MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835
SHA3-384 hash: 57aacad27b32a3f394ae5e9de03e9ae1860569f695a597dc549c1e43887e545ec66643663cecf794d44bce5df28bec6e
SHA1 hash: be113f79ff69d035258407468b74d0fd4d942fb3
MD5 hash: e49ddbd038dd60479250c1f76f7de568
humanhash: asparagus-jupiter-chicken-bravo
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'928 bytes
First seen:2025-09-06 07:15:59 UTC
Last seen:2025-09-06 21:50:38 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:Iiikp0in7VSKeZu6jhzM5DJyiMld1pt1BZOXN6:IiTTn8KeZu6NzMBwxDPww
TLSH T1884117DC2603467B79516C67F7E4CD48B785D3DAD9C22F09B8DC38BC249EE08D891A46
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://bot.orcacrash.site/bins/abba.x866adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09 Miraielf geofenced mirai ua-wget USA x86
http://bot.orcacrash.site/bins/abba.mips6d1673f67c4a2897f8bc24598c0716502511e931990cb51b64f7cdccd0190c31 Miraielf geofenced mips mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.mpslc3054655124cd9a33684cb89c8ee58a0d5c4b3288a68e4a83e379f9d72dcc5f9 Miraielf geofenced mips mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm442b342023a9ca213acbac43528a054c03ae4b5fb5f2be0aab044768b1d7669a3 Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm5489d87898d55f30c9f9a20376cb0ad0e3d1ba73e9d35c9721dd17ab38d2de69d Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm63d571fb731456d2485ae4b173a2d93d4819a12be18875fddc8fc3d647e5f00b1 Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm75455e286f922182a8ebb228e6e2736c017b0fdd920b0fd8b28ea5f341207b1ca Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.ppcb412664ac309ca0229a898fba550816a9aef19b74f456a1940d5c374ca1de2af Miraielf geofenced mirai PowerPC ua-wget USA
http://bot.orcacrash.site/bins/abba.m68k6b6c682bb2302870c36221b164656827f6ea76cfc1956c0583d0f7b7722c41b0 Miraielf geofenced m68k mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.sh456bbbd96f4bff19c403bbefd05831cdf49b825ae9f7b98a348f46975ad8de656 Miraielf geofenced mirai SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
2
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-06T03:32:00Z UTC
Last seen:
2025-09-06T03:32:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b51adf77-dec0-435b-ae23-deb12482404e
Behavior Graph:
Download SVG
%3 guuid=e1a6904c-1900-0000-65bd-4c5b7d0f0000 pid=3965 /usr/bin/sudo guuid=5662184f-1900-0000-65bd-4c5b850f0000 pid=3973 /tmp/sample.bin guuid=e1a6904c-1900-0000-65bd-4c5b7d0f0000 pid=3965->guuid=5662184f-1900-0000-65bd-4c5b850f0000 pid=3973 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-06 06:53:07 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gc4tyzcka7qhp63jtlemotthidqmhpckxnomhv3dptkf7g7iza2q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250906-h4tvsaal9y/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 30b93c644a07e077fb699ac8c74e6740e0c3bc4abb5cc3d7637cd45f9be8c835

(this sample)

Mirai

elf 6adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09

  
URLhaus
https://urlhaus.abuse.ch/url/3618459/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3618481/
  
Dropping
MD5 7adbd6f6da7e2529f2932f2c2b609c23
  
Dropping
SHA256 6adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09
  
URLhaus
https://urlhaus.abuse.ch/url/3618285/
  
URLhaus
https://urlhaus.abuse.ch/url/3618964/
  
URLhaus
https://urlhaus.abuse.ch/url/3619002/

Comments