MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9
SHA3-384 hash: 25bea47cd5c517357d6cd41de967ca7fc3fe8f4933eecf8005536f38a9b8312efca366c0dad65813477e206a7978c464
SHA1 hash: 0287d785d44bb1cab51a6c3278a90c84de5f6a02
MD5 hash: 7a0c180b3fdc7fe574aaf9f6502d8496
humanhash: fruit-vermont-sierra-alabama
File name:rondo.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'926 bytes
First seen:2025-06-23 21:53:14 UTC
Last seen:2025-06-24 06:20:52 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 96:CRN061IRmR98RGAz+FZ872fR2L7zjOlLHaPCk5dzIWCcFTlH:qNxY
TLSH T1D3E10ACEACC199D5A08E090671CAC77DBD25C19D31A2EEFEE466843AD0B6704706CFD6
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.91.254.95/rondo.mips8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f Miraielf mirai ua-wget
http://154.91.254.95/rondo.mipseln/an/an/a
http://154.91.254.95/rondo.x86_6442aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv4l63e826bb485deda709b388bb8de936b4ce5c5402767d5de41c2714712df28c51 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv5l0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv6l6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv7l42bc4535a0b440c19b63f9e4eab58bf09f07d18efdf1d48615b4908ed55d7a51 Miraielf mirai ua-wget
http://154.91.254.95/rondo.powerpccd254bc3380cbc9442e3a4dc68f0e5d30535c463176cf7df38b6df692ae9d524 Miraielf mirai ua-wget
http://154.91.254.95/rondo.powerpc-440fpc4684a64a85f3ee27b2de7a5841da583226e5441e8c5a35892aac72c4dfd0a28 Miraielf mirai ua-wget
http://154.91.254.95/rondo.i686e7d00379ea426bc9dc53651dad22f8f62c6e9fe34ec71d5ad44324caf64dd79f Miraielf mirai ua-wget
http://154.91.254.95/rondo.i58657573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba Miraielf mirai ua-wget
http://154.91.254.95/rondo.i486a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99 Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdamd64a2e4531fce22a715410f42753f3e0300571faedf82ed9518e4ae0287d3a5c66f Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdi386d602c1b320c2c60d587808e90d687368f6d791ee17987e5f7344bc61a6239042 Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdpowerpcb10db2af4ce4e8d8fa9c0398f9300bd677c4b7512dc02b563ea9b7f63b7ebd2f Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdarm64de498bbf6700ef84697786340ee00180ec12b45afb2d86660378d25af0f839f3 Miraielf mirai ua-wget
http://154.91.254.95/rondo.arc7005206ad91eb182c5d422bef55202a59dfc9e9bdd2343ff165c8d36c715fdd12a6 Miraielf mirai ua-wget
http://154.91.254.95/rondo.sh420a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5 Miraielf mirai ua-wget
http://154.91.254.95/rondo.m68k3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6859ccd932ed47a3a8d6a821linux22vpnfull_triage
Tags:
malware
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7f3b240a-c95c-4b7a-b8e6-1df3ecca317a
Behavior Graph:
Download SVG
%3 guuid=7c06d38d-1d00-0000-8062-cba7690e0000 pid=3689 /usr/bin/sudo guuid=7afef08f-1d00-0000-8062-cba76e0e0000 pid=3694 /tmp/sample.bin guuid=7c06d38d-1d00-0000-8062-cba7690e0000 pid=3689->guuid=7afef08f-1d00-0000-8062-cba76e0e0000 pid=3694 execve
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9/
Verdict:
Malicious
Threat:
Script.Trojan.Multiverze
Link:
https://tip.neiki.dev/file/f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-06-14 22:43:11 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tgxvmclc5clvpxrtukhcjf7ydu6sdkvoqemyllffvyzfx3bxwuq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250623-1rtncsvkt2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4cd7ab04b1744babef19d147124bfc0e9e90d557408cc2d652d7192df61bda9

(this sample)

Mirai

elf 8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f

  
URLhaus
https://urlhaus.abuse.ch/url/3561892/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b9719cea1bf4f95c7632975b82876f96
  
Dropping
SHA256 8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f

Comments