MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43
SHA3-384 hash: afe57f9dd97c0348da3bab261187134dc4de0f7457aa2d2516b518278c0c2954cc9a9db94612af98c5c01855f875343a
SHA1 hash: 410a7697d82db6bfdb0fcc506c1e508d6f942d24
MD5 hash: 09aa80508fe0b18baa894c7bbe268348
humanhash: saturn-snake-hamper-spaghetti
File name:li
Download: download sample
Signature Mirai
Create hunting rule
File size:669 bytes
First seen:2025-06-28 10:05:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:YURUKJUSNIl5PUf0LKOUSBU9U014U4tVR9UQBXU4Ba:YURUKJUSNI7PUqKOUSBU9U0qU4tJUAUd
TLSH T1C6011AAE287178E64A399E56B0738754702C96CDFA758F08A94F58BE8DD7B00341CF45
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685fea400fceda814b4695d8linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/685fbe9c45e80b29f8a33b95/reports/c8d9de5f-10b0-4241-b241-9a67c3b7d439/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Mirai
Link:
https://www.hybrid-analysis.com/sample/b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b37d638f-ec4d-4fde-8ac7-ab8a73fd130f
Behavior Graph:
Download SVG
%3 guuid=a0af758d-1a00-0000-1d60-04c171090000 pid=2417 /usr/bin/sudo guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424 /tmp/sample.bin guuid=a0af758d-1a00-0000-1d60-04c171090000 pid=2417->guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424 execve guuid=e686518f-1a00-0000-1d60-04c17a090000 pid=2426 /usr/bin/rm guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=e686518f-1a00-0000-1d60-04c17a090000 pid=2426 execve guuid=7523d68f-1a00-0000-1d60-04c17c090000 pid=2428 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=7523d68f-1a00-0000-1d60-04c17c090000 pid=2428 execve guuid=174df0a7-1a00-0000-1d60-04c1b2090000 pid=2482 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=174df0a7-1a00-0000-1d60-04c1b2090000 pid=2482 execve guuid=59c32fa8-1a00-0000-1d60-04c1b3090000 pid=2483 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=59c32fa8-1a00-0000-1d60-04c1b3090000 pid=2483 clone guuid=2fb20ea9-1a00-0000-1d60-04c1b6090000 pid=2486 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=2fb20ea9-1a00-0000-1d60-04c1b6090000 pid=2486 execve guuid=d45ce7b4-1a00-0000-1d60-04c1d0090000 pid=2512 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=d45ce7b4-1a00-0000-1d60-04c1d0090000 pid=2512 execve guuid=6f9c2bb5-1a00-0000-1d60-04c1d2090000 pid=2514 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=6f9c2bb5-1a00-0000-1d60-04c1d2090000 pid=2514 clone guuid=8e28beb5-1a00-0000-1d60-04c1d6090000 pid=2518 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=8e28beb5-1a00-0000-1d60-04c1d6090000 pid=2518 execve guuid=900d19cc-1a00-0000-1d60-04c1070a0000 pid=2567 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=900d19cc-1a00-0000-1d60-04c1070a0000 pid=2567 execve guuid=a41e97cc-1a00-0000-1d60-04c1080a0000 pid=2568 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=a41e97cc-1a00-0000-1d60-04c1080a0000 pid=2568 clone guuid=ee4040cd-1a00-0000-1d60-04c10a0a0000 pid=2570 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=ee4040cd-1a00-0000-1d60-04c10a0a0000 pid=2570 execve guuid=d976e5e5-1a00-0000-1d60-04c1580a0000 pid=2648 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=d976e5e5-1a00-0000-1d60-04c1580a0000 pid=2648 execve guuid=f4412be6-1a00-0000-1d60-04c15a0a0000 pid=2650 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=f4412be6-1a00-0000-1d60-04c15a0a0000 pid=2650 clone guuid=564b91e7-1a00-0000-1d60-04c15e0a0000 pid=2654 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=564b91e7-1a00-0000-1d60-04c15e0a0000 pid=2654 execve guuid=14a4a5f6-1a00-0000-1d60-04c18a0a0000 pid=2698 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=14a4a5f6-1a00-0000-1d60-04c18a0a0000 pid=2698 execve guuid=6a4efbf6-1a00-0000-1d60-04c18c0a0000 pid=2700 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=6a4efbf6-1a00-0000-1d60-04c18c0a0000 pid=2700 clone guuid=539ac4f8-1a00-0000-1d60-04c1920a0000 pid=2706 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=539ac4f8-1a00-0000-1d60-04c1920a0000 pid=2706 execve guuid=61966a12-1b00-0000-1d60-04c1d90a0000 pid=2777 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=61966a12-1b00-0000-1d60-04c1d90a0000 pid=2777 execve guuid=abe2aa12-1b00-0000-1d60-04c1db0a0000 pid=2779 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=abe2aa12-1b00-0000-1d60-04c1db0a0000 pid=2779 clone guuid=285c2e13-1b00-0000-1d60-04c1de0a0000 pid=2782 /usr/bin/wget net send-data guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=285c2e13-1b00-0000-1d60-04c1de0a0000 pid=2782 execve guuid=f755bc1e-1b00-0000-1d60-04c1ef0a0000 pid=2799 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=f755bc1e-1b00-0000-1d60-04c1ef0a0000 pid=2799 execve guuid=012b1b1f-1b00-0000-1d60-04c1f10a0000 pid=2801 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=012b1b1f-1b00-0000-1d60-04c1f10a0000 pid=2801 clone guuid=d13d2a1f-1b00-0000-1d60-04c1f30a0000 pid=2803 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=d13d2a1f-1b00-0000-1d60-04c1f30a0000 pid=2803 execve guuid=92f6e233-1b00-0000-1d60-04c1160b0000 pid=2838 