MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626
SHA3-384 hash: 5068f3ba9750bbcb2b195c7aaa4cb683d53a8cb092dafd333388b4f89c9b2b6dce9e0a2f780e26918c56627d3dea6c1e
SHA1 hash: 4855c712df1e74c25d1f518f48ce7b1f9d25c5d7
MD5 hash: 5d65f901163a09315d091e7dc194785b
humanhash: uniform-orange-black-hot
File name:telnet.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'379 bytes
First seen:2026-01-04 08:01:30 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ZxyBLBnBw0BNw8BhvsoBH3Bm78BD20Bkm13BgK3BjP3B2o3BZi:Zw1Bw41hzRKQDR9rxlpI
TLSH T1D52182D851F455B7DAC8AD09B1B6C79D504EC8C73EE394E1E8DC08A2EB83090F5E671A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/x86_64b45624c3b4cf4ecc07e00097427b19dc0e0bc83e25e3afe50a5ce74e903aac76 Miraielf mirai ua-wget
http://158.94.208.27/i686b914b60bd6ed779eeee07d42598e861352e3cbb8e2377d13920d95b9d78aef10 Miraielf mirai ua-wget
http://158.94.208.27/i58637aa2c17037a3840080cf58523875ea9c690ed7151bdb93d8173ff4527d2c9f0 Miraielf mirai ua-wget
http://158.94.208.27/i486a25c180db1c0bf0c233bb7cb936b6a6202e6b5e3ab792d3bfb198e4aeab94dfb Miraielf mirai ua-wget
http://158.94.208.27/m68kb898eecac207321d32c8c9427b0ade7f408bab1b4db1292da972ab84a17d8b7e Miraielf mirai ua-wget
http://158.94.208.27/mips1cb169f9b7afe6d1169ea0cc5334cd86f2d9b4ad6992520d3ebebd9c5046a75f Miraielf mirai ua-wget
http://158.94.208.27/mipsel041a575f6849cb644373776a1e90252551a2a4305843b07b2b61d46007b42a13 Miraielf mirai ua-wget
http://158.94.208.27/powerpcc9758e8673f82badfaceb99df6f38b837e4b567f8e6aae5fd9c4b628540633dd Miraielf mirai ua-wget
http://158.94.208.27/sh42980a32ffc3407a8aa51b5600936f840a4041c1cb07c4f23a288e502ff91e2f9 Miraielf mirai ua-wget
http://158.94.208.27/armv4l6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954 Miraielf mirai ua-wget
http://158.94.208.27/armv5lb9180c611ddf84ffbb1eedb68a12c188b684bc40867ab11e78738e417e07acaa Miraielf mirai ua-wget
http://158.94.208.27/armv6l758b1a7d6126ebf7a706f0db37fe92bddd6d8bec9cf18c7e8c68ce480f697ce6 Miraielf mirai ua-wget
http://158.94.208.27/armv7l9398f4ee9fbbd3a0545c1dad7f32828a54e63dee3d9429ede67cb9b0ea6ff304 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/695a1e85127d6a14e0cefafd/reports/268e5c9c-3efa-441c-a6a7-af6fadd8b39d/overview
Verdict:
Clean
File Type:
unix shell
First seen:
2026-01-04T03:37:00Z UTC
Last seen:
2026-01-04T06:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a0a3bdff-f47f-474c-bb1a-d326f2951c4f
Behavior Graph:
Download SVG
%3 guuid=22cbc0b6-4000-0000-ba79-e16ca9030000 pid=937 /usr/bin/sudo guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938 /tmp/sample.bin guuid=22cbc0b6-4000-0000-ba79-e16ca9030000 pid=937->guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938 execve guuid=96b2adb9-4000-0000-ba79-e16cab030000 pid=939 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=96b2adb9-4000-0000-ba79-e16cab030000 pid=939 execve guuid=e326e3b9-4000-0000-ba79-e16cac030000 pid=940 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=e326e3b9-4000-0000-ba79-e16cac030000 pid=940 execve guuid=fb200bba-4000-0000-ba79-e16cad030000 pid=941 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=fb200bba-4000-0000-ba79-e16cad030000 pid=941 execve guuid=010253ba-4000-0000-ba79-e16cae030000 pid=942 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=010253ba-4000-0000-ba79-e16cae030000 pid=942 execve guuid=cc3f79ba-4000-0000-ba79-e16caf030000 pid=943 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=cc3f79ba-4000-0000-ba79-e16caf030000 pid=943 execve guuid=70c8afba-4000-0000-ba79-e16cb0030000 pid=944 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=70c8afba-4000-0000-ba79-e16cb0030000 pid=944 execve guuid=c2a2e7ba-4000-0000-ba79-e16cb1030000 pid=945 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=c2a2e7ba-4000-0000-ba79-e16cb1030000 pid=945 execve guuid=dac426bb-4000-0000-ba79-e16cb2030000 pid=946 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=dac426bb-4000-0000-ba79-e16cb2030000 pid=946 execve guuid=5d7060bb-4000-0000-ba79-e16cb3030000 pid=947 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=5d7060bb-4000-0000-ba79-e16cb3030000 pid=947 execve guuid=d6d99bbb-4000-0000-ba79-e16cb4030000 pid=948 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=d6d99bbb-4000-0000-ba79-e16cb4030000 pid=948 execve guuid=4419d2bb-4000-0000-ba79-e16cb5030000 pid=949 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=4419d2bb-4000-0000-ba79-e16cb5030000 pid=949 execve guuid=45a6febb-4000-0000-ba79-e16cb6030000 pid=950 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=45a6febb-4000-0000-ba79-e16cb6030000 pid=950 execve guuid=a91629bc-4000-0000-ba79-e16cb7030000 pid=951 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=a91629bc-4000-0000-ba79-e16cb7030000 pid=951 execve guuid=fea556bc-4000-0000-ba79-e16cb8030000 pid=952 