MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d
SHA3-384 hash: c3942f34d4c03d0e4af5083237ec81e3779ab79e5ee1528b45e70f3de3adde92a28f68dc0bdeaf90a653aa01f0639659
SHA1 hash: 58f7b2bc4357f01692940c22884ef83b41c4321a
MD5 hash: 0564d4cec0ca7b520f000e38f5462ce5
humanhash: leopard-salami-vegan-three
File name:goth.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'547 bytes
First seen:2025-12-10 16:46:39 UTC
Last seen:2025-12-10 19:31:11 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vyFTZ7v7bJ7TeyIfwZ7ue7uO7OyqmIqxZ7Ku70oia7iyH1Z7KE7toY7ayhYsZ7Kc:vBXNlAqF17t1FpJh5WgJ1lpI79
TLSH T18571A6CE30602A346F1BC97A33749CD176D609A42987DEC8BCD4BCE2589AD80B5C6A75
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.243.183/slovsdih/mipsn/an/aelf geofenced mips mirai ua-wget USA
http://91.92.243.183/slovsdih/mpsl31d344ad3851fefecf6deb9b041b002a399bf107180df58176f843af47fefe8a Miraielf geofenced mips mirai ua-wget USA
http://91.92.243.183/slovsdih/armv4lccd050270e02672da2f60cd1dbe2fb313bfb0fa3a6a6c07c88834b750306b021 Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv5l8314c1d1bfbb360884714aff6e7e27864e83094093273e67cf0b3d03f891880a Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv6l505196d4fffb940616b2fdcd82d550984bccd34073898d7b2d363e819acebc30 Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/armv7l47248f678990f49988c3df5a2f8c41a8e41fbc7ce5c5ace26d02ffb0a97d2cda Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.183/slovsdih/powerpca95c2797f19501a22ebb32cb33c2c56bdd1b49fc4b4d65e5d2b0bd8c5081b299 Miraielf geofenced mirai PowerPC ua-wget USA
http://91.92.243.183/slovsdih/m68k44ff33a965f7c9227fd39f440e612607ccf0cfac72d9d90ba36a97928f91012e Miraielf geofenced m68k mirai ua-wget USA
http://91.92.243.183/slovsdih/sh4666f79067a139cb03fa80e5fd8732ade3311eadb6e9bd0ce043ca1f4c1a67831 Miraielf geofenced mirai SuperH ua-wget USA
http://91.92.243.183/slovsdih/sparc509ddb3b6d78fb1480cc8bf1d7979a0db088c7da4abe4d8798f9afaa4571ca44 Miraielf geofenced mirai sparc ua-wget USA
http://91.92.243.183/slovsdih/x86_641d60ba0f1c81543138c64f22497f9eadcd61010dea522925c59df423ad81af29 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
3
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/6939a4111eac7b9b76a42e4c/reports/53272bc2-9fdf-41d3-a4a7-270927dccabc/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-10T12:30:00Z UTC
Last seen:
2025-12-11T00:56:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-12-10 16:47:16 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fkot4zes4ijppvwssqrj2cfog3ym5geruhq6w5xhwvrj3g2xwmgq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/251210-valzaszjfq/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2a9d3e6492e212f7d6d294229d08ae36f0ce9891a1e1eb76e7b5629d9b57b30d

(this sample)

Mirai

elf 207ca7b4d95732a92aa9fd34185084b127bc5e3fcfcd2061874d452f76290dc5

  
URLhaus
https://urlhaus.abuse.ch/url/3730221/
  
Delivery method
Distributed via web download
  
Dropping
MD5 72491f3633b909cbb94b5bdee0f7ad8a
  
Dropping
SHA256 207ca7b4d95732a92aa9fd34185084b127bc5e3fcfcd2061874d452f76290dc5
  
URLhaus
https://urlhaus.abuse.ch/url/3730451/
  
URLhaus
https://urlhaus.abuse.ch/url/3730444/

Comments