MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf
SHA3-384 hash: 77a061eef4ccc2a2d7f850642101984e6e2af62f8d86effd5570b31c56ded13c3b0c387442c2061b0418c1c95be32049
SHA1 hash: a6e9d828ed02dd44108cef0d221b0f5efe1db038
MD5 hash: 39d46be8a9a6afc02fb5497c6fba42f8
humanhash: river-uncle-vegan-mockingbird
File name:w
Download: download sample
Signature Mirai
Create hunting rule
File size:895 bytes
First seen:2025-12-05 18:14:13 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:YWh/4Yvh/nIvh/nvh/mvhfERCvhyvho8Lvh4LvhcvhyILvhQiL:tgYZfIZvZuZsRCZyZ5LZ4LZcZyYZQiL
TLSH T15E118EBD42097564408EE816B1E9CB48707B8BDFE5B78E506EA4727860F85DD3032F5B
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/zerarmb1fc3983f0bc36b499b62f9259598228ea731bf8f42662d160d60a1d3927a2c6 Miraielf mirai ua-wget
http://213.209.143.64/zerarm5233b9a33763cb7c63e71edfd6b8d2634c836874c19bd2875af301a33d67b1e23 Miraielf mirai ua-wget
http://213.209.143.64/zerarm618edecb267ed8431bcdf583343016bc4a23a14e99f188d0016b3330d50ce37e4 Miraielf mirai ua-wget
http://213.209.143.64/zerarm7ef12fe69eb0c0ec839cc768a64b74563981254355bfc070aa3f710ef76444447 Miraicensys elf mirai ua-wget
http://213.209.143.64/zerm68kdcd75743bdc49d77a6b5b795d40a749aeee1c2a0022216640429b6595eba5b9b Miraielf mirai ua-wget
http://213.209.143.64/zermips3f622b288e8182003119ed88145a8c767b94813a364eae2c6e12344c8787ca3e Miraielf mirai ua-wget
http://213.209.143.64/zermpsld601648e9899e851aeed28f8647b34e99568d2db7ec355b1bb006a13ef3193a8 Miraielf mirai ua-wget
http://213.209.143.64/zerppcf8ed59bf085147f9f68bd07da0abc3718f2443c13d5c4bfc00b3a59e07fcbe5b Miraielf mirai ua-wget
http://213.209.143.64/zersh41ea1fc2e4207c4e655a28c2db88eef83b97a26941032cf215cd57faa5a949486 Miraielf mirai ua-wget
http://213.209.143.64/zerspc6496c61113866790377cfe12852de2281442a0a39857e7fb9081dce52540fc59 Miraielf mirai ua-wget
http://213.209.143.64/zerx86ca9ef98018660b25ccd0c10e346fd410487c149ee82209c37f1de1fd83a59494 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-05T16:30:00Z UTC
Last seen:
2025-12-06T00:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f2d69df0-efab-4e15-98ae-93b192aa650f
Behavior Graph:
Download SVG
%3 guuid=bc078471-1600-0000-ae45-d829c10a0000 pid=2753 /usr/bin/sudo guuid=9f555175-1600-0000-ae45-d829c30a0000 pid=2755 /tmp/sample.bin guuid=bc078471-1600-0000-ae45-d829c10a0000 pid=2753->guuid=9f555175-1600-0000-ae45-d829c30a0000 pid=2755 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:18:21 UTC
File Type:
Text (Shell)
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6sruuz5e5akzursvpmsil4pngcq5hscy7ety4wgeod6mooae7tpq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251205-wxwbxsel5z/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf

(this sample)

Mirai

elf 07a3cd112d50a1758a535cc97221249993a84090f5144ed81d235daeeae525e9

  
URLhaus
https://urlhaus.abuse.ch/url/3726315/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726443/
  
Dropping
MD5 b04f0c96fb3696f1989d70b947818551
  
Dropping
SHA256 07a3cd112d50a1758a535cc97221249993a84090f5144ed81d235daeeae525e9

Comments