MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8
SHA3-384 hash: 992a314f1e8954d2e2bcd27f3852855107ee8f620ba81336c082d2767a884bca53e956e0edfddc85269a82ea81d2650f
SHA1 hash: aa497265c7c6d646c4e6f65513dd9b7f54e536f1
MD5 hash: fad21da0336f5ec9fc9e8801edeed9ed
humanhash: wisconsin-nine-bravo-kitten
File name:goahead
Download: download sample
Signature Mirai
Create hunting rule
File size:4'505 bytes
First seen:2025-12-19 11:15:43 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vUhMV4kUnUq1V4gnUrHrWV41nUNoV43nUEpEEV4EbnUJkV47nUq1V4gnUOZV4snV:vb0pTPYLMzOEprbqZ3b1DIjy1FDxDd
TLSH T1339107E674B5937A7DB0ED7371D6C642B14060ABE4D68C0BF2D2F0E8085EF61E484B86
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x860134ba0d82da47549afbf4ff619fe518bf4863eff0f49c939457cbf81c2d15b8 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips3a07b60b7bf3cbd9767a86a76a77e5fccb5adf9dee1dc7764b751c0a1f4c4d97 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsln/an/aelf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm47bc9d623a3eb1ba73c46550a4207ea095e39d40f97ce628de43834183da6ad7 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm506426a43bc706deb297ee11894e1c87acc0a4231a60b0dfbce4098b871b719b2 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm62c85afccbe6f0e275c639e98db4c4eec6d910bd277a1fe596a3252163b22d860 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7d945325d0279ea26eb1572d3454980a1953721baf9faae04fcf991d27969b6c8 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc051887bfe592e3f5059d7316f2913e13ead1da80061930de8236c4087cadc994 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k2ff7d666206bcb9e440f017a8538337330826fcf9dc1f0542ee062ebd148387d Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc4b0886c739672baa51a2b187f93271e1c15b56450a29a4d39d6b7709152aa645 Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i68647e7f0fdd1ee38d00cc134014546c43db09eb2993bc1318cc76aaa64e595ea9f Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4d0f0ed32a8d834ef6c4aeaa382275e0a26f90898dd304f00fbffab51d964ec0e Miraielf mirai ua-wget
http://158.94.210.88/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc62740c7d5c2cbaed0adbbba12ed865ee2136fae9528a50f296dee8365b488bb9 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/69453400e126b9ff43889cb0/reports/601b69ca-96f0-4e54-83c8-cd48472eb715/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-19T08:25:00Z UTC
Last seen:
2025-12-20T02:40:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-12-19 11:16:19 UTC
File Type:
Text (Shell)
AV detection:
18 of 24 (75.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=grlyr2v3s5kica37efgaotxnfya7n3f6yrlidla6hdtfcf22o7ma._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:unstable antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251219-ndbjeazrdt/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (189978) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
cnc.504.su
scan.504.su
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/345788eabb97/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 345788eabb975481037f214c074eed2e01f6ecbec45681ac1e38e651175a77d8

(this sample)

Mirai

elf 0134ba0d82da47549afbf4ff619fe518bf4863eff0f49c939457cbf81c2d15b8

  
URLhaus
https://urlhaus.abuse.ch/url/3669709/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3725844/
  
Dropping
MD5 36207ad6597e99c6826a0f960122c7b6
  
Dropping
SHA256 0134ba0d82da47549afbf4ff619fe518bf4863eff0f49c939457cbf81c2d15b8

Comments