MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff
SHA3-384 hash: 2889aa586318e7038c95bd9d3079137226186ed194cc3d4d7fd9a83b67f820633baa169d9e8d965ee26b92f1eca67593
SHA1 hash: e1c1643365467b742b39f77e332377fa992a4bc9
MD5 hash: a81d2c4eb56a9c230280df2c9b515218
humanhash: william-coffee-green-helium
File name:2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'333 bytes
First seen:2025-07-30 23:04:09 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xDJ/lJvuTdHJAruMcvEtAGFJr73M72NIpcKnKvmHV7KcGYVNdZa:NJNJWBuyMcctAoJfcjK+17KBYV5a
TLSH T1236173FB03924636EDAA8EA372A88404B18651D794CA5FF55BFC34B54C4CED8BC43663
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/00101010101001/morte.x86bd297ae9c45ffbfe444213d57dd4eb32d6212465d6c840f1a497cc20c533d4e9 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.mips568780e2ac25888e3151dd8e8cb76d1ebdfd2e986e0fed4931d15656fa5b9eb1 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.arc7321f337422bcdbac4f2a90af9d827e18fb1ead5acee542ecf05e4fe37e5822e Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.i468n/an/aelf opendir ua-wget
http://196.251.116.34/00101010101001/morte.i68682444c55629dc38a74ad72ef9af7239b973f85aadd1c7d227205e529901e97fb Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.x86_64750684d31633710b2a8bd3ffe886405d3a7ed4e5ad57779c742fba4e7a592018 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.mpsl5d1b62d8c2acef405d9027ce927733d49d04464ed761421a74c9652bd0339709 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.armf83b76f66452fe975e2c15145bbcd4fb24b12192eddc87b1272a9413f11b4018 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.arm58b536240087f1627bf1417ee5529c42a17561a64b3f8628c907d1e023cc91893 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.arm6f6ceab5e38268a31528821a82a6ad66b27031c8ecffef6c7e718bcca359d03b5 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.arm700969384d60395745426767373265dcc7aca5888936df57b2deafaefe780b9e4 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.ppcce2a3ca361d668031c19ea9bf31a5c96e37d6dc7d10c6ed9d7b7919df009850c Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.spc196663d92cac163ac2730d386e4bc9261d29b8c6d811e8f5b5370c8633375f99 Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.m68kc9b7bbf730c616b2edbfc26eda34f7bff8d306bab45974e45083175778ebecce Miraielf mirai ua-wget
http://196.251.116.34/00101010101001/morte.sh49756731375c8aaa5e4deb59e70739d555fbee90ec01276d839ea965f3c1c58b6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0999cdcb-b86f-49d9-9a34-932ecc78c279
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-30 23:04:15 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b5gp6jwz2hqipyhmiamapfj733wfrd3mdgxux7cb44nxzuqpx77q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250730-22zg2axrx9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0f4cff26d9d1e087e0ec401807953fdeec588f6c19af4bfc41e71b7cd20fbfff

(this sample)

Mirai

elf bd297ae9c45ffbfe444213d57dd4eb32d6212465d6c840f1a497cc20c533d4e9

  
URLhaus
https://urlhaus.abuse.ch/url/3593350/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f6818d9ac5109af9c0057cc968695e8c
  
Dropping
SHA256 bd297ae9c45ffbfe444213d57dd4eb32d6212465d6c840f1a497cc20c533d4e9

Comments