MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9
SHA3-384 hash: 87876e40969934b2ef1e30a3bb1b9b071ba5657301b319c8d1fa48e784c2135f4c2ec53637949bb97a27f073047d42fa
SHA1 hash: 9dfe07906a612f6eb7ee15c631dfa05951c42712
MD5 hash: df7aafd0007ac67fd06e5ad23703bcf1
humanhash: batman-beer-virginia-texas
File name:GuruITDDoS3.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'081 bytes
First seen:2025-05-16 07:59:55 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vhe+X3htY3hVy+3hy23h3g3h223hx03hti3hk23hZa3hQ23hsG3hfx:vLX3Y3F3H3a3b3s323B3q3J3d3b
TLSH T193518CC5206D31B5BD96456B2DBB051FB6C08065A4DF2E1457AC38E2E3AEC8FF842DD2
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://92.112.125.62/GuruITDDoS/RpcSecurity.x8695c785a63676d4c420ca887087090716f848622c7bbec2cba6ddbd28f23fb056 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.mips1754b5798e71e1f4b7785255ff93c36357dc70946949964f36b9e5780a140fb4 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.mpsl445edfa2520bd5d9c4c9e0acda48b7f4b2651b2bb8467426663298fccbed8e58 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.armde414a1c50453f97ce4e531845ee14c30e61431701cb68282de6e5ed92e2704c Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.arm5a67aa377be1269b098ce6a0d2d3322028693e98d6d4f522ddcb62e026380864e Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.arm6374c026e33c31c7cb8f66494bd7b95148a81182d7ab57ac92575d4ce3c36dd09 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.arm7542e96b5dc9ffeffeeb0853a4bdbf0e72a2217f64ff3cb1533d59b4039b86f6b Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.ppc6d657dbe230161903110efceb689182d561d45adc9236122254b4d682c7b36f3 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.m68kf9d8bdb79fc5074ac0fd76fa6d3542429bc048a95421daad8664c14e438f90ad Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.sh499999f97856dc89df1c2bb04d272c3f232402ca5db75fa00759d0134dab5c863 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.spc426de1ed9b1d716af2ee2d3b750ac872320233a7a90bb9c505da92b365909f24 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.arc7259a1becaea8969f36cbd22a7d6715d564e67701d8a1a3ba03f03ae14cdd4b8 Miraicensys elf mirai ua-wget
http://92.112.125.62/GuruITDDoS/RpcSecurity.x86_645b7d546e624dade3a8fb0d67be45efc1c60d0797bd687812f956e13af9330082 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6826f0e7e16384d6a704e9eclinux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6826f0b10de036ed65a9b3e7/reports/77699a77-5453-46fb-a85d-2232211b68d7/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 08:00:39 UTC
File Type:
Text (Shell)
AV detection:
23 of 37 (62.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fo7yxdxqr76qdv2h7qpxv7wxgn3rpa3wkbgesmaeyb6vlgh3rpmq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:demons antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250516-jv8g9a1ms2/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2bbf8b8ef08ffd01d747fc1f7afed73377178376504c493004c07d5598fb8bd9

(this sample)

Mirai

elf 95c785a63676d4c420ca887087090716f848622c7bbec2cba6ddbd28f23fb056

  
URLhaus
https://urlhaus.abuse.ch/url/3544720/
  
Delivery method
Distributed via web download
  
Dropping
MD5 17b16d91b489a9e9de3c0f29d472158e
  
Dropping
SHA256 95c785a63676d4c420ca887087090716f848622c7bbec2cba6ddbd28f23fb056

Comments