MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466
SHA3-384 hash: 52eb2a8002b32d164dce27c74f96855996865882e050640e8e63f8025c92301b6a926973e180034fca7c7a8d8a6081b8
SHA1 hash: 47c6b0d14d6a519518d0d8cc0c32c0267c57fce2
MD5 hash: acaa5bcbc1549427d7f911035237d977
humanhash: zulu-edward-twelve-enemy
File name:fentbins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'087 bytes
First seen:2025-12-01 21:21:30 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:uU1TQiqXZNBLBXs/uqlX/t3qXwx6dVfJP8pvNj4M:NR04Xh
TLSH T1DC1162CA1121448B4108DD4BB3920FF4F8B14F78BEDE4BA46E8849B583DD39C7875B84
Magika txt
Reporter juroots
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.130.215.101/fent.x8633147cc61aac5852fd5a8014314a886f807734fc1f8b61119f75cf8540149635 Miraimirai opendir
http://103.130.215.101/fent.spc44475d182097bf5f452d0fd941663f8028a241a4be7ad82a590c671ff08a2cce Miraimirai opendir
http://103.130.215.101/fent.sh449f8220b6a28cd74cfcf53e6e34245c4c73e0e0ae0766497ad915191f2a370d9 Miraiopendir
http://103.130.215.101/fent.ppcf79f501c76ccb19a1f4d8f2f91b58949f838e2e49d3214a6a787a5288e252432 Miraiopendir
http://103.130.215.101/fent.mpslb2ad36d5d9f18056c253a104565a3a988de52d82b08cd8547a18c8293621daef Miraimirai opendir
http://103.130.215.101/fent.mips759aac14167c4deb2eda88bb357c6a716b5f1a53c4210c70856baae2043fa6c5 Miraiopendir
http://103.130.215.101/fent.m68k64bb7bcc59152db9f9263c098e2cdf8b90713a368efcff2b2cdb9c1a850f8504 Miraimirai opendir
http://103.130.215.101/fent.arm702cb9570a733fd0117ec91f59428a0971eea9ff279f80c529bfc923927a6973e Miraiopendir
http://103.130.215.101/fent.arm66056c165cf9981d27a4912a271476aad63322d2301fd57517b238e6863da66f0 Miraimirai opendir
http://103.130.215.101/fent.arm551328e4d83b012bfae2157da4dc84fc5d16aa3b41d771fe75de41cbb38d5d17a Miraiopendir
http://103.130.215.101/fent.armc97cd2d3e456c860426ef82a3fee4fedebe9d16a56062719b2288ead527e0b0a Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
IL IL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/692e070a3cf0944cdda7e7f6/reports/879cd0e8-8ff2-4ef8-9493-8c34c2fb150f/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-01 21:22:18 UTC
File Type:
Text (Shell)
AV detection:
10 of 36 (27.78%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uyz6ea4l7jelenl4klkp5zp6caapq3bq54flkftwrxurxkz7yrta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251201-z7znwasldy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a633e2038bfa48b2357c52d4fee5fe1000f86c30ef0ab516768de91bab3fc466

(this sample)

Mirai

elf 33147cc61aac5852fd5a8014314a886f807734fc1f8b61119f75cf8540149635

  
URLhaus
https://urlhaus.abuse.ch/url/3722897/
  
Delivery method
Distributed via web download
  
Dropping
MD5 0880b70aa35fb5e74085f94e3809891f
  
Dropping
SHA256 33147cc61aac5852fd5a8014314a886f807734fc1f8b61119f75cf8540149635

Comments