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=fea556bc-4000-0000-ba79-e16cb8030000 pid=952 execve guuid=d63d7fbc-4000-0000-ba79-e16cb9030000 pid=953 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=d63d7fbc-4000-0000-ba79-e16cb9030000 pid=953 execve guuid=8b02a6bc-4000-0000-ba79-e16cba030000 pid=954 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=8b02a6bc-4000-0000-ba79-e16cba030000 pid=954 execve guuid=46c0d0bc-4000-0000-ba79-e16cbb030000 pid=955 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=46c0d0bc-4000-0000-ba79-e16cbb030000 pid=955 execve guuid=7191f7bc-4000-0000-ba79-e16cbc030000 pid=956 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=7191f7bc-4000-0000-ba79-e16cbc030000 pid=956 execve guuid=ac641ebd-4000-0000-ba79-e16cbd030000 pid=957 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=ac641ebd-4000-0000-ba79-e16cbd030000 pid=957 execve guuid=47126dbd-4000-0000-ba79-e16cbe030000 pid=958 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=47126dbd-4000-0000-ba79-e16cbe030000 pid=958 execve guuid=841c94bd-4000-0000-ba79-e16cbf030000 pid=959 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=841c94bd-4000-0000-ba79-e16cbf030000 pid=959 execve guuid=9526bebd-4000-0000-ba79-e16cc0030000 pid=960 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=9526bebd-4000-0000-ba79-e16cc0030000 pid=960 execve guuid=c39ae2bd-4000-0000-ba79-e16cc1030000 pid=961 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=c39ae2bd-4000-0000-ba79-e16cc1030000 pid=961 execve guuid=67b42dbe-4000-0000-ba79-e16cc2030000 pid=962 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=67b42dbe-4000-0000-ba79-e16cc2030000 pid=962 execve guuid=168153be-4000-0000-ba79-e16cc3030000 pid=963 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=168153be-4000-0000-ba79-e16cc3030000 pid=963 execve guuid=11db80be-4000-0000-ba79-e16cc4030000 pid=964 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=11db80be-4000-0000-ba79-e16cc4030000 pid=964 execve guuid=8121aabe-4000-0000-ba79-e16cc5030000 pid=965 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=8121aabe-4000-0000-ba79-e16cc5030000 pid=965 execve guuid=eb0ed1be-4000-0000-ba79-e16cc6030000 pid=966 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=eb0ed1be-4000-0000-ba79-e16cc6030000 pid=966 execve guuid=cfd0fbbe-4000-0000-ba79-e16cc7030000 pid=967 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=cfd0fbbe-4000-0000-ba79-e16cc7030000 pid=967 execve guuid=fcb729bf-4000-0000-ba79-e16cc8030000 pid=968 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=fcb729bf-4000-0000-ba79-e16cc8030000 pid=968 execve guuid=26fb76bf-4000-0000-ba79-e16cc9030000 pid=969 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=26fb76bf-4000-0000-ba79-e16cc9030000 pid=969 execve guuid=9489a0bf-4000-0000-ba79-e16cca030000 pid=970 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=9489a0bf-4000-0000-ba79-e16cca030000 pid=970 execve guuid=2d1fdabf-4000-0000-ba79-e16ccb030000 pid=971 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=2d1fdabf-4000-0000-ba79-e16ccb030000 pid=971 execve guuid=ca9501c0-4000-0000-ba79-e16ccc030000 pid=972 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=ca9501c0-4000-0000-ba79-e16ccc030000 pid=972 execve guuid=d7eb45c0-4000-0000-ba79-e16ccd030000 pid=973 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=d7eb45c0-4000-0000-ba79-e16ccd030000 pid=973 execve guuid=88a284c0-4000-0000-ba79-e16cce030000 pid=974 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=88a284c0-4000-0000-ba79-e16cce030000 pid=974 execve guuid=8e05b1c0-4000-0000-ba79-e16ccf030000 pid=975 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=8e05b1c0-4000-0000-ba79-e16ccf030000 pid=975 execve guuid=596fddc0-4000-0000-ba79-e16cd0030000 pid=976 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=596fddc0-4000-0000-ba79-e16cd0030000 pid=976 execve guuid=1b7a08c1-4000-0000-ba79-e16cd1030000 pid=977 /usr/bin/busybox guuid=400b5fb9-4000-0000-ba79-e16caa030000 pid=938->guuid=1b7a08c1-4000-0000-ba79-e16cd1030000 pid=977 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626
Threat name:
Document-HTML.Hacktool.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-04 06:02:47 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=onag3dvnzppi6efoymknvgz5wa7czisj653curbfz3nfiyqjoyta._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260104-jwydnsxrgj/
Behaviour
System Network Configuration Discovery
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 73406d8eadcbde8f10aec314da9b3db03e2ca249f7762a4425ceda5462097626

(this sample)

Mirai

elf 73ed2c3b85a3b6805b6ec88cb67bf2141b2a3bb41792ebc2df9659771e437e54

  
URLhaus
https://urlhaus.abuse.ch/url/3749992/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a907e7b7672df9ac7e866c7406939aee
  
Dropping
SHA256 73ed2c3b85a3b6805b6ec88cb67bf2141b2a3bb41792ebc2df9659771e437e54

Comments