MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
SHA3-384 hash: e620b6608814d5c95a5b38564cce0410f82257b5e55a3e9190ec07b379e56f3089672aaff9fc75b9080716c2722a8cf5
SHA1 hash: 89b7a1fb9a4ce7184efd0fd91cb8aac5f944ecb1
MD5 hash: 2473c2a561acd57410f462f603dccfa0
humanhash: double-edward-rugby-july
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2026-02-08 14:53:23 UTC
Last seen:2026-02-08 20:10:51 UTC
File type: sh
MIME type:text/plain
ssdeep 24:oF2JM8mbiBsxuZnEKEnE2EhEy+YbwJoJUfvAhM3a:oF2JM8mbiBsxuZnncvyAYbw9AhM3a
TLSH T14A510E9B01089B319F0FCB9D77F431B95306B1E396DBC644E944099E5FC698C26CDE51
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnaarch64xnxn4294078f8a6f11bc1580f94b464cc5f5c58ad8b8f126116585fb6b2158bd8378 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxni386xnxnad3236525ff180d2dd0e3c8827003be7b83b4fa52bb487e43c3d06b2bc056982 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnloongarch64xnxn025f2454527adefd1dd2fd009a9f05d7a3968a01e04d7b6b7f1b3021b690b54b Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnm68kxnxn9bd8c30f2acf743e260c70ecdcead6fcc9f32e47d1300d1c471e589604da242a Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnmicroblazexnxn612a018ab8e2f3dcf91d45f001cc7fc42820a13c79deb944dec52c47ee600d4d Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnmipsxnxn55dc4baa23959daf34e0cb449b65c676725d21152b02fd0b126a1f561aa9688d Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnor1kxnxn68dacae6fcfe2e84ee23cccf4b052eb438689d5349b8b775819d8e19a34ef67f Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnpowerpcxnxn13ad478a5b7ad2cde1f57dbc61cd3d8c2ed076246ede5cb656478402302034fe Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnriscv32xnxnd5099f92e118e65cdc0949fc76262956ca2b87d88f750744066b541ff099b5df Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnriscv64xnxn3e01940026a57e1d67f6437a1d225cd54829f4c47e27586e38d09a0b628ee20e Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnsh2xnxnbcb2f561cf917aa6237d69267b6537c8e5be8a60a51d92d80f5a08fcfdebad37 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnsh4xnxn94d25a3d003300a2a2492033ef563e62c537dbdb52a98f7f002faafe46324cea Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnx86_64xnxnca7dbc085a3a78a18c90e433918e128a54683231d2dd002bec65dfa0a0a565c7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6988a396981ff1d38a4d34fe/reports/779ebb8c-6fc1-4fd3-b054-8b43a9da4ab2/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 14:54:18 UTC
File Type:
Text (Shell)
AV detection:
4 of 36 (11.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqplj6slcjypropwu4r5k7yuj4sph5tx4songqcvfktkjjcxwjiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260208-r9y65afx7e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251

(this sample)

Mirai

elf 7a23b2b2a2ecd5a7768261b34d66fc9871d06ee77ebb9d72d3df4b842b2c0cf3

Mirai

elf 4294078f8a6f11bc1580f94b464cc5f5c58ad8b8f126116585fb6b2158bd8378

  
URLhaus
https://urlhaus.abuse.ch/url/3774518/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fec9829cd790f272b6631f3cf0b5addd
  
Dropping
SHA256 4294078f8a6f11bc1580f94b464cc5f5c58ad8b8f126116585fb6b2158bd8378

Comments