MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4
SHA3-384 hash: f134cacf2929508ac93a0672000e8dc3eade9154628fb9aea2e09fde3b3e296ea6a7302a1b9a09f2f79b31d5a077c8f6
SHA1 hash: 4ad577ee57168662dd93fb62b315a28bbea9400c
MD5 hash: 181dd71c18af7954f05f0eb001388341
humanhash: hamper-alaska-violet-california
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:741 bytes
First seen:2026-01-01 19:27:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:dUlxJUneKlCnUTiKl2nUMUmUm9JUzFG10JUwYPUkboUmlR:ixulCJKlcBiR
TLSH T11E01C8FB50F759228398CE8930BA983C5005D5C53EA29EECDC6C04716EC7D2DB126E8A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/parm9a9f7624b0dad8817e70e72a007686c91f1a53d2dc254817f9ee6fd19eed0ce6 Miraielf mirai ua-wget
http://158.94.208.27/parmsn/an/aelf
http://158.94.208.27/parm78027c6f089be296b3961b35fd9f4dc03edd64d05288e5e51ded9a3a25c0ab6b3 Miraielf mirai ua-wget
http://158.94.208.27/psh44e49fbeee717728935e64e493d8b0685c0da63b15b10c5c8875f1499e8a89a92 Miraielf mirai ua-wget
http://158.94.208.27/pnpcn/an/aelf
http://158.94.208.27/pmips648a1ad85e1ef2c1306e922cb9fee502490224f527dfbcbd9397c11a1db03cb1 Miraielf mirai ua-wget
http://158.94.208.27/pmpsl46280c6dceff8fe250699ec09396d2170a5ef12e74ffcca4a3c4ccbb839cc1d3 Miraielf mirai ua-wget
http://158.94.208.27/pm68k72bf7021a323e4f8668499f2c124973c6d4744abddab61449824d7b5334249f6 Miraielf mirai ua-wget
http://158.94.208.27/px8681aa3a1cec78008abbe0506a44c20fc80efe006f5c4d84fdec6c8ed9d84521d6 Miraielf mirai ua-wget
http://158.94.208.27/px86_64113bc2274f429d9cd5cb64c14738556807e72c051f5409a5be4857ed5480fb84 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6956ca94127d6a14e0cb7819/reports/628afdfe-b77b-4bb2-a579-e1187ae1c35c/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-01T13:37:00Z UTC
Last seen:
2026-01-03T06:35:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-01 18:23:23 UTC
File Type:
Text (Shell)
AV detection:
13 of 37 (35.14%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wtrjiqvn34tnis7eszuit35d6yfc7wevkt2agkzjn7d5oyplssa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-k7gezayphx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fda714a2156ef936a25f24b3444f7d1fb0517ec4aaa7a019594b7e3ebb0f5ca4

(this sample)

Mirai

elf 531ca7efe0b460fa89bb5bbba7ae474e19e44727dd7b7207e6d80c6aef604b5a

Mirai

elf 5d4e5eba46e6f90c22cebbafe3e1b082a2d87a4ef0170b6eb4848101dfcd398c

  
URLhaus
https://urlhaus.abuse.ch/url/3747933/
  
Delivery method
Distributed via web download
  
Dropping
MD5 820e0420b0aa169d546e3075eab98543
  
Dropping
SHA256 5d4e5eba46e6f90c22cebbafe3e1b082a2d87a4ef0170b6eb4848101dfcd398c

Comments