MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9
SHA3-384 hash:	63497fb8624380fbb13066d40af26a5e172c881d7579dace330062201aa21d76b2a1ccfa06f666a4e16cacf6c1b40384
SHA1 hash:	ecfc6ca51a882fa03131e3fd0c3040d9874b53a7
MD5 hash:	6431694e1042c001beccc9b530077a9f
humanhash:	lamp-nine-robin-grey
File name:	bee
Download:	download sample
Signature	Mirai Create hunting rule
File size:	915 bytes
First seen:	2025-04-06 10:07:40 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:EaahsXRaPp7mdRfAj9xrtY/X6NIl5wLGjn0LKr3AtpJZ8tST:EaahgkRJj9xriP6NI7byKrAtpJKtu
TLSH	T18811E7EBE4540B16840EED1FF537D55E3050C29B526F07C4BCDC243DC9D9D18B224A68
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://42.112.26.36/zd2/mips	fba7bebf259ea5904705b2ce98b73a7ef017b7cf64565779a1afdfc437a46ef0	Mirai	elf
http://42.112.26.36/zd2/mpsl	d03b5802a4b100ea40955e03384d9d904ff17801d6254a06563d96028b440c93	Mirai	elf mirai
http://103.175.16.117/K5CgAqHhJXCA	f6156332e0cef3faee0a6de425d5cfbcf73a2a9ee901bdbde613d345770973bc	Mirai	mirai ua-wget
http://42.112.26.36/zd2/arm	1a6802bea6ffdc55432fc3d7908e79ac74163868d3e6d027e33b27d723b4febc	Mirai	elf mirai
http://42.112.26.36/zd2/arm5	2fe73469585483a503006d519deaa40b780cc4874a583d7e568173bc4bece315	Mirai	elf mirai
http://42.112.26.36/zd2/arm6	n/a	n/a	elf
http://42.112.26.36/zd22/arm7	n/a	n/a	elf
http://42.112.26.36/zd2/sh4	136b60f9c25a7194c7a5a35b43d2617b5e7acf8fc02c26c6578eb9fcb0d2788d	Mirai	elf mirai
http://42.112.26.36/zd2/ppc	8903fe9cf6c0a39b21500c9379b7f6c2c16a1ae62215a38d73be579674fe8b63	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67f39022e011fe619fabdec3linux22vpnfull_triage

Tags:

phishing agent overt remo

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive lolbin remote

Link:

https://www.filescan.io/uploads/67f252912d430c849e08c76c/reports/e9c631ea-266d-4772-9959-4aa8122a9ae9/overview

Verdict:

Malicious

Labled as:

Linux.Medusa.D.Generic

Link:

https://www.hybrid-analysis.com/sample/31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9/

Threat name:

Linux.Trojan.Vigorf

Status:

Malicious

First seen:

2025-04-06 11:36:00 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ge3i3x5yzivxum2ou2mggenwdrevthnkstm4ifmyzxl7exv2dlmq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/31368ddfb8ca2b7a334ea6986311b61c49599daa94d9c41598cdd7f25eba1ad9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.