MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb
SHA3-384 hash: eab208e1ad0e5458a19ff7a7ea2f4fa8cb95f8ef6e45b62354d048756d9228dea38146523ec225c95d1b5fcfbe751100
SHA1 hash: ca0885cea9e642e52dad3758ed37c25ca1b87dfe
MD5 hash: 34181061ffe2ebcf9c297963d06ec447
humanhash: tango-echo-magazine-tennessee
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'829 bytes
First seen:2025-12-27 18:19:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:kEP4A42JMiR8RbiB+tNtuZGsGscvy8KHcNcbw5RPLv0/2LbAbhM3iAY:eX2JMuAbiBGDuZGubwk
TLSH T1D25161AB23144B31F609954FB7F63376634EA0926EDBC604E944086D4ECBD4C36DDE84
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnaarch64xnxnbfa93d870e79ed6bf6700edae9d54ab129bcc5742bfaaac5ca445f4cd847e7d9 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxni386xnxn1485e12b6db6efa1eac5944f6af8f37acc210b545a65f32213920081071e3f8f Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnloongarch64xnxnf7a3574720bef34989d0d6295831629e05ff0874edf00665c7d0e38ead0cd60e Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnm68kxnxne8c2f0fc56a56b48a1f4cfbd9b0c2fec7757158f6e21513782b8e3597d90cb53 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnmicroblazexnxn3a3be5c430963b4bb8aa5fc3571ae991a2f34ec976e362d77a0e06b4f2918efe Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnmipsxnxnd1ef83a90c34d48cc2f36bd46b759e6befaa2aae6a48778df5e729aebeae2ffd Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnor1kxnxnf0fbd3d3b48cab7232d5712d94f2f8e5dad80383fd4be777a9e53902d706d0c2 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnpowerpcxnxn9078b17d510c83aca9c1b8b2e29fc5a7ca06961d48eb9cc3d6d916a4b87a587e Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnriscv32xnxne2faa72a9069f827216d63f1044bbc3d4dac8c255fcc92600b1e9a5d57e3dec5 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnriscv64xnxn1fcc38485486e3fb24437dc758750a4bcb5faacf1f9ac5b4cfcdffd04f968468 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnsh2xnxn7e8a91c42829fb9e7e56ae70822e36c5a65a14fab3acb3499c73571dbed63533 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnsh4xnxn3713e270e32a05e3313e1eb506cba63f1854297efdbc1dfa8787888ef2238f53 Miraicensys elf mirai ua-wget
http://80.87.206.0/bins/xnxnxnxnxnxnxnxnx86_64xnxn97114a8b41f29ae181a0dd35434219f761ef142006fcf410a69f8cbf68174bc0 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm evasive mirai
Link:
https://www.filescan.io/uploads/6950236ae126b9ff43934ef8/reports/85758da1-505d-4af5-be0f-6b42728d239b/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-27T15:24:00Z UTC
Last seen:
2025-12-27T15:34:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-27 18:20:27 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wt4uur6lpyxafh63zzxf7752y5l4a2kjchs55ysr6onoteuh4t5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251227-wyxalszjfx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b4f94a47cb7e2e029fdbce6e5fffbac757c0694911e5dee251f39ae99287e4fb

(this sample)

Mirai

elf 3f29d5177254a07d5564eb36cf1dd10eeaee3f8d1f9d1c016131f1327ab55e89

Mirai

elf bfa93d870e79ed6bf6700edae9d54ab129bcc5742bfaaac5ca445f4cd847e7d9

  
URLhaus
https://urlhaus.abuse.ch/url/3744853/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f4da4339c474467cf47310c0a6ce71d7
  
Dropping
SHA256 bfa93d870e79ed6bf6700edae9d54ab129bcc5742bfaaac5ca445f4cd847e7d9

Comments