MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f
SHA3-384 hash: 03a424b4931d96faae5fb00765970499846f99038c5ad3c55e8bb224bc71f436dc438d7ef5fab36aa2d100e76902eaea
SHA1 hash: 63b86a2a687ea959df1017d7dd7127063c4f6e16
MD5 hash: a2d2ddaddd667577c06c259ea65a1447
humanhash: lactose-potato-kilo-alanine
File name:res
Download: download sample
Signature Mirai
Create hunting rule
File size:298 bytes
First seen:2025-11-08 17:09:33 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hftJ+pUKUF2RVYrV/jkOYf53ICUH3FoF/fkVKhOXqIKXD73IKX+N1IEWYq1IKBKW:ZtJ+jRaV7Y7F0ghsOTh4WYO8W
TLSH T134E0C299FC530837B8B58CBA77DB2455A54B924B6E06988A728B520EEEE4960A060453
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-23.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/690f797cb2332ab627db19df/reports/e7b3cbab-eb04-44a1-a182-ca2246483b52/overview
Verdict:
Malicious
Labled as:
Bash.MiraiB.Generic
Link:
https://www.hybrid-analysis.com/sample/5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-08T14:16:00Z UTC
Last seen:
2025-11-09T01:27:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4cc496e4-ad65-4fba-a765-9430682b328f
Behavior Graph:
Download SVG
%3 guuid=e6a91876-1600-0000-532a-07696c0c0000 pid=3180 /usr/bin/sudo guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185 /tmp/sample.bin guuid=e6a91876-1600-0000-532a-07696c0c0000 pid=3180->guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185 execve guuid=3776c177-1600-0000-532a-0769720c0000 pid=3186 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=3776c177-1600-0000-532a-0769720c0000 pid=3186 execve guuid=2f85577e-1600-0000-532a-07697f0c0000 pid=3199 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=2f85577e-1600-0000-532a-07697f0c0000 pid=3199 execve guuid=f57c917e-1600-0000-532a-0769810c0000 pid=3201 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=f57c917e-1600-0000-532a-0769810c0000 pid=3201 clone guuid=fd474b7f-1600-0000-532a-0769850c0000 pid=3205 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=fd474b7f-1600-0000-532a-0769850c0000 pid=3205 execve guuid=5204917f-1600-0000-532a-0769870c0000 pid=3207 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=5204917f-1600-0000-532a-0769870c0000 pid=3207 execve guuid=5ac1eb84-1600-0000-532a-0769890c0000 pid=3209 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=5ac1eb84-1600-0000-532a-0769890c0000 pid=3209 execve guuid=d6e94385-1600-0000-532a-07698a0c0000 pid=3210 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=d6e94385-1600-0000-532a-07698a0c0000 pid=3210 clone guuid=291ff585-1600-0000-532a-07698c0c0000 pid=3212 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=291ff585-1600-0000-532a-07698c0c0000 pid=3212 execve guuid=04e35886-1600-0000-532a-07698d0c0000 pid=3213 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=04e35886-1600-0000-532a-07698d0c0000 pid=3213 execve guuid=510a748b-1600-0000-532a-07698e0c0000 pid=3214 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=510a748b-1600-0000-532a-07698e0c0000 pid=3214 execve guuid=f545df8b-1600-0000-532a-07698f0c0000 pid=3215 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=f545df8b-1600-0000-532a-07698f0c0000 pid=3215 clone guuid=753bb98d-1600-0000-532a-0769910c0000 pid=3217 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=753bb98d-1600-0000-532a-0769910c0000 pid=3217 execve guuid=6e90fe8d-1600-0000-532a-0769920c0000 pid=3218 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=6e90fe8d-1600-0000-532a-0769920c0000 pid=3218 execve guuid=48705993-1600-0000-532a-0769940c0000 pid=3220 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=48705993-1600-0000-532a-0769940c0000 pid=3220 execve guuid=fe46c393-1600-0000-532a-0769950c0000 pid=3221 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=fe46c393-1600-0000-532a-0769950c0000 pid=3221 clone guuid=ab299895-1600-0000-532a-07699a0c0000 pid=3226 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=ab299895-1600-0000-532a-07699a0c0000 pid=3226 execve guuid=e39dd995-1600-0000-532a-07699b0c0000 pid=3227 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=e39dd995-1600-0000-532a-07699b0c0000 pid=3227 execve guuid=1142299a-1600-0000-532a-0769a70c0000 pid=3239 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=1142299a-1600-0000-532a-0769a70c0000 pid=3239 execve guuid=b4a2719a-1600-0000-532a-0769a80c0000 pid=3240 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=b4a2719a-1600-0000-532a-0769a80c0000 pid=3240 clone guuid=8211019b-1600-0000-532a-0769aa0c0000 pid=3242 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=8211019b-1600-0000-532a-0769aa0c0000 pid=3242 execve guuid=fa91419b-1600-0000-532a-0769ab0c0000 pid=3243 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=fa91419b-1600-0000-532a-0769ab0c0000 pid=3243 execve guuid=8d9ea7a0-1600-0000-532a-0769b20c0000 pid=3250 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=8d9ea7a0-1600-0000-532a-0769b20c0000 pid=3250 execve guuid=c93301a1-1600-0000-532a-0769b30c0000 pid=3251 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=c93301a1-1600-0000-532a-0769b30c0000 pid=3251 clone guuid=8915caa1-1600-0000-532a-0769b50c0000 pid=3253 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=8915caa1-1600-0000-532a-0769b50c0000 pid=3253 execve guuid=f49d30a2-1600-0000-532a-0769b60c0000 pid=3254 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=f49d30a2-1600-0000-532a-0769b60c0000 pid=3254 execve guuid=55fae2a6-1600-0000-532a-0769bf0c0000 pid=3263 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=55fae2a6-1600-0000-532a-0769bf0c0000 pid=3263 execve guuid=53b933a7-1600-0000-532a-0769c20c0000 pid=3266 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=53b933a7-1600-0000-532a-0769c20c0000 pid=3266 clone guuid=4c19c1a7-1600-0000-532a-0769c60c0000 pid=3270 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=4c19c1a7-1600-0000-532a-0769c60c0000 pid=3270 execve guuid=8986fba7-1600-0000-532a-0769c80c0000 pid=3272 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=8986fba7-1600-0000-532a-0769c80c0000 pid=3272 execve guuid=1d1e71ac-1600-0000-532a-0769d10c0000 pid=3281 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=1d1e71ac-1600-0000-532a-0769d10c0000 pid=3281 execve guuid=0cecbcac-1600-0000-532a-0769d20c0000 pid=3282 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=0cecbcac-1600-0000-532a-0769d20c0000 pid=3282 clone guuid=d4ff92ad-1600-0000-532a-0769d40c0000 pid=3284 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=d4ff92ad-1600-0000-532a-0769d40c0000 pid=3284 execve guuid=e98afdad-1600-0000-532a-0769d50c0000 pid=3285 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=e98afdad-1600-0000-532a-0769d50c0000 pid=3285 execve guuid=26cf98b2-1600-0000-532a-0769d70c0000 pid=3287 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=26cf98b2-1600-0000-532a-0769d70c0000 pid=3287 execve guuid=f8fadeb2-1600-0000-532a-0769d90c0000 pid=3289 /tmp/camera.exploit guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=f8fadeb2-1600-0000-532a-0769d90c0000 pid=3289 execve guuid=fc8ff5b2-1600-0000-532a-0769db0c0000 pid=3291 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=fc8ff5b2-1600-0000-532a-0769db0c0000 pid=3291 execve guuid=1f502fb3-1600-0000-532a-0769dd0c0000 pid=3293 /usr/bin/wget net send-data write-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=1f502fb3-1600-0000-532a-0769dd0c0000 pid=3293 execve guuid=b914acb7-1600-0000-532a-0769e80c0000 pid=3304 /usr/bin/chmod guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=b914acb7-1600-0000-532a-0769e80c0000 pid=3304 execve guuid=f4a6f2b7-1600-0000-532a-0769ea0c0000 pid=3306 /usr/bin/dash guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=f4a6f2b7-1600-0000-532a-0769ea0c0000 pid=3306 clone guuid=267002b9-1600-0000-532a-0769ef0c0000 pid=3311 /usr/bin/rm delete-file guuid=26418e77-1600-0000-532a-0769710c0000 pid=3185->guuid=267002b9-1600-0000-532a-0769ef0c0000 pid=3311 execve 4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a 213.209.143.41:80 guuid=3776c177-1600-0000-532a-0769720c0000 pid=3186->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=5204917f-1600-0000-532a-0769870c0000 pid=3207->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=04e35886-1600-0000-532a-07698d0c0000 pid=3213->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B guuid=6e90fe8d-1600-0000-532a-0769920c0000 pid=3218->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=e39dd995-1600-0000-532a-07699b0c0000 pid=3227->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=fa91419b-1600-0000-532a-0769ab0c0000 pid=3243->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 142B guuid=f49d30a2-1600-0000-532a-0769b60c0000 pid=3254->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B guuid=8986fba7-1600-0000-532a-0769c80c0000 pid=3272->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B guuid=e98afdad-1600-0000-532a-0769d50c0000 pid=3285->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B guuid=8ae1ecb2-1600-0000-532a-0769da0c0000 pid=3290 /tmp/camera.exploit zombie guuid=f8fadeb2-1600-0000-532a-0769d90c0000 pid=3289->guuid=8ae1ecb2-1600-0000-532a-0769da0c0000 pid=3290 clone guuid=6eedf5b2-1600-0000-532a-0769dc0c0000 pid=3292 /tmp/camera.exploit dns net send-data zombie guuid=8ae1ecb2-1600-0000-532a-0769da0c0000 pid=3290->guuid=6eedf5b2-1600-0000-532a-0769dc0c0000 pid=3292 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=6eedf5b2-1600-0000-532a-0769dc0c0000 pid=3292->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 1080B guuid=1f502fb3-1600-0000-532a-0769dd0c0000 pid=3293->4ff2fd4b-3dd8-5d4c-bed3-6ee37e11f24a send: 141B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f
Threat name:
Linux.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2025-11-08 17:10:09 UTC
File Type:
Text (Shell)
AV detection:
18 of 37 (48.65%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ljftrabm4wiylxy7ufgsbsklhtilv4aslclmf5nbppg2yb53ljpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5a4b38802ce59185df1fa14d20c94b3cd0baf0125896c2f5a17bcdac07bb5a5f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3687030/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3686791/
  
