MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71
SHA3-384 hash: d2d94cbb02ba2f05e527233d932c4c4e0568d4d7902ee876064ec7e9aaa3ec96a00e37015a38fd6530e31ca233377cd0
SHA1 hash: 4717e9654211d21a90bebd00f4157fdb40df1631
MD5 hash: 86146065d3ddabeb8d03c8a7fb8ce32d
humanhash: wisconsin-tango-kilo-seventeen
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'354 bytes
First seen:2025-08-11 05:49:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:v0F1mjUsv0F+Rpv0F1mjUsv0F1mjUsv0F8oQv0F6+7Ig/v0FnN1Qsv0FrLDNv0Fk:UfUmff/bv8nnQ33W8fCIG3fj+5us
TLSH T18841C4C9125119B4ACA298A737F7C104BACE989B5CC69FA7E0C93EE544CDD04BE44ED3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.42.88.217/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8a345f2c-f413-4c24-9dff-0a2047809205
Behavior Graph:
Download SVG
%3 guuid=8e0c0495-1600-0000-7467-92fda80c0000 pid=3240 /usr/bin/sudo guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242 /tmp/sample.bin guuid=8e0c0495-1600-0000-7467-92fda80c0000 pid=3240->guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242 execve guuid=61868697-1600-0000-7467-92fdab0c0000 pid=3243 /usr/bin/wget net send-data write-file guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=61868697-1600-0000-7467-92fdab0c0000 pid=3243 execve guuid=e245cee4-1600-0000-7467-92fd190d0000 pid=3353 /usr/bin/curl net send-data write-file guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=e245cee4-1600-0000-7467-92fd190d0000 pid=3353 execve guuid=6348cb6d-1700-0000-7467-92fd070e0000 pid=3591 /usr/bin/cat guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=6348cb6d-1700-0000-7467-92fd070e0000 pid=3591 execve guuid=4be1546e-1700-0000-7467-92fd090e0000 pid=3593 /usr/bin/chmod guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=4be1546e-1700-0000-7467-92fd090e0000 pid=3593 execve guuid=c190cd6e-1700-0000-7467-92fd0b0e0000 pid=3595 /usr/bin/dash guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=c190cd6e-1700-0000-7467-92fd0b0e0000 pid=3595 clone guuid=83e7ac6f-1700-0000-7467-92fd0f0e0000 pid=3599 /usr/bin/wget net send-data write-file guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=83e7ac6f-1700-0000-7467-92fd0f0e0000 pid=3599 execve guuid=8fc648ba-1700-0000-7467-92fdb70e0000 pid=3767 /usr/bin/curl net guuid=fc683a97-1600-0000-7467-92fdaa0c0000 pid=3242->guuid=8fc648ba-1700-0000-7467-92fdb70e0000 pid=3767 execve 04c56e7c-282b-5750-bed9-7d1d59974342 89.42.88.217:80 guuid=61868697-1600-0000-7467-92fdab0c0000 pid=3243->04c56e7c-282b-5750-bed9-7d1d59974342 send: 138B guuid=e245cee4-1600-0000-7467-92fd190d0000 pid=3353->04c56e7c-282b-5750-bed9-7d1d59974342 send: 87B guuid=83e7ac6f-1700-0000-7467-92fd0f0e0000 pid=3599->04c56e7c-282b-5750-bed9-7d1d59974342 send: 140B guuid=8fc648ba-1700-0000-7467-92fdb70e0000 pid=3767->04c56e7c-282b-5750-bed9-7d1d59974342 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 05:50:12 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4tj3glmdrf6cpngcjiupudchpqr3dmgnuv7o5k7qhfriv25tznyq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-gjsljszydx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e4d3b32d83897c27b4c24a28fa0c477c23b1b0cda57eeeabf039628aebb3cb71

(this sample)

Mirai

elf a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

  
URLhaus
https://urlhaus.abuse.ch/url/3592535/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f530e40e89fe6c93f70c073237e195c
  
Dropping
SHA256 a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

Comments