MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630
SHA3-384 hash: 6b3ea65a2d5b80dc9a3dc852ad5ba75a5b5f58145760767d16dd8b6f88ec8094a6bb6786185d751aab52b0b9186d8f80
SHA1 hash: aebd5f5c7e0b7a743b755849f040df2076d0a6e7
MD5 hash: 42bd9d4f12b8771714577c66f7cda860
humanhash: hawaii-single-april-mango
File name:ok
Download: download sample
Signature Mirai
Create hunting rule
File size:2'898 bytes
First seen:2026-01-23 16:17:10 UTC
Last seen:2026-01-24 07:00:18 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vzyfl3GJJVXntjxE7QWT9GDprb0Sol3CsKe3DugrB4i93PaJarnaeVcaxdKxy:vzyfl3GJJVXntjxEtT9G1Azl3CsvDugn
TLSH T17E519FCD29A10A351C56D4B7E269C64C214B80BB0CBA9F41E8DE36F4C0ACE4675BCB62
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash evasive lolbin
Link:
https://www.filescan.io/uploads/69739f15f3c1b7b1fbdb5665/reports/9d619727-056c-4e02-bacc-59fca0749a2b/overview
Result
Gathering data
Verdict:
Malicious
File Type:
Script
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b2e83dc6-4070-4184-8995-e9e2ace3c2e6
Behavior Graph:
Download SVG
%3 guuid=7435bd6c-1800-0000-4a06-e2bfe60c0000 pid=3302 /usr/bin/sudo guuid=53fa676e-1800-0000-4a06-e2bfec0c0000 pid=3308 /tmp/sample.bin guuid=7435bd6c-1800-0000-4a06-e2bfe60c0000 pid=3302->guuid=53fa676e-1800-0000-4a06-e2bfec0c0000 pid=3308 execve guuid=5a85bf6e-1800-0000-4a06-e2bfee0c0000 pid=3310 /usr/bin/wget guuid=53fa676e-1800-0000-4a06-e2bfec0c0000 pid=3308->guuid=5a85bf6e-1800-0000-4a06-e2bfee0c0000 pid=3310 execve
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-01-23 16:17:27 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=brxn3uowyfixhigdorptc5zp47ypdczln4dwnkfwgqp7mqwnkyya._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:kaiten family:mirai botnet:owari antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260123-trj1laht5e/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Detects Kaiten/Tsunami Payload
Kaiten family
Kaiten/Tsunami
Mirai
Mirai family
Malware Config
C2 Extraction:
sophos1997.camdvr.org
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0c6eddd1d6c15173a0c3745f31772fe7f0f18b2b6f0766a8b6341ff642cd5630

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3762664/
  
Delivery method
Distributed via web download

Comments