URLhaus
https://urlhaus.abuse.ch/url/3686889/
  
URLhaus
https://urlhaus.abuse.ch/url/3687011/
  
URLhaus
https://urlhaus.abuse.ch/url/3686945/
  
URLhaus
https://urlhaus.abuse.ch/url/3686792/
  
URLhaus
https://urlhaus.abuse.ch/url/3686895/
  
URLhaus
https://urlhaus.abuse.ch/url/3686794/
  
URLhaus
https://urlhaus.abuse.ch/url/3686861/
  
URLhaus
https://urlhaus.abuse.ch/url/3687060/
  
URLhaus
https://urlhaus.abuse.ch/url/3686868/
  
URLhaus
https://urlhaus.abuse.ch/url/3686867/
  
URLhaus
https://urlhaus.abuse.ch/url/3687012/
  
URLhaus
https://urlhaus.abuse.ch/url/3686941/
  
URLhaus
https://urlhaus.abuse.ch/url/3687015/
  
URLhaus
https://urlhaus.abuse.ch/url/3686915/
  
URLhaus
https://urlhaus.abuse.ch/url/3687010/
  
URLhaus
https://urlhaus.abuse.ch/url/3686892/
  
URLhaus
https://urlhaus.abuse.ch/url/3686727/
  
URLhaus
https://urlhaus.abuse.ch/url/3686875/
  
URLhaus
https://urlhaus.abuse.ch/url/3686872/
  
URLhaus
https://urlhaus.abuse.ch/url/3687016/
  
URLhaus
https://urlhaus.abuse.ch/url/3687018/

Comments