MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0
SHA3-384 hash:	293d18e84c8e62f004a2ef484df409ac5efaf8734e00aebc0313a07324ea96de935d2b669957017997fa3d4890f932ab
SHA1 hash:	c86726d6daeb5c25151887bb35caf291acdf4330
MD5 hash:	1fb4b632cb59507f74e03b1a730ccd39
humanhash:	nineteen-six-grey-muppet
File name:	c.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'017 bytes
First seen:	2025-12-25 19:18:58 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:oZXWsJWWW3bGNWWWtMNWWW2u8NIl5ONWWWLa0LK3NWWW1tODOmNWWWjpiVNWWWZL:m0T8NI7pKfDsiz+WA3t7dUP27
TLSH	T18D1151CE31911FB75A089F0CF577802855C3A8D8FD626DD1A3161C384CDB72DB528AB6
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://94.156.152.90/bins/arm	e0844b0cdf611d8a7521ff37ca40ab691a2c2c3e28a4b9571ff9456d5b5a2b77	Mirai	elf ua-wget
http://94.156.152.90/bins/arm5	f6fbf730c614f55b266174036c98d1827bc602c3c830ccff25454272c694b91f	Mirai	elf ua-wget
http://94.156.152.90/bins/arm6	46588e27520d4ff181d33bc7ff021903d1ecd13f376657f5db7af180ca2e3ac6	Mirai	elf mirai ua-wget
http://94.156.152.90/bins/arm7	c05ee431ce3abe70afdbf9710b0ab3864ecdd8de9f8697c077f956a39bdf8217	Mirai	elf ua-wget
http://94.156.152.90/bins/m68k	0fc0c0aa10d7f989ee6709c50908144d95b2c62ad512419f690652c906db8ed5	Mirai	elf mirai ua-wget
http://94.156.152.90/bins/mips	0f8f041acce3852c7ee78caffddcb4e941206b3c5b905bb5e6c061285ce08852	Mirai	elf ua-wget
http://94.156.152.90/bins/mpsl	d80d236e16bfef3dd5b8aacb4aff4226616be790c3b5dc2325af73e71d61441c	Mirai	elf mirai ua-wget
http://94.156.152.90/bins/ppc	14d5f0267f0ca1c67bdd8e3075ee3598e2ae7444c7f87bab0b862b3b5ee6ced7	Mirai	elf ua-wget
http://94.156.152.90/bins/sh4	439b5691344326a2b67d18c5414f27c50d2b5be2bba021a6c74fbd718fd956ce	Mirai	elf ua-wget
http://94.156.152.90/bins/spc	2951437574f0b44b68855462c650bc1d7b10fbaf36ed86e7a45faec38b87ee6e	Mirai	elf ua-wget
http://94.156.152.90/bins/x86	03ecda01330d867752a09c2e6118fed74a061d4f5222d492ab43640e0d36e6c4	Mirai	elf mirai ua-wget
http://94.156.152.90/bins/x86_64	c0fe3a9a893f48296e27f62bb47a35480d0255c5df46d2185963ce8552004535	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.DownLoader.37.8540.11911.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-12-25T16:38:00Z UTC

Last seen:

2025-12-27T12:48:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d5b9264a-c861-4814-9403-ada01ed40d21

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0/

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-12-25 19:20:22 UTC

File Type:

Text (Shell)

AV detection:

9 of 24 (37.50%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v3nefnat7zikhaozpyiqrkrtn3tl5bejrcfsylnu5pw5xxkdslya._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:owari antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/251225-x1skwazpaj/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/aeda42b413fe/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.31

Link:

https://yomi.yoroi.company/submissions/aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh aeda42b413fe50a381d97e1108aa336ee6be8489888b2c2db4ebeddbdd4392f0

(this sample)

Mirai

elf 46588e27520d4ff181d33bc7ff021903d1ecd13f376657f5db7af180ca2e3ac6

URLhaus

https://urlhaus.abuse.ch/url/3743569/

Delivery method

Distributed via web download

Dropping

MD5 fba5c3d80fd861fbcf488eccc6643f4f

Dropping

SHA256 46588e27520d4ff181d33bc7ff021903d1ecd13f376657f5db7af180ca2e3ac6

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample