MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42
SHA3-384 hash: dfaf482d2a59d99362bec5f572279a83feba8b64b6a59a89ccfeb20708bc7e5fa1817dc80c4482e5465c02646e2eac45
SHA1 hash: e321f134a701ff5e9f3b4b252ea75566ff5e3615
MD5 hash: b1f940957417fd4b0242ee79439aa9c6
humanhash: network-oven-zebra-michigan
File name:kla.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'389 bytes
First seen:2026-06-11 14:10:25 UTC
Last seen:2026-06-11 17:38:34 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xjrmKhEH8fEHHsTE1QXcU2VWZaXcU2wWUaXcU2AWkaXcU2FWJM:IKhEcfEnsTE1WcflS3kkT
TLSH T1DA21A6C4129354707CF54C2BA26AC918F6C97A89EEC14E40A0DDF5F5A4CCF45F905A73
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.32.41.16/bins/pmips36c5aea74bc2ad656c110809f9fb59ba3a26454ba977525da25dc817e43dd794 Miraielf mips mirai opendir ua-wget
http://89.32.41.16/bins/pmpslc7ab0d251c14f2caac2265830ecedcd9626e3fbbc0d88bf51fc48fc473139ecb Miraielf mips mirai opendir ua-wget
http://89.32.41.16/bins/parm85a4b1ae3ad71c491ad162e6ca992667c0656357d4806a240d4e2b3bb4b4163a Miraielf mirai ua-wget
http://89.32.41.16/bins/parm73f2f76194be8ef9dcca6820a0ff688ea4c7995c970096cb4d5ff87cb3efa1af3 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
50
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6a2ac1ea1f652d6865785689/reports/fce80453-952f-43da-81e7-524998a946c4/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-11T09:31:00Z UTC
Last seen:
2026-06-11T10:01:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c308df5c-049e-43f2-bcac-22d1ae406bbe
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jgrgbx4tn3dvbg5jmpws37zloyyfvtsjxndls2i7fvq7tkjtjba._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260611-rg5s7sez9y/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ea4d1306fc9b763a84dd4b1f696ff95bb182d6724dda35cb48f96b0fcd499a42

(this sample)

Mirai

elf 09af15dc90c186c3dc1a61c71c3b68c13c16be1cad9b8cb4f9d61d0c1a42d394

Mirai

elf 36c5aea74bc2ad656c110809f9fb59ba3a26454ba977525da25dc817e43dd794

  
URLhaus
https://urlhaus.abuse.ch/url/3840654/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fc47f39b72fe7aca74fcffec47d3bc4e
  
Dropping
SHA256 36c5aea74bc2ad656c110809f9fb59ba3a26454ba977525da25dc817e43dd794

Comments