MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022
SHA3-384 hash: 50140b3fbef345186faaf784d53a1693112d14bce4ef77cf22d19ee158c95635467752e6f910b6ed702b233449f2ab39
SHA1 hash: deb9963efd0c8c98c26e0e988970630dac9f9059
MD5 hash: f4cfebe27ec86927a6d34490614d39aa
humanhash: maine-undress-sierra-east
File name:t
Download: download sample
Signature Mirai
Create hunting rule
File size:275 bytes
First seen:2025-08-22 08:03:28 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:aO4qIl21sg2jpj4z3tV2QlWK46S1T7og2Sh:t021snqtNNhSJ
TLSH T1ACD012C9B8E97FC3C4001D01F171C490D197A20C0B9EC750EC660DA59CF1504B233A0B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.153.34.225/armv4l0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39 MiraiDEU elf geofenced mirai ua-wget
http://45.153.34.225/armv5l08beb12ebf39658d900bdf775a3386cedda53dca87a6d1129e9fa60ab97c1305 MiraiDEU elf geofenced mirai ua-wget
http://45.153.34.225/armv7l402e39d3259b3ca882b2dda25ea1e7f8039fdfc7307be9f80331116bea023b41 MiraiDEU elf geofenced mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3608872.UNOFFICIAL
Create hunting rule

URLhaus.3608854.UNOFFICIAL
Create hunting rule

URLhaus.3608860.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a824572a70220b68d874fe/reports/2441815e-6d34-4abe-a2a9-a3f69105cac5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022
Verdict:
Malicious
File Type:
text
First seen:
2025-08-22T09:29:00Z UTC
Last seen:
2025-08-22T09:29:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2ab847f4-3c64-4c48-b57b-a53a7dfa4d3f
Behavior Graph:
Download SVG
%3 guuid=48d2d749-1800-0000-5dd3-3d30e6080000 pid=2278 /usr/bin/sudo guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286 /tmp/sample.bin guuid=48d2d749-1800-0000-5dd3-3d30e6080000 pid=2278->guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286 execve guuid=46f2df4c-1800-0000-5dd3-3d30f0080000 pid=2288 /usr/bin/rm guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=46f2df4c-1800-0000-5dd3-3d30f0080000 pid=2288 execve guuid=18eb634d-1800-0000-5dd3-3d30f3080000 pid=2291 /usr/bin/wget net send-data write-file guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=18eb634d-1800-0000-5dd3-3d30f3080000 pid=2291 execve guuid=56d9d2ac-1800-0000-5dd3-3d30bf090000 pid=2495 /usr/bin/chmod guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=56d9d2ac-1800-0000-5dd3-3d30bf090000 pid=2495 execve guuid=2bc929ad-1800-0000-5dd3-3d30c1090000 pid=2497 /usr/bin/dash guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=2bc929ad-1800-0000-5dd3-3d30c1090000 pid=2497 clone guuid=528b81ae-1800-0000-5dd3-3d30c8090000 pid=2504 /usr/bin/rm guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=528b81ae-1800-0000-5dd3-3d30c8090000 pid=2504 execve guuid=3333beae-1800-0000-5dd3-3d30ca090000 pid=2506 /usr/bin/wget net send-data write-file guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=3333beae-1800-0000-5dd3-3d30ca090000 pid=2506 execve guuid=2a9aa41e-1900-0000-5dd3-3d30f20a0000 pid=2802 /usr/bin/chmod guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=2a9aa41e-1900-0000-5dd3-3d30f20a0000 pid=2802 execve guuid=2527101f-1900-0000-5dd3-3d30f40a0000 pid=2804 /usr/bin/dash guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=2527101f-1900-0000-5dd3-3d30f40a0000 pid=2804 clone guuid=06efc11f-1900-0000-5dd3-3d30f60a0000 pid=2806 /usr/bin/rm guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=06efc11f-1900-0000-5dd3-3d30f60a0000 pid=2806 execve guuid=82a50c20-1900-0000-5dd3-3d30f70a0000 pid=2807 /usr/bin/wget net send-data write-file guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=82a50c20-1900-0000-5dd3-3d30f70a0000 pid=2807 execve guuid=a5592430-1a00-0000-5dd3-3d30880c0000 pid=3208 /usr/bin/chmod guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=a5592430-1a00-0000-5dd3-3d30880c0000 pid=3208 execve guuid=18859c30-1a00-0000-5dd3-3d308a0c0000 pid=3210 /usr/bin/dash guuid=3280934c-1800-0000-5dd3-3d30ee080000 pid=2286->guuid=18859c30-1a00-0000-5dd3-3d308a0c0000 pid=3210 clone 5b7ed37b-dfae-5b6b-8562-ae7b97f88065 45.153.34.225:80 guuid=18eb634d-1800-0000-5dd3-3d30f3080000 pid=2291->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B guuid=3333beae-1800-0000-5dd3-3d30ca090000 pid=2506->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B guuid=82a50c20-1900-0000-5dd3-3d30f70a0000 pid=2807->5b7ed37b-dfae-5b6b-8562-ae7b97f88065 send: 134B
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022/
Threat name:
Linux.Trojan.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-08-22 07:39:14 UTC
File Type:
Text (Shell)
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqfkm4yc55kuedqj32zaqhypsvnn36caaocib7iziobjuelzgara._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250822-j1bepssnt7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a40aa67302ef55420e09deb2081f0f955addf840038480fd1943829a11793022

(this sample)

Mirai

elf 0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39

  
URLhaus
https://urlhaus.abuse.ch/url/3608869/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3608858/
  
Dropping
MD5 f21eca54539608e9fe3eb642ea5a8ac5
  
Dropping
SHA256 0141128b40526b5f5be2f212679990e32819bab977fe3f7e5e0d9581a7a0ee39

Comments