MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80
SHA3-384 hash:	193066a945d633d260f731080006d5e9f826a755ff4d39c96abcefc9877659c5756f7d79330d4bc0734ccafc171f0e34
SHA1 hash:	61e427b8e6c2252ebfccfa23fa971c1747bb7a0d
MD5 hash:	31b84cdacb95ef4ed06611978ff742d7
humanhash:	winner-paris-william-stream
File name:	l
Download:	download sample
Signature	Mirai Create hunting rule
File size:	692 bytes
First seen:	2025-04-18 13:39:09 UTC
Last seen:	2025-04-18 23:32:06 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:3rWKIw+u5ZMoOF7+MB05vOpNDNkpjNwyTyygDNkpjN8Tvn:yRk5zOt+MB02kpxkkpx8jn
TLSH	T1080147CE10A88D77A8818DFB72925914A9C9C0C91BC9CE84609E003AB5CCD4C79A2E76
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://82.24.200.45/vv/armv4l	85d832b76ffa7623c5d14c0010db35fc9ea43aabd189731671c04ac5f3fb5cf2	Mirai	elf mirai ua-wget
http://82.24.200.45/vv/armv7l	45fe3faa7904cacf5f7a3d63385aebad6890f8913b8dabe91f29956be44c3e99	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.DownLoader.2324.1998.26690.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68025c00280f5f89a0d155f6linux22vpnfull_triage

Tags:

mirai virus agent hype

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

busybox evasive mirai obfuscated

Link:

https://www.filescan.io/uploads/6802560789fec6b88b9f16fd/reports/0540b75e-5eb4-4845-885a-b8d50a43274a/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-04-12 12:16:42 UTC

File Type:

Text (Shell)

AV detection:

8 of 38 (21.05%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=us2fqpbjkladstpjjaxj6gter5fdztzrthhhmxblhqnuln5aboaa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250418-qzrtmaxmt9/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a4b4583c2952c0394de9482e9f1a648f4a3ccf3199ce765c2b3c1b45b7a00b80

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.