MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ddff1b841a0aa3deb1f85b62e489f959c2ef5305c25706ea4a1ffe59de11b1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2ddff1b841a0aa3deb1f85b62e489f959c2ef5305c25706ea4a1ffe59de11b1d
SHA3-384 hash:	c8396e7ea25af50e2097b824bd7a887b2857776c8f4ed674c3bdb9fbb12db4a0e21d5863a6b8ab8ae3d5a49f176a24f4
SHA1 hash:	9c06a5016d83ac73f64f8d99a329991a71c2cad8
MD5 hash:	47a387d12310f864586c8d17f00a57fd
humanhash:	sodium-papa-bacon-ink
File name:	Oblivion121.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'647 bytes
First seen:	2025-04-17 01:53:10 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vpLhp+opiOwGpDBpU0Lpt0CJpukpgqp3Tpsx:vHXmGLfLZndli
TLSH	T1FD315DD913C55AB26CF6D926B9A9C614718052C79CC93E04AADC7CF8D8EDE08B085B83
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.144.18/bins/x86	4f768169559682dbd93c6e651fc52efc4941c989514d57538aa9e08b347bdc20	Mirai	elf mirai opendir
http://176.65.144.18/bins/mips	6fe957f2bbbcb1cb90cc12325d264e210aa0a73787d4bd026458bbc1617a0d64	Mirai	elf mirai opendir
http://176.65.144.18/bins/mpsl	784d86cad28d4a1d1e7b565c261ada61460b848f4de45ae03e9906971f12aaa0	Mirai	elf mirai opendir
http://176.65.144.18/bins/arm	7a4eb3b9535f04522f7d9af1738500649379e3858e1403f78387af296331b14d	Mirai	elf mirai opendir
http://176.65.144.18/bins/arm5	n/a	n/a	n/a
http://176.65.144.18/bins/arm6	6b4ce93f6c1ce4a648ba538c3a9e5e3bf002fc95ec53979b87b5fa54f8e0c14e	Mirai	elf mirai opendir
http://176.65.144.18/bins/arm7	f218370db15504cc3c2ce0765bc004a0bcce680d1b69c56032619b41b2489d52	Mirai	elf mirai opendir
http://176.65.144.18/bins/ppc	257d45050c6afa4af3158574f03738ff530ae549960d29bc8123bfac4f8433e9	Mirai	elf mirai opendir
http://176.65.144.18/bins/m68k	87d7fd59d0dcf29ce85e94872708265efd0acfef039883929a6bd5cbcf88baf6	Mirai	elf mirai opendir
http://176.65.144.18/bins/sh4	db3c684cb25a455ddc5726580cd2c51b1d1ca1ecf81be981f1a2d262beb517ef	Mirai	elf mirai opendir

Intelligence

File Origin

# of uploads :

# of downloads :

101

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=680060562203b3e10ccff52flinux22vpnfull_triage

Tags:

shellcode mirai agent overt

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68005f41ed72ab1a1d4c1537/reports/d9b39029-0978-43cc-b3f6-3709de248f6f/overview

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/2ddff1b841a0aa3deb1f85b62e489f959c2ef5305c25706ea4a1ffe59de11b1d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2ddff1b841a0aa3deb1f85b62e489f959c2ef5305c25706ea4a1ffe59de11b1d/

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-04-17 01:54:10 UTC

File Type:

Text (Shell)

AV detection:

17 of 24 (70.83%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fxp7docbucvd32y7qw3c4se7swoc55jqlqsxa3veuh76lhpbdmoq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:kyton antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/250417-cble2sxzhx/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (1070728) amount of remote hosts

Creates a large amount of network flows

Mirai

Mirai family

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2ddff1b841a0aa3deb1f85b62e489f959c2ef5305c25706ea4a1ffe59de11b1d

(this sample)

Mirai

elf 4f768169559682dbd93c6e651fc52efc4941c989514d57538aa9e08b347bdc20

URLhaus

https://urlhaus.abuse.ch/url/3494959/

Delivery method

Distributed via web download

Dropping

MD5 15b00a11fcd689e76b92a3690928fc89

Dropping

SHA256 4f768169559682dbd93c6e651fc52efc4941c989514d57538aa9e08b347bdc20

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample