MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f
SHA3-384 hash: e5b562dd1dafde2c1aba8657d8549f051f5ca2502d095220736de64a8aa9f1ec18b6c8f3246845db080e8a3300a59245
SHA1 hash: c6dc865ca76cd87d63d380524d6ec84b1c1bbf78
MD5 hash: 5dc03e6c9d67d5f3b3499d31604abb4d
humanhash: seventeen-high-uranus-speaker
File name:bins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'891 bytes
First seen:2025-09-01 15:19:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:Uo8o8csVQmHeRoEKB536YN0uVCLQqwONI14ksNc4KlAxec6PsLihrUFiIm3xv:UJJxRjE636YNBCLha4JXUA5vL0UxIv
TLSH T14F4141D9636326372DE2DA5776794004B1C0E0C6A8CAEE1DFDDD35E80D8DF4E6005A87
Magika csv
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.138.16.158/bins/px862a1a0b761c5b4e72740aab0db74380f445dbcd58aa0f9e18ffead9e723da0910 Miraielf mirai ua-wget
http://45.138.16.158/bins/pmips6f484e15134d6b9e612f93a5f43dd204a856a972ac6591ad8a1770819df42286 Miraielf mirai ua-wget
http://45.138.16.158/bins/pmpsld5cc2a96f20eb01fe0d6d0e06765c74537d3ad8ec7b14ec9adefa0a2becd0462 Miraielf mirai ua-wget
http://45.138.16.158/bins/parm4n/an/aelf ua-wget
http://45.138.16.158/bins/parm539b6b6d9ffecbf4123bbce9254ef52a53f687faf00b8256997cb581c9db9d97a Miraielf mirai ua-wget
http://45.138.16.158/bins/parm6b3a6eb3bd474954fcb2a25090e80142c86f6788d2a4aded225321a2d7951b0c6 Miraielf mirai ua-wget
http://45.138.16.158/bins/parm718acb7139009692c66fb66c620e0e34844df497860a57e8b7095b1769ca592d4 Miraielf mirai ua-wget
http://45.138.16.158/bins/pppc1e9e0a6980fedc848bb6ce1c52dec9bb0aabc31d50af8d7ec80af4216db6d239 Miraielf mirai ua-wget
http://45.138.16.158/bins/pm68k8e0d462132373f6e6c2878e939219ffc58b58092e8a9f678cbea6ac8af167da6 Miraielf mirai ua-wget
http://45.138.16.158/bins/psh4c4c891e901ec7309decc54c9a5a5c94485a3736a806ecffef7dd2e1c6ffe1d5d Miraielf mirai ua-wget
http://45.138.16.158/bins/pspc143f046b9e8f9d09399912aab6363c5ac4f001dea9a601684447ee03cf63ab3b Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2025-09-01T12:35:00Z UTC
Last seen:
2025-09-01T12:35:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2806acb8-1c6e-4dd0-816f-6729cdf0f01d
Behavior Graph:
Download SVG
%3 guuid=d1eae70a-1900-0000-cd24-e77bef130000 pid=5103 /usr/bin/sudo guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111 /tmp/sample.bin guuid=d1eae70a-1900-0000-cd24-e77bef130000 pid=5103->guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111 execve guuid=4ac6800d-1900-0000-cd24-e77bf9130000 pid=5113 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=4ac6800d-1900-0000-cd24-e77bf9130000 pid=5113 execve guuid=3a0efd15-1900-0000-cd24-e77b13140000 pid=5139 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=3a0efd15-1900-0000-cd24-e77b13140000 pid=5139 execve guuid=a65f6b16-1900-0000-cd24-e77b15140000 pid=5141 /tmp/px86 delete-file net guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=a65f6b16-1900-0000-cd24-e77b15140000 pid=5141 execve guuid=1ce6c816-1900-0000-cd24-e77b1a140000 pid=5146 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=1ce6c816-1900-0000-cd24-e77b1a140000 pid=5146 execve guuid=3427112b-1900-0000-cd24-e77b5a140000 pid=5210 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=3427112b-1900-0000-cd24-e77b5a140000 pid=5210 execve guuid=3ca24d2b-1900-0000-cd24-e77b5b140000 pid=5211 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=3ca24d2b-1900-0000-cd24-e77b5b140000 pid=5211 clone guuid=3033d72b-1900-0000-cd24-e77b5d140000 pid=5213 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=3033d72b-1900-0000-cd24-e77b5d140000 pid=5213 execve guuid=808a7e34-1900-0000-cd24-e77b5e140000 pid=5214 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=808a7e34-1900-0000-cd24-e77b5e140000 pid=5214 execve guuid=275fc834-1900-0000-cd24-e77b5f140000 pid=5215 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=275fc834-1900-0000-cd24-e77b5f140000 pid=5215 clone guuid=15f16f35-1900-0000-cd24-e77b61140000 pid=5217 /usr/bin/wget net send-data guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=15f16f35-1900-0000-cd24-e77b61140000 pid=5217 execve guuid=cae8c139-1900-0000-cd24-e77b65140000 pid=5221 /usr/bin/curl net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=cae8c139-1900-0000-cd24-e77b65140000 pid=5221 execve guuid=b703fe43-1900-0000-cd24-e77b6e140000 pid=5230 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=b703fe43-1900-0000-cd24-e77b6e140000 pid=5230 execve guuid=463b3644-1900-0000-cd24-e77b6f140000 pid=5231 /tmp/parm4 guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=463b3644-1900-0000-cd24-e77b6f140000 pid=5231 execve guuid=f5076944-1900-0000-cd24-e77b70140000 pid=5232 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=f5076944-1900-0000-cd24-e77b70140000 pid=5232 execve guuid=ea6cab4a-1900-0000-cd24-e77b71140000 pid=5233 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=ea6cab4a-1900-0000-cd24-e77b71140000 pid=5233 execve guuid=d3f9054b-1900-0000-cd24-e77b72140000 pid=5234 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=d3f9054b-1900-0000-cd24-e77b72140000 pid=5234 clone guuid=e962ae4b-1900-0000-cd24-e77b74140000 pid=5236 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=e962ae4b-1900-0000-cd24-e77b74140000 pid=5236 execve guuid=4295bc51-1900-0000-cd24-e77b75140000 pid=5237 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=4295bc51-1900-0000-cd24-e77b75140000 pid=5237 execve guuid=ea441352-1900-0000-cd24-e77b76140000 pid=5238 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=ea441352-1900-0000-cd24-e77b76140000 pid=5238 clone guuid=8f2fbe52-1900-0000-cd24-e77b78140000 pid=5240 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=8f2fbe52-1900-0000-cd24-e77b78140000 pid=5240 execve guuid=a91c135b-1900-0000-cd24-e77b79140000 pid=5241 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=a91c135b-1900-0000-cd24-e77b79140000 pid=5241 execve guuid=40b2895b-1900-0000-cd24-e77b7a140000 pid=5242 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=40b2895b-1900-0000-cd24-e77b7a140000 pid=5242 clone guuid=f52f2b5c-1900-0000-cd24-e77b7c140000 pid=5244 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=f52f2b5c-1900-0000-cd24-e77b7c140000 pid=5244 execve guuid=b0858c62-1900-0000-cd24-e77b7d140000 pid=5245 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=b0858c62-1900-0000-cd24-e77b7d140000 pid=5245 execve guuid=2d96ce62-1900-0000-cd24-e77b7e140000 pid=5246 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=2d96ce62-1900-0000-cd24-e77b7e140000 pid=5246 clone guuid=3a1b2965-1900-0000-cd24-e77b80140000 pid=5248 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=3a1b2965-1900-0000-cd24-e77b80140000 pid=5248 execve guuid=1d776f6d-1900-0000-cd24-e77b81140000 pid=5249 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=1d776f6d-1900-0000-cd24-e77b81140000 pid=5249 execve guuid=40a0b86d-1900-0000-cd24-e77b82140000 pid=5250 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=40a0b86d-1900-0000-cd24-e77b82140000 pid=5250 clone guuid=8648576e-1900-0000-cd24-e77b84140000 pid=5252 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=8648576e-1900-0000-cd24-e77b84140000 pid=5252 execve guuid=b03ebf77-1900-0000-cd24-e77b85140000 pid=5253 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=b03ebf77-1900-0000-cd24-e77b85140000 pid=5253 execve guuid=d94b1378-1900-0000-cd24-e77b86140000 pid=5254 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=d94b1378-1900-0000-cd24-e77b86140000 pid=5254 clone guuid=f3deef78-1900-0000-cd24-e77b88140000 pid=5256 /usr/bin/wget net send-data write-file guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=f3deef78-1900-0000-cd24-e77b88140000 pid=5256 execve guuid=32bed681-1900-0000-cd24-e77b89140000 pid=5257 /usr/bin/chmod guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=32bed681-1900-0000-cd24-e77b89140000 pid=5257 execve guuid=e3077482-1900-0000-cd24-e77b8a140000 pid=5258 /usr/bin/dash guuid=43df200d-1900-0000-cd24-e77bf7130000 pid=5111->guuid=e3077482-1900-0000-cd24-e77b8a140000 pid=5258 clone acfe3e17-3cf6-5059-a54d-17895a0ecd03 45.138.16.158:80 guuid=4ac6800d-1900-0000-cd24-e77bf9130000 pid=5113->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 137B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a65f6b16-1900-0000-cd24-e77b15140000 pid=5141->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142 /tmp/px86 net send-data zombie guuid=a65f6b16-1900-0000-cd24-e77b15140000 pid=5141->guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142 clone guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 58a084c5-9e6b-5745-90ad-9f44a64dfe1c 45.138.16.158:18129 guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142->58a084c5-9e6b-5745-90ad-9f44a64dfe1c send: 10B guuid=2610bb16-1900-0000-cd24-e77b18140000 pid=5144 /tmp/px86 guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142->guuid=2610bb16-1900-0000-cd24-e77b18140000 pid=5144 clone guuid=e146c216-1900-0000-cd24-e77b19140000 pid=5145 /tmp/px86 guuid=7ab9a516-1900-0000-cd24-e77b16140000 pid=5142->guuid=e146c216-1900-0000-cd24-e77b19140000 pid=5145 clone guuid=1ce6c816-1900-0000-cd24-e77b1a140000 pid=5146->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=3033d72b-1900-0000-cd24-e77b5d140000 pid=5213->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=15f16f35-1900-0000-cd24-e77b61140000 pid=5217->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=cae8c139-1900-0000-cd24-e77b65140000 pid=5221->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 87B guuid=f5076944-1900-0000-cd24-e77b70140000 pid=5232->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=e962ae4b-1900-0000-cd24-e77b74140000 pid=5236->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=8f2fbe52-1900-0000-cd24-e77b78140000 pid=5240->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=f52f2b5c-1900-0000-cd24-e77b7c140000 pid=5244->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 137B guuid=3a1b2965-1900-0000-cd24-e77b80140000 pid=5248->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 138B guuid=8648576e-1900-0000-cd24-e77b84140000 pid=5252->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 137B guuid=f3deef78-1900-0000-cd24-e77b88140000 pid=5256->acfe3e17-3cf6-5059-a54d-17895a0ecd03 send: 137B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-01 15:20:53 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vyzvjtm3xm35bf2kixubmcqmhxivzjahvc24ohhcbu7gyte5yj7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250901-sq7vlaap6v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ae3354cd9bbb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ae3354cd9bbb37d0974a45e8160a0c3dd15ca407a8b5c71ce20d3e6c4c9dc27f

(this sample)

Mirai

elf 2a1a0b761c5b4e72740aab0db74380f445dbcd58aa0f9e18ffead9e723da0910

  
URLhaus
https://urlhaus.abuse.ch/url/3615262/
  
Delivery method
Distributed via web download
  
Dropping
MD5 53c809ebaddf06451b81accc69f04e43
  
Dropping
SHA256 2a1a0b761c5b4e72740aab0db74380f445dbcd58aa0f9e18ffead9e723da0910

Comments