MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0
SHA3-384 hash:	4ab3222000ed87272aefc31983da913d61f81c638edbb37650dbefaa729ca524bec7e4b57de694c9c8036c1d1d8ad488
SHA1 hash:	3f30a4b01135d1de442de93d77bcb5c35aa2458b
MD5 hash:	f88375b64cd3047417c4cf457d3f09c8
humanhash:	arkansas-arizona-hawaii-pip
File name:	update.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	6'214 bytes
First seen:	2026-03-27 15:36:07 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:bUrFrf0rtqTBKorKzhqkLaFf6svqEPBPhA+B0RMfd32uAkRmYxnMPYz0aT9+xyMS:odUg2hMez61BIQzb
TLSH	T16DD1D9B4F125D630D88FCAB612A9BD1DE228B8C3D4E58E59FB7E15646C04FEC3C64942
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	BlinkzSec
Tags:	mirai

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://143.20.185.225/dl.php	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

bash botnet evasive lolbin mirai obfuscated

Link:

https://www.filescan.io/uploads/69c6a64c2346b9da57ab6eba/reports/20e283d4-9e2f-409a-838a-49c47bf02950/overview

Result

Gathering data

Verdict:

Malicious

File Type:

Script

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/d56984a9-fbc0-4f6d-9c12-d94aa6447e28

Score:

91%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6qkt54q4pdayczbr4i7i4cdlntf4i5o7iz6vleeibfapqlgk2cqa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260327-s13nmacv2l/

Behaviour

Reads runtime system information

Writes file to tmp directory

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware Config

C2 Extraction:

moiamonprime.myddns.me

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/f4153ef21c78/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.36

Link:

https://yomi.yoroi.company/submissions/f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4153ef21c78c1816431e23e8e086b6ccbc475df467d5590880940f82ccad0a0

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3806430/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample