MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f
SHA3-384 hash:	43775ed43b51cebd004e37f4be175230ef60043075a6497b134316db62008d8b854f40456a4a5f3175387314e7005b5f
SHA1 hash:	bf8352067aef2068f431b79998d5f6d8daa75b80
MD5 hash:	c65b79d82832842acf9ef18d1cad71cd
humanhash:	early-november-hamper-ten
File name:	lil
Download:	download sample
Signature	Mirai Create hunting rule
File size:	833 bytes
First seen:	2025-09-23 04:50:58 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:pavZIGDNk/P/HDNk/P1l1hDNk/PYIjIYIMDNk/P/I4DNk/P/HDNk/v:pmZLk/xk/tPXk/g6nk/Xfk/hk/v
TLSH	T16D0112FF518DD4900E598B4D79D3C92DA10189D331C4EE4BA86E0D32BD84A5DF499F9C
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.250.134.61/lmips	8e8239ebc8b41e0cb7f7452f6293f5a5dd4d2f7bd706df0f9e399413e8df328b	Gafgyt	elf gafgyt
http://160.250.134.61/lmpsl	aea8ad044799f08ef2a9d6bf1617de28d4669ba1fea99f308550af3c87b70349	Gafgyt	elf gafgyt
http://160.250.134.61/arm	86c913791bb43de279ba0ecacbe54a5ba85bfbc96a23824ff9c6fd6644f7def7	Mirai	arm elf geofenced mirai ua-wget USA
http://160.250.134.61/arm5	0841551fe33de70d71ebe9a6b62bc95ab0b532eff3e22b642d1d070055f45c3c	Mirai	arm elf geofenced mirai ua-wget USA
http://160.250.134.61/arm7	dd42fda90826e3f259b46e9817c9449571a35a4fe6a067440adc8051c250dfa5	Mirai	arm elf geofenced mirai ua-wget USA
http://160.250.134.61/arm6	bcc19143fe5857be60de591ccb65fdae6fb810b473440d0c38d8fcea9afddd5c	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

43

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f

Verdict:

Malicious

File Type:

text

First seen:

2025-09-23T02:58:00Z UTC

Last seen:

2025-09-23T02:58:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/8ae523b9-8175-4cd4-bc89-d4ef71dda3fa

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-09-23 04:32:44 UTC

File Type:

Text (Shell)

AV detection:

13 of 38 (34.21%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=li6tx5fnqi4isfkbeyhn46pkv36zpgsgia54wxrulsrcpag2gjpq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250923-k35a8swsfz/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5a3d3bf4ad8238891541260ede79eaaefd979a46403bcb5e345ca22780da325f

(this sample)

elf 8e8239ebc8b41e0cb7f7452f6293f5a5dd4d2f7bd706df0f9e399413e8df328b

URLhaus

https://urlhaus.abuse.ch/url/3629769/

Delivery method

Distributed via web download

Dropping

MD5 1b678bbf886b92ac5e8a9340dd8a9865

Dropping

SHA256 8e8239ebc8b41e0cb7f7452f6293f5a5dd4d2f7bd706df0f9e399413e8df328b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample