MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870
SHA3-384 hash:	1fbb3da41a55fadd36726c8c03d2de42a38ceb32f3cf5721d19496f3f789e214d9c745dc648bd36f33ae6e53a636be93
SHA1 hash:	b20badbf36fdf0067e3f9019eb33943aa285e84c
MD5 hash:	e9a95f447e8194b9f53daadbdef2153f
humanhash:	april-tango-one-papa
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'789 bytes
First seen:	2025-07-18 00:41:56 UTC
Last seen:	2025-07-18 13:29:15 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:ircw80rEyElZrOsrNR0rycyntdrEnE2UrJc1JMhrJXJ11krJIJeLrJ9JRvmr21i2:ircwRrEyElZrOsrNerlMdrEnE2UrJc1z
TLSH	T1745164C84FC305B26C75AE3BB56A47842E99D8A379D4AE2794EC3CEA504DE053061D63
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://161.97.77.188/HBTs/top1miku.i586	63d867a35531716d2e18314fbe4d2b0ffc3cc4bbb56d61a49ad1a42220746dac	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.mips	6dba5a43486ad2c883f236754e25806a860f5063fcf73e225f4f86c1c1741ead	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.arc	380cdfff39fab66e0d2f0e3217f0e2573374ebbde28f6a96343e2cb72c0ca944	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.i686	b80576044beece1b4d384a03a1cf722b0859177e554946eb0a6b0c96ae98d92d	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.x86_64	5c03e74290ffbc6332f3d357d54853000ea53f19ee0fa3fb36d466989c48826f	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.mipsel	d1fab6b2f50e0ff23b55efacb28d56953902bd7bf276d1bbb0e8b8008cdbb7e6	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.armv4l	861077a289df2f605a07e5054d37a41cc087751a1347d57c0c5977d91197e7b3	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.armv5l	e32f0af161e9dc5d213b9dc2d291da8dda9e836b9478d13a773a051a27075b89	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.armv6l	6541c73c5c61b39d318d6e8e2c84a512824d846e03dce12a05ce5749315e10d7	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.armv7l	21fde295094321e113cc7fe87fb3dc1230c4f602a21ea1919997e9289d683194	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.powerpc	f9619daee99e761f7ef1df5c67a70f966af51d6f5c603bd3cf09a68f7f00b26f	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.powerpc-440fp	050fb23f00a9e0583cc357a453959ec9f7d6e5268b285caec9476eef5b25c618	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.m68k	af5ef5773b4f244557be125fa269d59bfa897f6ad5ddbbd600a224a7fe38fdb8	Mirai	elf mirai opendir ua-wget
http://161.97.77.188/HBTs/top1miku.sh4	200f50c4e8e10d7cd12823b2ff9dcc4fd4643094ee0cb1bbd321a636af1acdc4	Mirai	elf mirai opendir ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox

Link:

https://www.filescan.io/uploads/6919a05ea130a437f88eb09f/reports/7ab13228-8916-47e2-b3f6-bec7f02a0ed6/overview

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/16b3c1b3-06cb-4062-9084-b54f53fdd5b6

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870/

Verdict:

Malicious

Threat:

Linux.Downloader.Medusa

Link:

https://tip.neiki.dev/file/00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-07-18 00:42:18 UTC

File Type:

Text (Shell)

AV detection:

17 of 24 (70.83%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=adpln4mh3xdqh7u3ll2xbcdarn3h7k2gifhipsew3w6tcyswfbya._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet credential_access defense_evasion discovery linux persistence

Link:

https://tria.ge/reports/250718-a2fldat1hx/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Reads process memory

Enumerates active TCP sockets

Enumerates running processes

Modifies init.d

Modifies rc script

File and Directory Permissions Modification

Executes dropped EXE

Mirai

Mirai family

Malware Config

C2 Extraction:

top1miku.duckdns.org

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/00deb6f187ddc703fe9b5af57088608b767fab46414e87c896ddbd3162562870

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.