MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3
SHA3-384 hash: 1fc60d6bbcd5130e8563302a27ae259c1a61a355b3f89a2cd1626a138604bc0668d93a28d8855522031e217c5683538b
SHA1 hash: ca05f6cb5000ded4c004e73879a2679d33c88d11
MD5 hash: 1f0a117ca08c000325741e88cc3e0f9c
humanhash: hot-pizza-oregon-xray
File name:brr
Download: download sample
Signature Mirai
Create hunting rule
File size:190 bytes
First seen:2025-12-21 15:14:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjdVZfImWBFSHEom+bMUDbGBFgxAjdVZfI8QGFSHEo8QLKwoVWLDbXxjKpXDjL:L6gm9E1+bpiBFg6g8Q9ErQLKwoVWsUQh
TLSH T157C0C9DA33013B40808CB87525B6384A28E0C9071B75077F8D90C072C485934F73CA5C
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/nabmips0a88879aa3613f41f84b0bd79e7e1d5a5f536c89c99eb9422b618449f100ab2e Miraielf mirai ua-wget
http://130.12.180.64/nabmpslf62a5901c3882b255bcfd37c4c5c8988fd2139ca48e454a3cc90d5aa2c27e7d3 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6948133d3f8fdbf8e94da205/reports/32240f4a-84fa-4735-9349-a459ce51101e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-21T12:31:00Z UTC
Last seen:
2025-12-23T12:48:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e63adea6-ba4e-4c72-8c8a-ab34536858df
Behavior Graph:
Download SVG
%3 guuid=857b28ff-1a00-0000-4b0f-239f380c0000 pid=3128 /usr/bin/sudo guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135 /tmp/sample.bin guuid=857b28ff-1a00-0000-4b0f-239f380c0000 pid=3128->guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135 execve guuid=7ab28701-1b00-0000-4b0f-239f410c0000 pid=3137 /usr/bin/wget net send-data write-file guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=7ab28701-1b00-0000-4b0f-239f410c0000 pid=3137 execve guuid=45ee1b06-1b00-0000-4b0f-239f4e0c0000 pid=3150 /usr/bin/chmod guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=45ee1b06-1b00-0000-4b0f-239f4e0c0000 pid=3150 execve guuid=a85d7606-1b00-0000-4b0f-239f500c0000 pid=3152 /usr/bin/dash guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=a85d7606-1b00-0000-4b0f-239f500c0000 pid=3152 clone guuid=a7065d07-1b00-0000-4b0f-239f550c0000 pid=3157 /usr/bin/wget net send-data write-file guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=a7065d07-1b00-0000-4b0f-239f550c0000 pid=3157 execve guuid=f372f30b-1b00-0000-4b0f-239f5c0c0000 pid=3164 /usr/bin/chmod guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=f372f30b-1b00-0000-4b0f-239f5c0c0000 pid=3164 execve guuid=bff9470c-1b00-0000-4b0f-239f5e0c0000 pid=3166 /usr/bin/dash guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=bff9470c-1b00-0000-4b0f-239f5e0c0000 pid=3166 clone guuid=202bfb0c-1b00-0000-4b0f-239f620c0000 pid=3170 /usr/bin/rm delete-file guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=202bfb0c-1b00-0000-4b0f-239f620c0000 pid=3170 execve guuid=bcde4a0d-1b00-0000-4b0f-239f640c0000 pid=3172 /usr/bin/rm delete-file guuid=c4373901-1b00-0000-4b0f-239f3f0c0000 pid=3135->guuid=bcde4a0d-1b00-0000-4b0f-239f640c0000 pid=3172 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=7ab28701-1b00-0000-4b0f-239f410c0000 pid=3137->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=a7065d07-1b00-0000-4b0f-239f550c0000 pid=3157->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:33:27 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kskkfuesxrljjy54f6obkifs3nucmwtpbch3p3ah53on7vhmtkzq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmmxpasjhx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5494a2d092bc5694e3bc2f9c1520b2db68265a6f088fb7ec07eedcdfd4ec9ab3

(this sample)

Mirai

elf 1d0036aeb027b235b9d67d76a501b6b53babfc44f6af182f49c8f53d2864a5a7

  
URLhaus
https://urlhaus.abuse.ch/url/3739331/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e89c8ecf6d425947f5b674c4703913ed
  
Dropping
SHA256 1d0036aeb027b235b9d67d76a501b6b53babfc44f6af182f49c8f53d2864a5a7

Comments