MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
SHA3-384 hash: e620b6608814d5c95a5b38564cce0410f82257b5e55a3e9190ec07b379e56f3089672aaff9fc75b9080716c2722a8cf5
SHA1 hash: 89b7a1fb9a4ce7184efd0fd91cb8aac5f944ecb1
MD5 hash: 2473c2a561acd57410f462f603dccfa0
humanhash: double-edward-rugby-july
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'881 bytes
First seen:2026-02-08 14:53:23 UTC
Last seen:2026-02-08 20:10:51 UTC
File type: sh
MIME type:text/plain
ssdeep 24:oF2JM8mbiBsxuZnEKEnE2EhEy+YbwJoJUfvAhM3a:oF2JM8mbiBsxuZnncvyAYbw9AhM3a
TLSH T14A510E9B01089B319F0FCB9D77F431B95306B1E396DBC644E944099E5FC698C26CDE51
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnaarch64xnxn4034d3c1d40097edcfda1c7f97ff057dc11b8dc2f25a16e53bc2122cb6af07ae Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxni386xnxn411aec2600ebb8e2dff75750ea2c6ddba1e61188a9dd140de45fcf27fa9cc4aa Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnloongarch64xnxnc2a52b8b04f72b7c281232d32dcbc3756ad7f4a9d28bd2d42a394a4e628ddb3d Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnm68kxnxn516cc2dacae1a1d55ad57744aefc133d0b10b83033740c824fa827bc197735d7 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnmicroblazexnxn314acaf706a13f709d8064d418248e10d9bf72416a64041389fd6ee6db39b748 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnmipsxnxn03ce826ffbd8436e6cdb27e25a9c8483d677e608fa111b1d36a0379f1f3299da Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnor1kxnxn5284f88167faa897e66e1535c8a75962b6a89e767bad3b554f6b383093eeb029 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnpowerpcxnxna3be89eae3abf909aadaa3d7021c77d491ed6425cc665725651be53131ba4ffc Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnriscv32xnxn037def81f4d4987a0c5fa5b5f10c8a7771111b3ca75d49cf2cc8daf7945c516b Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnriscv64xnxna7d2bbd8da4d8aa35b1e760b6f27289705840a0bf8507df2be3997445e0362e9 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnsh2xnxncaaccc18a6befc7484853a9b74bc3529f50bd3cc37ce78071128fc92f4a15b9d Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnsh4xnxn329cec30ee710011f22b50e4c719d4bc0938ebdf5472eb166fff7d0bc1295728 Miraielf mirai ua-wget
http://91.92.241.232/bins/xnxnxnxnxnxnxnxnx86_64xnxn2f475bc50b4cf52ad87921d41b4171768b78e7dc76297a58683815aa5c747661 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6988a396981ff1d38a4d34fe/reports/779ebb8c-6fc1-4fd3-b054-8b43a9da4ab2/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-02-08T11:59:00Z UTC
Last seen:
2026-02-09T17:16:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 14:54:18 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqplj6slcjypropwu4r5k7yuj4sph5tx4songqcvfktkjjcxwjiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260208-r9y65afx7e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b41eb4fa4b1270f8b9f6a723d57f144f24f3f677e49cd340552aa6a4a457b251

(this sample)

Mirai

elf 7a23b2b2a2ecd5a7768261b34d66fc9871d06ee77ebb9d72d3df4b842b2c0cf3

Mirai

elf 4294078f8a6f11bc1580f94b464cc5f5c58ad8b8f126116585fb6b2158bd8378

  
URLhaus
https://urlhaus.abuse.ch/url/3774518/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fec9829cd790f272b6631f3cf0b5addd
  
Dropping
SHA256 4294078f8a6f11bc1580f94b464cc5f5c58ad8b8f126116585fb6b2158bd8378

Comments