MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379
SHA3-384 hash: 4933af2afcd14cf5c8030949d8f2d75d3197e39e1ec5295b556672de4eede9b0341cf86f2ea58464d3917f3c3fca3680
SHA1 hash: 08be2a67d87fc7fd7410ebf298e2dfc244882b95
MD5 hash: b35064e73073c55ef01c01838821d82e
humanhash: illinois-autumn-low-football
File name:sh.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:853 bytes
First seen:2025-08-17 19:23:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:JVzqVXVSTF0V/wSTFhLBSTTjSTj5+STZ+STVtuSTdaMGjuSTw0FHSTLVIVn:n2X4GVvgfuHD9tdCJVyHVIV
TLSH T1B30161AF11125E1202048E573271A678E804C3AE22B7CBDBEC6944778ECC5D9F19CEB7
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.153.34.54/.ksysdce3856890d8e6742373483cbe3f91f43d2ffe46d9cfb477ec2ba527cbfe757f3 Miraielf mirai ua-wget
http://45.153.34.54/.udevmon5666457906e77e9b2093eb45926d31d7492e13917c4a77e834d20ebe1c8e05ab Miraielf mirai ua-wget
http://45.153.34.54/.upstart764ee0c4752eb4edd4614d9778a2cc86380e51ef4ae18ed9ac9370985e50e968 Miraielf mirai ua-wget
http://45.153.34.54/.netd2c3dfa2cfc986c258bde3109b2d6810795405f08f8bf4077d891cf84b81ffb7b Miraielf mirai ua-wget
http://45.153.34.54/.syncd7f4576f600964cf6db8967142a39f458104122913f724a9c7d63d1fd6e7a93c4 Miraielf mirai ua-wget
http://45.153.34.54/.irqphualn/an/aelf ua-wget
http://45.153.34.54/.rsysle0d449333f59991c357fd63845a63e93bee601a41c179080be1a16a3e81eb963 Miraielf mirai ua-wget
http://45.153.34.54/.modprophuen/an/aelf ua-wget
http://45.153.34.54/.kthreaddeec4325549cb7bd3893de5911826d45ee53146dc6b046df9fbdd2d057a93a69a Miraielf mirai ua-wget
http://45.153.34.54/.klogd789833dba9d740b8b32b7ed37b913909b45ebbfde8b6d2785fcf211e7f202b8a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade
Link:
https://www.filescan.io/uploads/68a22c70a4bdac9f5b9aa358/reports/7b5549c3-2a93-412a-a671-3bda08cea7b9/overview
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/01e76c5b-346a-4940-8567-e34bfedd0f9a
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379/
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-17 09:20:11 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zl2ymi72isroioefnhddxnrhwz73pgloh4gmbmvcz3kgrddnan4q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250817-x8ad9shk4t/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh caf58623fa44a2e4388569c63bb627b67fb7996e3f0cc0b2a2ced4688c6d0379

(this sample)

Mirai

elf ce3856890d8e6742373483cbe3f91f43d2ffe46d9cfb477ec2ba527cbfe757f3

  
URLhaus
https://urlhaus.abuse.ch/url/3605106/
  
Delivery method
Distributed via web download
  
Dropping
MD5 735290e101ccd7d5f609c17225830ece
  
Dropping
SHA256 ce3856890d8e6742373483cbe3f91f43d2ffe46d9cfb477ec2ba527cbfe757f3
  
URLhaus
https://urlhaus.abuse.ch/url/3605663/
  
URLhaus
https://urlhaus.abuse.ch/url/3605664/

Comments