MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08
SHA3-384 hash: 0af77a0a1faf1b81013e6b82737bc28bbd6583cdff79fd672e05f1078f44d688f66e4353af62785830bccf62cadb1b1a
SHA1 hash: 7c81fccf8e9d8d0c5c8b703f73a97f1018ee9662
MD5 hash: 364ae575c2a53c1e39307df0e690fc8a
humanhash: florida-lithium-early-fifteen
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:2'658 bytes
First seen:2025-08-03 05:57:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xjYcA+AWQgcReNgcpkJgcSqgcPagc2+gcpcpadgcAWgciB8gcUWgceG9eGjGgcMR:W4Omx0PggaKdLJdcLTpN+3w
TLSH T1AC51BC8807D287BC7DE99E7371E6C1547A8D908A9BC1DFA690FD35F0644CD08E582EA3
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.115.36/HBTs/top1miku.arc22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/top1miku.i686d35606a53e34a64f61406a84c406478ebeab1759e43c7b9d8821bf7b707ae2ac Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.systemd-jdn/an/aelf ua-wget
http://196.251.115.36/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3ec65a4f-8a8b-4fc0-92b8-f2d0d568ff57
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-03 05:58:14 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjmb7s6wdca2he4c6jj35bsnxynyskh6ptu5mmkol76pzlj4zmea._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250803-gn9qmaxwht/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2a581fcbd61881a39382f253be864dbe1b8928fe7ce9d6314e5ffcfcad3ccb08

(this sample)

Mirai

elf 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74

  
URLhaus
https://urlhaus.abuse.ch/url/3594102/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4a4791844870c281e29e9308494c91f2
  
Dropping
SHA256 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74
  
URLhaus
https://urlhaus.abuse.ch/url/3592531/

Comments