MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534
SHA3-384 hash: 0e7174e265742cba1936bd70545b8ca5a6cd5f5a84d5d4ee003e37e0530c0a2ec349a9a1a0f9a08f6c2c7e1f4d18a8e5
SHA1 hash: 35bfbea922f64f69e03b3e3ba0b2bee984944b1b
MD5 hash: ba296048a801830ef8cdfdc504b2efeb
humanhash: grey-fanta-snake-monkey
File name:zyxel.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'188 bytes
First seen:2025-10-18 05:53:02 UTC
Last seen:2025-10-19 09:15:19 UTC
File type: sh
MIME type:text/plain
ssdeep 12:6SCwaLCuNIQQACzvK2HCI50FEC9CI5CDHClKACwHCwcACG8AUn:sNIvKU50F3giJmxn
TLSH T12F2136FA00255218A8045B21745D49295CFBEBD160369AF896BEE47362CBDA4F311F35
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.167/UnHAnaAW.armc7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507 Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm58f4cc08c2665eea2fbf8f6571d2003201845ca4d27eed4f66e55079fc7edd37d Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm6557c913d03aa64790ea3ca66c01684cbe17cece15e50539307ce6789dd3d9d4f Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm7289d71e0d077e1473836ebbd89a69fcd646c9e860f16c2c63b7abf090d8a4a02 Miraielf mirai
http://213.209.143.167/UnHAnaAW.m68k0930ef784776826bd7920386cdaa6fee14af8530f1f64b695338f70e77a33630 Miraielf mirai
http://213.209.143.167/UnHAnaAW.mips625534a1125a9ab0c459a395907df84307b303345edf1c60cce1b3d4ebf47bd5 Miraielf mirai
http://213.209.143.167/UnHAnaAW.mpsl79822204c6f2bdccbfa228ba1c8b343fa927a425eb7a061a0c3b220f12181fd9 Miraielf mirai
http://213.209.143.167/UnHAnaAW.ppcn/an/an/a
http://213.209.143.167/UnHAnaAW.sh4fe5b60917c992253bdcc935a5a2dab13391cf63c45680e2c5bf5b52e0a9f18c3 Miraielf mirai
http://213.209.143.167/UnHAnaAW.spcd01d9cb2aa57fef2752c753c62dfde895eead5a578f983fb265bf0d27fd066c1 Miraielf mirai
http://213.209.143.167/UnHAnaAW.x865c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf mirai
http://213.209.143.167/UnHAnaAW.x86_64n/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/68f32bfe3a79800405e9b45e/reports/554bb9cd-fcbd-411a-85fd-85304aca530e/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-18T03:09:00Z UTC
Last seen:
2025-10-18T05:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-17 23:11:00 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=udji7iasxqb2oeoey7c3oifeuyyund6wupsjqoxsymnfqzkg6u2a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-gmvv3sdj3t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a0d28fa012bc03a711c4c7c5b720a4a631468fd6a3e4983af2c31a586546f534

(this sample)

Mirai

elf c7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507

  
URLhaus
https://urlhaus.abuse.ch/url/3680635/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6a18d266d28f43a7a5b35b623e917365
  
Dropping
SHA256 c7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507
  
URLhaus
https://urlhaus.abuse.ch/url/3639155/

Comments