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=92f6e233-1b00-0000-1d60-04c1160b0000 pid=2838 execve guuid=42d93434-1b00-0000-1d60-04c1170b0000 pid=2839 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=42d93434-1b00-0000-1d60-04c1170b0000 pid=2839 clone guuid=e5f91435-1b00-0000-1d60-04c11c0b0000 pid=2844 /usr/bin/wget net send-data guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=e5f91435-1b00-0000-1d60-04c11c0b0000 pid=2844 execve guuid=701bc240-1b00-0000-1d60-04c1310b0000 pid=2865 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=701bc240-1b00-0000-1d60-04c1310b0000 pid=2865 execve guuid=53ab1241-1b00-0000-1d60-04c1330b0000 pid=2867 /usr/bin/dash guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=53ab1241-1b00-0000-1d60-04c1330b0000 pid=2867 clone guuid=59662541-1b00-0000-1d60-04c1340b0000 pid=2868 /usr/bin/wget net send-data write-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=59662541-1b00-0000-1d60-04c1340b0000 pid=2868 execve guuid=72bd5556-1b00-0000-1d60-04c1600b0000 pid=2912 /usr/bin/chmod guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=72bd5556-1b00-0000-1d60-04c1600b0000 pid=2912 execve guuid=9dcba156-1b00-0000-1d60-04c1620b0000 pid=2914 /home/sandbox/x86_64 net guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=9dcba156-1b00-0000-1d60-04c1620b0000 pid=2914 execve guuid=ae16c156-1b00-0000-1d60-04c1650b0000 pid=2917 /usr/bin/rm delete-file guuid=f11e208f-1a00-0000-1d60-04c178090000 pid=2424->guuid=ae16c156-1b00-0000-1d60-04c1650b0000 pid=2917 execve d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=7523d68f-1a00-0000-1d60-04c17c090000 pid=2428->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=2fb20ea9-1a00-0000-1d60-04c1b6090000 pid=2486->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=8e28beb5-1a00-0000-1d60-04c1d6090000 pid=2518->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=ee4040cd-1a00-0000-1d60-04c10a0a0000 pid=2570->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=564b91e7-1a00-0000-1d60-04c15e0a0000 pid=2654->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=539ac4f8-1a00-0000-1d60-04c1920a0000 pid=2706->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=285c2e13-1b00-0000-1d60-04c1de0a0000 pid=2782->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=d13d2a1f-1b00-0000-1d60-04c1f30a0000 pid=2803->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=e5f91435-1b00-0000-1d60-04c11c0b0000 pid=2844->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=59662541-1b00-0000-1d60-04c1340b0000 pid=2868->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9dcba156-1b00-0000-1d60-04c1620b0000 pid=2914->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915 /home/sandbox/x86_64 dns net send-data zombie guuid=9dcba156-1b00-0000-1d60-04c1620b0000 pid=2914->guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915 clone guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915->41eddc72-81b4-5704-b6ae-07075042401d send: 14B guuid=1bf7c456-1b00-0000-1d60-04c1660b0000 pid=2918 /home/sandbox/x86_64 guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915->guuid=1bf7c456-1b00-0000-1d60-04c1660b0000 pid=2918 clone guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919 /home/sandbox/x86_64 net net-scan send-data guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915->guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919 clone guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920 /home/sandbox/x86_64 net net-scan send-data guuid=0089b956-1b00-0000-1d60-04c1630b0000 pid=2915->guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920 clone guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919|send-data send-data to 4097 IP addresses review logs to see them all guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919->guuid=6008ca56-1b00-0000-1d60-04c1670b0000 pid=2919|send-data send guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 32a97a53-a6d4-5fcd-a9a6-f8fdd422e0ae 125.17.234.162:23 guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920->32a97a53-a6d4-5fcd-a9a6-f8fdd422e0ae send: 40B 7c85ca13-9ac1-5893-a6ea-af3e819d7dd2 38.181.173.52:23 guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920->7c85ca13-9ac1-5893-a6ea-af3e819d7dd2 send: 40B guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920|send-data send-data to 4097 IP addresses review logs to see them all guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920->guuid=eb60ce56-1b00-0000-1d60-04c1680b0000 pid=2920|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-28 13:11:28 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wtqq4vgxz2gvwxrtgsysczwovjxfkecxgpfffdyoxfbfcg2gnjbq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250628-qe4yfsbl31/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b4e10e54d7ce8d5b5e3334b12166ceaa6e55105733ca528f0eb942511b466a43

(this sample)

Mirai

elf 84f9e76d27dc0ee50feb56b189fe1c38bbe4e2f1ef1337359e033a43af2fea0f

  
URLhaus
https://urlhaus.abuse.ch/url/3570299/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b81ad79baebe58a67d7c5bbc2237e411
  
Dropping
SHA256 84f9e76d27dc0ee50feb56b189fe1c38bbe4e2f1ef1337359e033a43af2fea0f

Comments