MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4d3a9898f156bd443ba241ab0a9e2c22ace7439cbe2e5086695d4e3a01a98fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4d3a9898f156bd443ba241ab0a9e2c22ace7439cbe2e5086695d4e3a01a98fd
SHA3-384 hash: 8b8184285093f705e285791349123e842db4320a267a252b56f701f4a21ca6ff192ae44f9cd48ac2df31bbf74ba1ed0b
SHA1 hash: 00fc65303b5ac5dc12e02b96924eace7303e47a7
MD5 hash: 1cdee66f35e00d9a657f6f75d005e0df
humanhash: carpet-zebra-july-bulldog
File name:lterouter
Download: download sample
File size:158 bytes
First seen:2026-06-24 21:56:57 UTC
Last seen:2026-06-25 03:19:23 UTC
File type: sh
MIME type:text/plain
ssdeep 3:O22exART6ZLXm3FOdJ2GL9rSL6ZLXnBFS/TWUKT6VVI9LJdvvvF:O2546ZjB2GLNSL6ZjFTT6IZJn
TLSH T169C08CCB06163830C081EC287266009E439F878238E00F0CF8980AA3868A940F811F81
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://51.81.96.73/n2/mips69a3f8207de0386d28e743b27f532b3413d83f5b57b88213f633c6061fdb3361 Miraielf mips mirai ua-wget

Intelligence

File Origin
# of uploads :
280
# of downloads :
14
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6a3c9f27a419cb85d28f68ae/reports/a95a8502-9384-4a2a-bc14-a06b3a3cd06d/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b19bd407-9227-4013-a573-631ab533cf09
Behavior Graph:
Download SVG
%3 guuid=2a72f56b-1900-0000-884f-08296d0f0000 pid=3949 /usr/bin/sudo guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957 /tmp/sample.bin guuid=2a72f56b-1900-0000-884f-08296d0f0000 pid=3949->guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957 execve guuid=2db9076f-1900-0000-884f-0829760f0000 pid=3958 /usr/bin/wget net send-data write-file guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=2db9076f-1900-0000-884f-0829760f0000 pid=3958 execve guuid=45abac8c-1900-0000-884f-0829dd0f0000 pid=4061 /usr/bin/chmod guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=45abac8c-1900-0000-884f-0829dd0f0000 pid=4061 execve guuid=8d8f1e8d-1900-0000-884f-0829df0f0000 pid=4063 /usr/bin/dash guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=8d8f1e8d-1900-0000-884f-0829df0f0000 pid=4063 clone guuid=944ab58f-1900-0000-884f-0829e80f0000 pid=4072 /usr/bin/wget net send-data write-file guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=944ab58f-1900-0000-884f-0829e80f0000 pid=4072 execve guuid=ec45a9a6-1900-0000-884f-08293d100000 pid=4157 /usr/bin/chmod guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=ec45a9a6-1900-0000-884f-08293d100000 pid=4157 execve guuid=f182faa6-1900-0000-884f-08293f100000 pid=4159 /usr/bin/dash guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=f182faa6-1900-0000-884f-08293f100000 pid=4159 clone guuid=8b3ca3a8-1900-0000-884f-082948100000 pid=4168 /usr/bin/rm delete-file guuid=cb07c66e-1900-0000-884f-0829750f0000 pid=3957->guuid=8b3ca3a8-1900-0000-884f-082948100000 pid=4168 execve c9ba34d4-d8ae-501f-b5bc-b6b14a16394a 51.81.96.73:80 guuid=2db9076f-1900-0000-884f-0829760f0000 pid=3958->c9ba34d4-d8ae-501f-b5bc-b6b14a16394a send: 133B guuid=944ab58f-1900-0000-884f-0829e80f0000 pid=4072->c9ba34d4-d8ae-501f-b5bc-b6b14a16394a send: 133B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4d3a9898f156bd443ba241ab0a9e2c22ace7439cbe2e5086695d4e3a01a98fd
Gathering data
Threat name:
Script-BAT.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-06-24 22:28:12 UTC
File Type:
Text (Shell)
AV detection:
5 of 36 (13.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tj2tcmpcvv5iq52eqnlbkpcyivm45bzzprokcdgsxkohia2td6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260625-dxpj9shs6m/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4d3a9898f156bd443ba241ab0a9e2c22ace7439cbe2e5086695d4e3a01a98fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f4d3a9898f156bd443ba241ab0a9e2c22ace7439cbe2e5086695d4e3a01a98fd

(this sample)

Mirai

elf de74b719b87ad02c9600e209d52727d48952e84d474430056b60e8d32c3eca25

Mirai

elf 69a3f8207de0386d28e743b27f532b3413d83f5b57b88213f633c6061fdb3361

  
URLhaus
https://urlhaus.abuse.ch/url/3875668/
  
Delivery method
Distributed via web download
  
Dropping
MD5 48871c10de6e8a2cd61806ef49b91d41
  
Dropping
SHA256 69a3f8207de0386d28e743b27f532b3413d83f5b57b88213f633c6061fdb3361

Comments