MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2
SHA3-384 hash: e4fe08653b2a3db9e34b1ca8272262085b21f41afee7c7a1ade7ad3181f55462c45fdc3ef98f972e5561fbdf42208740
SHA1 hash: 84494305d7fcfc404057afb6b76ab92567411e98
MD5 hash: 9cde1f34f7a022d01b4372eb53458d2c
humanhash: robin-missouri-uniform-emma
File name:cn
Download: download sample
Signature Mirai
Create hunting rule
File size:1'618 bytes
First seen:2025-08-09 05:51:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:gkaouAPnH64R6cW6/sN6/E86/wKGX6GOe4pncS/sV/EO/wKMGOs2w5TpHwBoCHwW:P5JWN98nbadc+7LNMRgrfWq
TLSH T15F31ECCA2291E7A24696DE7CF776D1E9E063C1C857277BD8FAD4543C855C428F041335
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://66.63.187.141/mips7124a65bf24f9edba23f44feeace7c17c40c84a3977c2220d6742e188928612e Mirai32-bit elf gafgyt mirai Mozi
http://66.63.187.141/mpsl2d1cf20f3c60d797308489012c7552b1db022dfbfcf8bb1c71fe360290f597f2 Miraielf mirai ua-wget
http://66.63.187.141/arm4cd70744ef6cb273b118728efb46fe5f5c60abaaca71c965595926f2efd1d07be Miraielf gafgyt mirai ua-wget
http://66.63.187.141/arm52153f7f0232ac7e9fb23ee4c50aabb18c7f32ff2653f213796fb55b3229aabf4 Miraielf gafgyt mirai ua-wget
http://66.63.187.141/arm78caac9e05312ee38e05a89b23e920a5901c4c88736db0b345e5184dbef7ce50b Miraielf mirai ua-wget
http://66.63.187.141/x86c8cd283b2c877dd54bb88007adf05c50549d1cb6ca6b6fedbe6d225e8683288b Mirai32-bit elf gafgyt mirai Mozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-34.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8fc27043-c586-4fc0-ae22-048318571ace
Behavior Graph:
Download SVG
%3 guuid=beb12810-1800-0000-7aad-c31a500a0000 pid=2640 /usr/bin/sudo guuid=78701b12-1800-0000-7aad-c31a590a0000 pid=2649 /tmp/sample.bin guuid=beb12810-1800-0000-7aad-c31a500a0000 pid=2640->guuid=78701b12-1800-0000-7aad-c31a590a0000 pid=2649 execve guuid=f3cd8112-1800-0000-7aad-c31a5b0a0000 pid=2651 /usr/bin/killall guuid=78701b12-1800-0000-7aad-c31a590a0000 pid=2649->guuid=f3cd8112-1800-0000-7aad-c31a5b0a0000 pid=2651 execve guuid=8838d414-1800-0000-7aad-c31a620a0000 pid=2658 /usr/bin/killall guuid=78701b12-1800-0000-7aad-c31a590a0000 pid=2649->guuid=8838d414-1800-0000-7aad-c31a620a0000 pid=2658 execve guuid=7cc98e16-1800-0000-7aad-c31a680a0000 pid=2664 /usr/bin/killall zombie guuid=78701b12-1800-0000-7aad-c31a590a0000 pid=2649->guuid=7cc98e16-1800-0000-7aad-c31a680a0000 pid=2664 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-09 04:19:00 UTC
File Type:
Text (Shell)
AV detection:
12 of 38 (31.58%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rxcairrtz3nuvdhwl2dio6nheip2lo5cxg3pfnbp7xq53ban6ra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250809-gpkswsssdz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d46e2022319e76da5467b2f4343bcd3910fd2ddd15cdb795a17fef0eec206fa2

(this sample)

Mirai

elf 93d46c8c1ca794c1d8babed9f51ea40ce355d0f5c4aeb68c3d3b3494e64854c3

  
URLhaus
https://urlhaus.abuse.ch/url/3594254/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4d8c30822d1e2836ff50bd9a321f0d38
  
Dropping
SHA256 93d46c8c1ca794c1d8babed9f51ea40ce355d0f5c4aeb68c3d3b3494e64854c3

Comments