MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245
SHA3-384 hash:	351c453732e9e204ccb2c5172e5c936f87d00c8a1c28b257ad9dd945c8df18a25fc2efda5ffb7d6f5ef1281c89b97c58
SHA1 hash:	974bbb65848d38d4837fc5e7bb7ea0fece6b36f0
MD5 hash:	9bef120f2a67da197178a36dba4ae29c
humanhash:	hotel-ink-solar-oscar
File name:	wget_telnet.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'943 bytes
First seen:	2025-10-24 23:04:33 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:pIIdYsIaMnh2apwMZByZhV8R47AF3OH8ENpB:pZexP0aGuBwhqSdJ
TLSH	T1C341ECED02812F7B34068A25A3E355AC9C468FD2718A179CD48A7C1B8C0F61C7BF9D83
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://94.154.35.154/powerpc.uhavenobotsxd	4eb0f092558c445bfe6499074fec4f9501988f680c9977ea59b413de6c328c23	Mirai	elf geofenced mirai PowerPC ua-wget USA
http://94.154.35.154/mips.uhavenobotsxd	32ed54ada1301070e35d2f16dc923ee745b8512e7886f0826a5acaad80ab82a1	Mirai	elf geofenced mips mirai ua-wget USA
http://94.154.35.154/mipsel.uhavenobotsxd	63e9b33978e589360315683699ecc30aae88ffac38ad12a9fabf9b88d185676a	Mirai	elf geofenced mips mirai ua-wget USA
http://94.154.35.154/arm.uhavenobotsxd	1fb350e213500aa096d34afa25b2f4a4040a8cd497487546860873ceeb1f583b	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm5.uhavenobotsxd	c3477c76a49468aa394c9103c7f696729e38c93de3730cd490a7ad86deb23751	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm6.uhavenobotsxd	1350b69358cc22c12111c5f2f37c0ed39434c0345de97116aada4bf84d5ebc49	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm7.uhavenobotsxd	c7b31d4e86d88a05365b4212c291834562b1693093c208339e53c2a037760f5f	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/sparc.uhavenobotsxd	n/a	n/a	elf ua-wget
http://94.154.35.154/m68k.uhavenobotsxd	n/a	n/a	elf ua-wget
http://94.154.35.154/sh4.uhavenobotsxd	n/a	n/a	elf ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-24T20:46:00Z UTC

Last seen:

2025-10-24T22:15:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/9b644396-4b6a-465d-884a-77f6cda23bb3

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-10-24 23:05:41 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=a6bjru3lp5em3bop3jd3szwountik7cyopythoee73zbsc7fsjcq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/251024-226lcady3e/

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/078298d36b7f/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/078298d36b7f48cd85cfda47b966cea366857c5873f133b884fef2190be59245

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.