MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50
SHA3-384 hash:	f58ec560b3afd25ac9578a19c62afcff2ca6ee21a87c7ea11a58f28460374a799653500945600cb7cf4133f99e05ee86
SHA1 hash:	228c05fc35582a2f4777da5849e8d1b747b42f1a
MD5 hash:	881ca21f5729d4b2dd234b743b3b9cf1
humanhash:	tennis-iowa-harry-arizona
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	889 bytes
First seen:	2025-09-14 11:36:55 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:M0XX5BhIX/XTWXXaJ2XbBMX2qTCMXtjXAXo2Xfn:M0XJByX/KXKJ2XbyX2q+MX1XAXfXfn
TLSH	T19F11C4DEE2D2B972846CDD197D33465C200682CE6D6B8FDFFC6A047454D2A907190E89
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://158.94.209.216/arc	ee9180bd2b165795dfaaf5d6de60148d34353c66373cc322e49eaf532de435f9	Mirai	elf mirai
http://158.94.209.216/arm	14883298489d57b2242533f561769e8f21737126e8560c4b9955dc701478c23e	Mirai	32-bit elf mirai Mozi
http://158.94.209.216/arm5	82ee72be70e8dce122910449268514083943892258ea9b9d21068e03286d03f8	Mirai	elf mirai
http://158.94.209.216/arm6	57a6ba282a2ffad3469d83844906606272225fdaeb15c2e2043a11978240de4b	Mirai	elf mirai
http://158.94.209.216/arm7	5a469ba94c55f39fdf0656a0a1b98c988d699569397587d8e1141a0d928b9eea	Mirai	elf mirai
http://158.94.209.216/mips	77637c28bd5ccda2ad3c90c2d34e879fa7e10f1abe04520e5bda11cd7ed69c8e	Gafgyt	32-bit elf gafgyt Mozi
http://158.94.209.216/mpsl	afe59ccdfac00527b2983101bc1e5d91361609b4753962e0cb2cc890b8a35d2f	Gafgyt	elf gafgyt
http://158.94.209.216/ppc	a8de55bad2e1d7f6821139880b74b7345a242dd8f6296f626cdceb07d5f5742e	Mirai	elf mirai
http://158.94.209.216/sh4	71cf2bcec3f927abc59bb4a57e950a1685ce005380b6a2e3dad891788828dc07	Gafgyt	elf gafgyt mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

no reply from clamd

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive

Link:

https://www.filescan.io/uploads/68c6aa2a7328794829299520/reports/b6f2e664-ab46-441b-9385-175b9e7042bd/overview

Verdict:

Malicious

File Type:

text

First seen:

2025-09-14T08:48:00Z UTC

Last seen:

2025-09-14T08:48:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/7a43dcbb-4baa-4806-adcc-338cb64b7fc6

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-09-14 11:31:18 UTC

File Type:

Text (Shell)

AV detection:

12 of 24 (50.00%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2lsnhlq3trpe4kfqw2csxntmhqc6jvbz6zbutkudaz2exp3bhria._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250914-ntw52svxby/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d2e4d3ae1b9c5e4e28b0b6852bb66c3c05e4d439f64349aa8306744bbf613c50

(this sample)

elf 295bc2ac0bde4ab7ddf579004efe82a356444663256fd2d36f75d7dd4d893e9f

URLhaus

https://urlhaus.abuse.ch/url/3623697/

Delivery method

Distributed via web download

Dropping

MD5 a1d764f3852be2b729bdc606e2f7b143

Dropping

SHA256 295bc2ac0bde4ab7ddf579004efe82a356444663256fd2d36f75d7dd4d893e9f

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample