MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8
SHA3-384 hash: 5063e33fdf9c84214b3f2e972b6f394d4cf2aa22ccb81f28d8a1e2ed6178daae19b906cbad874d6053e3f1bda52afd5e
SHA1 hash: 67524eb382fc372dbd3aff1f7a083c58ced1d7fc
MD5 hash: 99be43e6da8dc2d592aff31a86a6689f
humanhash: autumn-potato-island-thirteen
File name:busybox.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'078 bytes
First seen:2025-06-29 22:52:02 UTC
Last seen:2025-06-30 10:06:08 UTC
File type: sh
MIME type:text/plain
ssdeep 24:yaBiSaBpSaBYGNIN/SaBMKnSaBGSaBPSaBdQSaBwZSaBFlSaBSSaBr1U:yaBiSaBpSaBQSaBMsSaBGSaBPSaBdQSR
TLSH T1E2118EDF0159792304399D5174256819B9AEC6E4B8E48A18F8CDC6B3EBB983C65B0F48
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://api.chanlevip.site/skibidi/cutearme8a2007f726373f3ab9c26fbd0da9a0ab9432de9657b0e9d21963ca255ef649c Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutearm56826c146e45304506c616518c6c35b38bd556bc14edd6dbeaaa1c9fa915aa964 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutearm618c3c243c39f09f3ff6caea44607cf9cdf18c113c97574b29eb0dec2648d9a75 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutearm783d6be2c21b1875029e42430450f9ae32392cfeb57dd5c8e2c7196a822c220b2 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutem68kfb0e3a8fa69b5466273abbb40fe4a4a5f5a043581a0b429b6265cbb725217d89 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutemipse6c7f7799fff67f2464a74eb3e78a4cfb46368fe16792d83855eb2896c4d95ea Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutempsld94c14e9241c0c918726b5b10a3dfc5fc3d55baadbe91688fa2f7be3ed7b2ad3 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutepowerpcn/an/an/a
http://api.chanlevip.site/skibidi/cutesh48f56c46013d66fd63e96eabea5c37ef266d0a9dcd523fe566d6247f14a818826 Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutex8635ea949b87d8d18df1c660357ce6fe966d9f3c4f2d7f7660f61ff48ee8ec55cb Miraielf mirai ua-wget
http://api.chanlevip.site/skibidi/cutex86_64d5a3f32567d026b8af40102db17912a6e8638304377edcb9dd6ed3972b3d158e Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32158.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6861c3b637c34367794768e5linux22vpnfull_triage
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6861c3af45e80b29f8a51121/reports/a838ae19-1a61-44c6-b2fc-0730475eb60d/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8dc6bd36-810f-4645-85ca-e95bec54a32b
Behavior Graph:
Download SVG
%3 guuid=8897496c-1a00-0000-2c15-fe925b0b0000 pid=2907 /usr/bin/sudo guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914 /tmp/sample.bin guuid=8897496c-1a00-0000-2c15-fe925b0b0000 pid=2907->guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914 execve guuid=20d7f56e-1a00-0000-2c15-fe92640b0000 pid=2916 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=20d7f56e-1a00-0000-2c15-fe92640b0000 pid=2916 execve guuid=9b29beb5-1a00-0000-2c15-fe92d60b0000 pid=3030 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=9b29beb5-1a00-0000-2c15-fe92d60b0000 pid=3030 execve guuid=e52729b6-1a00-0000-2c15-fe92d80b0000 pid=3032 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=e52729b6-1a00-0000-2c15-fe92d80b0000 pid=3032 clone guuid=23600db7-1a00-0000-2c15-fe92dc0b0000 pid=3036 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=23600db7-1a00-0000-2c15-fe92dc0b0000 pid=3036 execve guuid=71776dfd-1a00-0000-2c15-fe92190c0000 pid=3097 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=71776dfd-1a00-0000-2c15-fe92190c0000 pid=3097 execve guuid=bf0c8cfe-1a00-0000-2c15-fe921b0c0000 pid=3099 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=bf0c8cfe-1a00-0000-2c15-fe921b0c0000 pid=3099 clone guuid=40c85401-1b00-0000-2c15-fe92210c0000 pid=3105 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=40c85401-1b00-0000-2c15-fe92210c0000 pid=3105 execve guuid=0cad5c52-1b00-0000-2c15-fe92950c0000 pid=3221 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=0cad5c52-1b00-0000-2c15-fe92950c0000 pid=3221 execve guuid=f999b452-1b00-0000-2c15-fe92960c0000 pid=3222 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=f999b452-1b00-0000-2c15-fe92960c0000 pid=3222 clone guuid=760ce053-1b00-0000-2c15-fe92980c0000 pid=3224 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=760ce053-1b00-0000-2c15-fe92980c0000 pid=3224 execve guuid=92269a99-1b00-0000-2c15-fe92f70c0000 pid=3319 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=92269a99-1b00-0000-2c15-fe92f70c0000 pid=3319 execve guuid=4791019a-1b00-0000-2c15-fe92f80c0000 pid=3320 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=4791019a-1b00-0000-2c15-fe92f80c0000 pid=3320 clone guuid=38a9ca9a-1b00-0000-2c15-fe92fb0c0000 pid=3323 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=38a9ca9a-1b00-0000-2c15-fe92fb0c0000 pid=3323 execve guuid=1bc72ae0-1b00-0000-2c15-fe925e0d0000 pid=3422 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=1bc72ae0-1b00-0000-2c15-fe925e0d0000 pid=3422 execve guuid=133492e0-1b00-0000-2c15-fe92600d0000 pid=3424 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=133492e0-1b00-0000-2c15-fe92600d0000 pid=3424 clone guuid=e55e33e1-1b00-0000-2c15-fe92640d0000 pid=3428 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=e55e33e1-1b00-0000-2c15-fe92640d0000 pid=3428 execve guuid=f3f7e526-1c00-0000-2c15-fe92ef0d0000 pid=3567 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=f3f7e526-1c00-0000-2c15-fe92ef0d0000 pid=3567 execve guuid=32e56427-1c00-0000-2c15-fe92f10d0000 pid=3569 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=32e56427-1c00-0000-2c15-fe92f10d0000 pid=3569 clone guuid=73204928-1c00-0000-2c15-fe92f50d0000 pid=3573 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=73204928-1c00-0000-2c15-fe92f50d0000 pid=3573 execve guuid=69f55073-1c00-0000-2c15-fe92830e0000 pid=3715 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=69f55073-1c00-0000-2c15-fe92830e0000 pid=3715 execve guuid=b727b473-1c00-0000-2c15-fe92850e0000 pid=3717 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=b727b473-1c00-0000-2c15-fe92850e0000 pid=3717 clone guuid=81365e75-1c00-0000-2c15-fe928a0e0000 pid=3722 /usr/bin/busybox dns net send-data guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=81365e75-1c00-0000-2c15-fe928a0e0000 pid=3722 execve guuid=f4808694-1c00-0000-2c15-fe92de0e0000 pid=3806 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=f4808694-1c00-0000-2c15-fe92de0e0000 pid=3806 execve guuid=5192cd94-1c00-0000-2c15-fe92e10e0000 pid=3809 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=5192cd94-1c00-0000-2c15-fe92e10e0000 pid=3809 clone guuid=dcccde94-1c00-0000-2c15-fe92e20e0000 pid=3810 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=dcccde94-1c00-0000-2c15-fe92e20e0000 pid=3810 execve guuid=e724c4db-1c00-0000-2c15-fe92900f0000 pid=3984 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=e724c4db-1c00-0000-2c15-fe92900f0000 pid=3984 execve guuid=db3917dc-1c00-0000-2c15-fe92910f0000 pid=3985 /usr/bin/dash guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=db3917dc-1c00-0000-2c15-fe92910f0000 pid=3985 clone guuid=0d8c0bde-1c00-0000-2c15-fe929a0f0000 pid=3994 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=0d8c0bde-1c00-0000-2c15-fe929a0f0000 pid=3994 execve guuid=ac00d541-1d00-0000-2c15-fe9201100000 pid=4097 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=ac00d541-1d00-0000-2c15-fe9201100000 pid=4097 execve guuid=ae631142-1d00-0000-2c15-fe9203100000 pid=4099 /home/sandbox/cutex86 guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=ae631142-1d00-0000-2c15-fe9203100000 pid=4099 execve guuid=2cda3c42-1d00-0000-2c15-fe9204100000 pid=4100 /usr/bin/busybox dns net send-data