MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e
SHA3-384 hash: b83a8d93f5784445251519153a35eaf4740c4fc3dc1e621105775ebae63563138757c4aea54fe071c3a399b45d9236ed
SHA1 hash: 0292595829ba8c3884fa93e77847c24a169a9da8
MD5 hash: d7a6580497fc63cfe69eeccfd58dd9f3
humanhash: enemy-mango-snake-mountain
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:2'630 bytes
First seen:2025-08-11 23:40:49 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xjYrFWQgrNgXJgqg/gAgYYadg2g98gWg9GqGjGghdZg2zgqdz:WU++DI1YYaKH9Jnk9Thd+9+
TLSH T1E851C7C82051C7F02DABC977B1F64155798C90861AC5AEAED1FD39E0944CE0A39C9EF3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.55.60/HBTs/top1miku.arcn/an/aopendir ua-wget
http://160.191.55.60/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/top1miku.i686n/an/aopendir ua-wget
http://160.191.55.60/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.systemd-jdn/an/aopendir ua-wget
http://160.191.55.60/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraimirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d8b587db-9a5e-4441-b416-d8ba139289d0
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 23:41:17 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dsplaeyq7ovv5xm5fioxsulnwat3kzdwwz2w7z2r53uplfru5j7a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250811-3pm4xatnw2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1c9eb01310fbab5edd9d2a1d79516db027b56476b6756fe751eee8f59634ea7e

(this sample)

Mirai

elf a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

  
URLhaus
https://urlhaus.abuse.ch/url/3592531/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f530e40e89fe6c93f70c073237e195c
  
Dropping
SHA256 a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

Comments