MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5
SHA3-384 hash: 17de3ab8822fc1d9ea8ffd271a5e9ab4985634212b2e89a018b40e389fc8dbc37a8d29d6cf43aa58fa8909264d7e89a2
SHA1 hash: 95fe89775c1178be6b0642b372335baa5678bcea
MD5 hash: 7e0011d148af5f8743a27f4ae2f1ea24
humanhash: arizona-mobile-fish-dakota
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'959 bytes
First seen:2025-08-14 11:10:16 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:icPhmlc5nElckCXlcQePlcalazvZlcaTaFvjlc9NL9z4gelc1jclcUSvlcjljzqc:i6ml+El0XlgPlhUzvZlhuFvjlqfz4Zl5
TLSH T18E517F970215453AA8667EA7FEB98E0D319852E12CE63F1896DC34F9539DF8C3044A53
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.196.9.137/hiddenbin/Space.arc406a42c668e00969f30a0b5eca61e597cb07167967b20d0086cdc49d3addd4d8 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.x866d778db1fd0c252b4423d0873afdb8f2eaf00b3ef25f49a26b25f55038bc8e1d Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.x86_64171fa507c6904767e19089731ca65845a4fadb0e0e5507117a26c5e25ba99bf3 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.i68620f573ad38a6b62fbc9b3dbe9999b29beee2713eff0cafe4773fa5191fc11b6f Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.mipsb717dfe2f3ba28c1ed89c832745ed1d7c6c1ea5d0a0cd69febeb090f095f0674 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.mips64n/an/aelf ua-wget
http://185.196.9.137/hiddenbin/Space.mpsl11d4e7e7c7a94f5b913a7ed3290b97eab30e5091b69a9bd65e54e96df22cf318 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.arm99817d87922455fb11daeeef7129d4fb7b8783fe1281ca8a01f24c2fb1f8364e Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.arm59c99f944a817255f780dabc2aa2bf313e004510aa763cabb1697bb5889f6e25e Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.arm66819c003ffc0d9ef35c594711b846c4915ac882d128c809da5066bb739ba42f1 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.arm702dfdc80f3af80bcdddcc16d1a9eb39e584df82689ffb535334c4f0b66c9988a Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.ppc867fcce8bf469aff8c2a767c61722d025bf5a05a320d330464e1974227f6ef32 Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.sparcn/an/aelf ua-wget
http://185.196.9.137/hiddenbin/Space.m68k6502703703d2fe98fd5448d4d567824f712f8682d1128ee615087ad83e7abaef Miraielf mirai ua-wget
http://185.196.9.137/hiddenbin/Space.sh4c55b962805c52d43e3a163cec1e592f0540f5f33fe688f61ae09fc1b36d641d3 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
26
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox medusa mirai
Link:
https://www.filescan.io/uploads/6919a12ba4cfab8e885c85d6/reports/1fea2294-a90e-4ce8-863e-983387a32268/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-14 10:50:33 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=avokgrpjucqv7jqaczq55tcrdvwiqdkrkoxhs6x4kbi6qutyuw2q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250814-m97faasmz4/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/055ca345e9a0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 055ca345e9a0a15fa6001661decc511d6c880d5153ae797afc5051e85278a5b5

(this sample)

Mirai

elf 406a42c668e00969f30a0b5eca61e597cb07167967b20d0086cdc49d3addd4d8

  
URLhaus
https://urlhaus.abuse.ch/url/3602610/
  
Delivery method
Distributed via web download
  
Dropping
MD5 78cd359c35eb0d481f55c006cac51eee
  
Dropping
SHA256 406a42c668e00969f30a0b5eca61e597cb07167967b20d0086cdc49d3addd4d8
  
URLhaus
https://urlhaus.abuse.ch/url/3602716/
  
URLhaus
https://urlhaus.abuse.ch/url/3602719/
  
URLhaus
https://urlhaus.abuse.ch/url/3602720/
  
URLhaus
https://urlhaus.abuse.ch/url/3602721/
  
URLhaus
https://urlhaus.abuse.ch/url/3602722/
  
URLhaus
https://urlhaus.abuse.ch/url/3602724/
  
URLhaus
https://urlhaus.abuse.ch/url/3602725/

Comments