MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd
SHA3-384 hash:	60e1b37c404e224fcfceb43eedf0c74a5c055ac18cd89b0d4214853bea6144b03e554fda51fb9517cd3aec66cb90e175
SHA1 hash:	4b8af38ea9d432531b65e9d88e237120fbacea9e
MD5 hash:	07df55f5de109803242a96a84a6acc4f
humanhash:	item-sixteen-finch-four
File name:	ipcam.tplink.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'464 bytes
First seen:	2025-08-22 20:59:56 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:nlAVhpt3VhYYVhPuVhRFVhY7MVhv0Vh7KVhdwVhnPt/eIVhJkPzgIMAVhJSxVha:lUh/FhZh2hJh7hQhGhah5JhGNhmha
TLSH	T188314FCA985E720AA0F5CA417407DB248F0D8593AEC01FA4D6CD3CB9E74CD25F4E554C
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.69.194/kitty.armv7l	80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.armv6l	c1ea896950b50eb46534a8a3aba9c0b6ac50483717822a8bae8eb439b576e94c	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.armv5l	955ff456db1482947fcaa4a2ca57a372e0ea3ab9e92a2c6c34c1a97b85269b50	Mirai	elf geofenced mirai ua-wget UK
http://196.251.69.194/kitty.mips	n/a	n/a	elf mirai ua-wget
http://196.251.69.194/kitty.mipsel	cb93ba4bdeca9b98b820e6a54f5ce7259c6dea673d8ee2b92e88d39f70efb8ea	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.aarch64	1a930b4aa7c5f6e140466a8309037bf5def5614f7ed514bd9010868b8f51710b	Tsunami	elf mirai Tsunami ua-wget
http://196.251.69.194/kitty.i686	1856f5b82ce74dec870cdc0532a1aafcbb952a73f73268283fee5829ca0843a4	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.i486	dff8915b9e3eaddfd2383c1b061ab2a0a0272d351a7d9bb8147a2b62b9ed3048	Mirai	elf geofenced mirai ua-wget UK
http://196.251.69.194/kitty.x86_64	n/a	n/a	elf mirai ua-wget
http://196.251.69.194/kitty.powerpc	30fcafea6ab423a85ade81a48e89cd23e195ed24c746ed908b68d897b2c88dbc	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.powerpc64	1fa67e0be9dac19cd3a37a238f58eb1c0d160352d874bbfc423db7444c5b5ccb	Mirai	elf mirai ua-wget
http://196.251.69.194/kitty.m68k	baf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

File Type:

text

First seen:

2025-08-22T18:13:00Z UTC

Last seen:

2025-08-22T18:13:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/3c32522e-2ed2-4e5a-b8e0-223327ec0a24

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-08-22 21:00:56 UTC

File Type:

Text (Shell)

AV detection:

15 of 38 (39.47%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zu4d43hbdt3mirl2q6cmy2duewn5ilxijgm77y3n22ibsc3ou26q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250822-ztscmsyqz7/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cd383e6ce11cf6c4457a8784cc6874259bd42ee84999ffe36dd690190b6ea6bd

(this sample)

Mirai

elf 80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078

URLhaus

https://urlhaus.abuse.ch/url/3606435/

Delivery method

Distributed via web download

Dropping

MD5 d20c6658bd55692b4f08514d8385eb89

Dropping

SHA256 80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample