MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf
SHA3-384 hash: 77a061eef4ccc2a2d7f850642101984e6e2af62f8d86effd5570b31c56ded13c3b0c387442c2061b0418c1c95be32049
SHA1 hash: a6e9d828ed02dd44108cef0d221b0f5efe1db038
MD5 hash: 39d46be8a9a6afc02fb5497c6fba42f8
humanhash: river-uncle-vegan-mockingbird
File name:w
Download: download sample
Signature Mirai
Create hunting rule
File size:895 bytes
First seen:2025-12-05 18:14:13 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:YWh/4Yvh/nIvh/nvh/mvhfERCvhyvho8Lvh4LvhcvhyILvhQiL:tgYZfIZvZuZsRCZyZ5LZ4LZcZyYZQiL
TLSH T15E118EBD42097564408EE816B1E9CB48707B8BDFE5B78E506EA4727860F85DD3032F5B
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/zerarmb3327565abb469b5e72ec0a7507534510ccc60acb002cb2b283735323a112420 Miraielf mirai ua-wget
http://213.209.143.64/zerarm511be9259843c96c79c4fc470a75225739fe43edec7d8fe2fccaa26d52851aa92 Miraielf mirai ua-wget
http://213.209.143.64/zerarm61fe3d648a158c45350edc95a2b176a625df955c2e96e4deba7e51e647c827191 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zerarm785e820c56acd10a63589c956ac80b187e1519a5ce248684656763150c044a27e Miraicensys elf mirai ua-wget
http://213.209.143.64/zerm68k278ac054a48a876da96c72b249d39cb04e7955efbe847126cec66cc00c2cbfe5 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zermips3ec3f406ab6e32b212258e9dff737042afab96d29b78ae795512b58952ba89b9 Miraielf mirai ua-wget
http://213.209.143.64/zermpslb1ee0fe9064f62c1674ed8afbeb6d175feec0ce7bb61213e3cc5e66059e7b88c Miraielf mirai ua-wget
http://213.209.143.64/zerppccd10a5b32764ecda7837bb9641b02a7549b15556e2ca17c76e676ae0bc7b4310 Miraielf mirai ua-wget
http://213.209.143.64/zersh4e26b89d66f151074758de67da0e319991ab99abca8e192d7cc72212b7a5c3af5 Miraielf gafgyt mirai ua-wget
http://213.209.143.64/zerspcdbd0a83fd9c02f87e38f320be9fe7c80a71dc3cbfab365e016356cec6649d78a Miraielf mirai ua-wget
http://213.209.143.64/zerx868084d2a98a8a09aa1cc54171abd670623687ce3263160668cf54a606cc5f7e8c Miraicensys elf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-05T16:30:00Z UTC
Last seen:
2025-12-06T00:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f2d69df0-efab-4e15-98ae-93b192aa650f
Behavior Graph:
Download SVG
%3 guuid=bc078471-1600-0000-ae45-d829c10a0000 pid=2753 /usr/bin/sudo guuid=9f555175-1600-0000-ae45-d829c30a0000 pid=2755 /tmp/sample.bin guuid=bc078471-1600-0000-ae45-d829c10a0000 pid=2753->guuid=9f555175-1600-0000-ae45-d829c30a0000 pid=2755 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:18:21 UTC
File Type:
Text (Shell)
AV detection:
20 of 37 (54.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6sruuz5e5akzursvpmsil4pngcq5hscy7ety4wgeod6mooae7tpq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251205-wxwbxsel5z/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4a34a67a4e8159a46557b2485f1ed30a1d3c858f9278e58c470fcc73804fcdf

(this sample)

Mirai

elf 07a3cd112d50a1758a535cc97221249993a84090f5144ed81d235daeeae525e9

  
URLhaus
https://urlhaus.abuse.ch/url/3726315/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726443/
  
Dropping
MD5 b04f0c96fb3696f1989d70b947818551
  
Dropping
SHA256 07a3cd112d50a1758a535cc97221249993a84090f5144ed81d235daeeae525e9

Comments