MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020
SHA3-384 hash: 5adcea941c89f5c0a7ae7ea45bf991712f7538b7c773f9fe6a8c330a8787f36fa58e50affd65ec8ac1ee6366eee970d5
SHA1 hash: 0b8fdd19e32ccd0cac9a9edbc4a37d24ecd4abcd
MD5 hash: 41acb62a12d3f86cf1227bff5f7931b0
humanhash: neptune-ink-moon-tango
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2025-10-31 18:48:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:2tQFKF2JMgyuybiBk+/+uZsxsxcvyuRYr/rbwjIgeglwDkAKAhM3g31:XA2JM7FbiBDWuZ/zbwC
TLSH T1BC51819B01008B75E60CCA4FF7F2B534634FA0D29ADBCA88E950087C0EC7D4C7689E92
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnaarch64xnxn5344a4e6b50e7d5039a7dec6cf65256a10bdbfeea6c528031a51e0340d0a983f Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxni386xnxn72a3d8ffd275805ee48964eb860d1f298882e85cac3b69774e4656d46e9405d5 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnloongarch64xnxnb4d9a480c2ed033bd267f1234ff26c783544adf85311bb7ddda64d5078e0ea21 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnm68kxnxn5cc0f0ad21bc1d6fb5d9ed8709758c57d19b917f0d9bc49d6653ac4e843c1b83 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnmicroblazexnxn9c39e17d4a433c1f3dbd60f57c024c90145581fcf2fdaa428e23675f7b9a01f5 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnmipsxnxn20a97ceb23904d38193dc12b4b2926da20b18cd0dcb9d7558394962dfd973cc4 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnor1kxnxne02ecd2d236148483e7b715fae55cfa06b794e3bf7287d9df3ea2d2c08614b57 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnpowerpcxnxncd0601a2ec5582a0b70034fac8b0b03d950c43d171c123e1858ed0fcfc40a31c Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnriscv32xnxn85dfbefa0d5cc79941c6acd3f311eb72c846ae1b6e86532a15d79f20baa228cb Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnriscv64xnxnaff8d113346c835c0eb7ce516f4d455b63cf42cb032801285496be094a5b0318 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnsh2xnxn3ffdfcead1610d1e074fd8bf85536ad6858312420f7312aaad7af3159bea75e8 Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnsh4xnxn6ac8be317e8c0b229abbfb00238fd7e5567247130816fb3bf8bb60e922bf4a1d Miraielf mirai ua-wget
http://196.251.66.20/bins/xnxnxnxnxnxnxnxnx86_64xnxnfa1bd62d45069bfb72f2e13d5d03782726a0d68755752c554426bd618d33d3db Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
text
First seen:
2025-10-31T16:29:00Z UTC
Last seen:
2025-11-02T10:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020/results?tab=lookup
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-10-31 18:49:36 UTC
File Type:
Text (Shell)
AV detection:
5 of 38 (13.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubj33wy4u2hdtpjz5cva5ycdb2vhhmsjiojpnfx3pp2fm77ukaqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251031-xf6a8s1qas/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a053bddb1ca68e39bd39e8aa0ee0430eaa73b2494392f696fb7bf4567ff45020

(this sample)

Mirai

elf a28eeafdf77ac31624d07c7fffc6775a90cc16d588df8eab752f8cb6a62e1dc5

Mirai

elf 8111e97b7fc27febbfb0aabcd9e55150227c984d117ecfd13b7a7edb1383c6ba

  
URLhaus
https://urlhaus.abuse.ch/url/3680245/
  
Delivery method
Distributed via web download
  
Dropping
MD5 30c71093429ba4c84db0a4a501a4d9cf
  
Dropping
SHA256 8111e97b7fc27febbfb0aabcd9e55150227c984d117ecfd13b7a7edb1383c6ba
  
URLhaus
https://urlhaus.abuse.ch/url/3692860/

Comments