MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64
SHA3-384 hash: 408e5543d43e80b4563b30ddca2f908af2bdf63c659316004529d6a792c1b82d40d8ef5b3d37f4b9f8b35053a39f72f1
SHA1 hash: 30fece1846139e8d68e58b42a6708d5531997ff0
MD5 hash: 22c1116a028a37a8d907854ee4d76d7b
humanhash: double-autumn-california-pluto
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'907 bytes
First seen:2026-01-21 12:34:59 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:pc2JMvZbiBPYuZeENEnE2EhEiPBbwk3JUfgHhM3G:pc2JMvZbiBPYuZeecvyxBbwgHhM3G
TLSH T1AA5150DA41906771EA06854D77F031F4528BB1875BDF8748EB9C181CCEC9E8C7B85E50
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnaarch64xnxn9f52a704bcad797e171872c389abda5e77e4173f44f3a72c70fac09ec568b14f Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxni386xnxnecb8556507607d03a0cb9d4c344eab477f8618e169c800a200bdf72ec4159a3e Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnloongarch64xnxn5ab70732507521d05fa8ac92e64759a795a4c91f5e27dd7965b9a1ef81c304ff Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnm68kxnxnbdbbdd8c8d18fd71eb50f7c2e937b65c11c34bf2fefd50f6bc8c07604a3b79a0 Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmicroblazexnxn8af63d8670d02852e25c3c55911512cb662f0150a54636c9f442965b2dd27088 Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmipsxnxn2242cdf9cc9223c38c71a4bb87fdd7f0c43fb63b04ad0738d169cb6d23cca9fc Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnor1kxnxnfc239bfa722b0257ed4e333eec7c53c50cb7aba78410f0f3c5b0b6158ed1bffd Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnpowerpcxnxnae3b9ab03c4bdabc64d6fc3b2b9ab47e769f1ecce73be1dfa0aad6024631a6ad Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv32xnxnfa30435bf2065dd63294091f0db4ce6cef9d668e3614e403116359b74465f5a9 Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv64xnxn5f444c1905a44e07a2b4d79a9f1c2dbc4a0f33e30da3a64e8216745ec07da75b Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh2xnxn4e9b4acacce3dde242dea2542bb59132b475355e96c1ca80c26ff417010207cf Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh4xnxn122412e873bd547ed39286ce1c650a2568fa2166c917aece208c823c4c04cd18 Miraicensys elf mirai ua-wget
http://83.168.110.127/bins/xnxnxnxnxnxnxnxnx86_64xnxne4bc55006ba054042113c1d0dd217705ec1b8680f7b81714d0e6b5676a1ee55f Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm evasive mirai
Link:
https://www.filescan.io/uploads/6970c8195db9ae47708bbcc3/reports/44ec41e7-9093-4643-9c23-2a68a2ddcf6a/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
First seen:
2026-01-21T06:34:00Z UTC
Last seen:
2026-01-21T07:00:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-21 12:01:11 UTC
AV detection:
5 of 38 (13.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wstowcxmcj3e5fpseay5scdoy66fiio332lvshaxfqck2rd5pzsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260121-psq33sdw2f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b4a6eb0aec12764e95f22031d9086ec7bc5421dbde97591c172c04ad447d7e64

(this sample)

Mirai

elf 7512b31b0328aaef6d432ee4ff25f546e6053d5083d679f33c7c275b57082083

Mirai

elf 9f52a704bcad797e171872c389abda5e77e4173f44f3a72c70fac09ec568b14f

  
URLhaus
https://urlhaus.abuse.ch/url/3760878/
  
Delivery method
Distributed via web download
  
Dropping
MD5 11278713c9aa2b2f19f8159c1405a8fd
  
Dropping
SHA256 9f52a704bcad797e171872c389abda5e77e4173f44f3a72c70fac09ec568b14f

Comments