write-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=2cda3c42-1d00-0000-2c15-fe9204100000 pid=4100 execve guuid=943a698b-1d00-0000-2c15-fe92db100000 pid=4315 /usr/bin/chmod guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=943a698b-1d00-0000-2c15-fe92db100000 pid=4315 execve guuid=0de5b68b-1d00-0000-2c15-fe92de100000 pid=4318 /home/sandbox/cutex86_64 guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=0de5b68b-1d00-0000-2c15-fe92de100000 pid=4318 execve guuid=7335cc8b-1d00-0000-2c15-fe92df100000 pid=4319 /usr/bin/rm delete-file guuid=3d18a26e-1a00-0000-2c15-fe92620b0000 pid=2914->guuid=7335cc8b-1d00-0000-2c15-fe92df100000 pid=4319 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=20d7f56e-1a00-0000-2c15-fe92640b0000 pid=2916->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B 4d9068d8-ee22-5c1e-9951-e6b016652133 api.chanlevip.site:80 guuid=20d7f56e-1a00-0000-2c15-fe92640b0000 pid=2916->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 96B guuid=23600db7-1a00-0000-2c15-fe92dc0b0000 pid=3036->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=23600db7-1a00-0000-2c15-fe92dc0b0000 pid=3036->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=40c85401-1b00-0000-2c15-fe92210c0000 pid=3105->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=40c85401-1b00-0000-2c15-fe92210c0000 pid=3105->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=760ce053-1b00-0000-2c15-fe92980c0000 pid=3224->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=760ce053-1b00-0000-2c15-fe92980c0000 pid=3224->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=38a9ca9a-1b00-0000-2c15-fe92fb0c0000 pid=3323->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=38a9ca9a-1b00-0000-2c15-fe92fb0c0000 pid=3323->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=e55e33e1-1b00-0000-2c15-fe92640d0000 pid=3428->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=e55e33e1-1b00-0000-2c15-fe92640d0000 pid=3428->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=73204928-1c00-0000-2c15-fe92f50d0000 pid=3573->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=73204928-1c00-0000-2c15-fe92f50d0000 pid=3573->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 97B guuid=81365e75-1c00-0000-2c15-fe928a0e0000 pid=3722->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=81365e75-1c00-0000-2c15-fe928a0e0000 pid=3722->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 100B guuid=dcccde94-1c00-0000-2c15-fe92e20e0000 pid=3810->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=dcccde94-1c00-0000-2c15-fe92e20e0000 pid=3810->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 96B guuid=0d8c0bde-1c00-0000-2c15-fe929a0f0000 pid=3994->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=0d8c0bde-1c00-0000-2c15-fe929a0f0000 pid=3994->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 96B guuid=2cda3c42-1d00-0000-2c15-fe9204100000 pid=4100->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=2cda3c42-1d00-0000-2c15-fe9204100000 pid=4100->4d9068d8-ee22-5c1e-9951-e6b016652133 send: 99B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8
Threat name:
Document-HTML.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-29 22:52:32 UTC
File Type:
Text
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubfqevbdcppf3nynlkd7zlzduxd5dtky3g4tdnpg64cf6e2hbdea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250629-2tms9sszfw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a04b02542313de5db70d5a87fcaf23a5c7d1cd58d9b931b5e6f7045f134708c8

(this sample)

Mirai

elf 8a3fdaf4a2ac23ea0c5e4985dbc7a8b054c647e462669505ed3cb2b053623028

  
URLhaus
https://urlhaus.abuse.ch/url/3562359/
  
Delivery method
Distributed via web download
  
Dropping
MD5 81bac2bcdf98b4eb770e44fe52173385
  
Dropping
SHA256 8a3fdaf4a2ac23ea0c5e4985dbc7a8b054c647e462669505ed3cb2b053623028

Comments