MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5
SHA3-384 hash: 2d37cf88fc821e167ab900f4132f0e441978ff4d3a0d696e6faa8a98bc9c5e31758b6eb4effec62d4a41c55b66f7f207
SHA1 hash: 87b45fc2c71f0e48ae1162ed5862343929aa8cb9
MD5 hash: b02cbad3c2cdb4c9997e6e0239e018dc
humanhash: venus-undress-one-march
File name:test.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'609 bytes
First seen:2025-08-14 14:59:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:UocbstsoPU/sG0s9szspNBs380sfs3sEYsl/sJf:UocQWmsm4pNKMU8EtyZ
TLSH T1F65161CA1722A7313D5BE9B676BA4948B1B0E08720CB0F07DFDC24F5849CF463655BA5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://142.132.181.168/systemcl/arcn/an/aelf ua-wget
http://142.132.181.168/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Miraiarm elf geofenced mirai ua-wget USA
http://142.132.181.168/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraiarm elf geofenced mirai ua-wget USA
http://142.132.181.168/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraiarm elf geofenced mirai ua-wget USA
http://142.132.181.168/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraiarm elf geofenced mirai ua-wget USA
http://142.132.181.168/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced m68k mirai ua-wget USA
http://142.132.181.168/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Miraielf geofenced mips mirai ua-wget USA
http://142.132.181.168/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mips mirai ua-wget USA
http://142.132.181.168/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai PowerPC ua-wget USA
http://142.132.181.168/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai SuperH ua-wget USA
http://142.132.181.168/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai sparc ua-wget USA
http://142.132.181.168/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Miraielf geofenced mirai ua-wget USA x86
http://142.132.181.168/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraiarc elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-14 14:37:39 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmyvvu3iowx6v4g376bww55db2holryp7pahmsteaeafxkzfy32q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250814-sdsj5sxsft/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:UNK_install_script
Create hunting rule
Author:evilcel3ri
Description:Detects a suspicious behaviour in an bash installation script

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0b315ad36875afeaf0dbff836b77a30e8ee5c70ffbc0764a6401005bab25c6f5

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3602989/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3602988/
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments