-bfaf-5d2cfe0c0000 pid=3326->0d250153-8175-5679-98e6-d501edd3d7d1 send: 138B guuid=e08e528d-1600-0000-bfaf-5d2c2c0d0000 pid=3372->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=e08e528d-1600-0000-bfaf-5d2c2c0d0000 pid=3372->8284839a-da90-562d-a53b-57e65fd0775b con guuid=e08e528d-1600-0000-bfaf-5d2c2c0d0000 pid=3372->0d250153-8175-5679-98e6-d501edd3d7d1 send: 139B guuid=0720b8c0-1600-0000-bfaf-5d2ca90d0000 pid=3497->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=0720b8c0-1600-0000-bfaf-5d2ca90d0000 pid=3497->8284839a-da90-562d-a53b-57e65fd0775b con guuid=0720b8c0-1600-0000-bfaf-5d2ca90d0000 pid=3497->0d250153-8175-5679-98e6-d501edd3d7d1 send: 139B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-23 07:37:32 UTC
File Type:
Text (Shell)
AV detection:
3 of 36 (8.33%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kp6umy6nz5l456aoum2jj45zqktpxx6kamdgabuwuhd67wwc7gxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260123-jf5staey7a/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 53fd4663cdcf57cef80ea33494f3b982a6fbdfca0306600696a1c7efdac2f9ae

(this sample)

Mirai

elf bda8da9591a4cddac8c94a60a84c012f7686855b8444465ec9b43a1b5b17eac1

  
URLhaus
https://urlhaus.abuse.ch/url/3762027/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3761954/
  
Dropping
MD5 15dc9655c73c0dc67ce4b1f03e88932e
  
Dropping
SHA256 bda8da9591a4cddac8c94a60a84c012f7686855b8444465ec9b43a1b5b17eac1
  
URLhaus
https://urlhaus.abuse.ch/url/3762031/

Comments