MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9
SHA3-384 hash:	7585b8281d4428929859238e8a00a19a3db615b7df31bcaa9fac02f83ab2f0fb560da7c173f1df0fc6cf8658103c6812
SHA1 hash:	91dcf2b021ad6aa28f379b75fdc51f3621de3578
MD5 hash:	4269ea8b1787afb0c8dc4ada78a452ba
humanhash:	fifteen-cup-music-harry
File name:	ohshit.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	2'866 bytes
First seen:	2026-04-05 07:08:33 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vPmD0PPW9bPfAfFahPgAgFLhPdUfPlsHPZep4PiXsP90/PO7WPjy9PPWPPkR+PIu:vPmD0PPW9bP4NGPXu9PdUfPlsHPMp4Pe
TLSH	T1A4517786003157781CF7AB2FF6F56198B0D1506634E56F48C6D839B54F8ED54BC40767
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

38

Origin country :

DE

Vendor Threat Intelligence

ACCE

Gathering data

ClamAV Detected

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Alert

Create hunting rule

FileScan.io

Gathering data

InQuest

Result

Gathering data

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-04-05T04:07:00Z UTC

Last seen:

2026-04-05T04:08:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/94dbbbf9-e302-4f39-84f2-712ed5ed83d2

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9/

Neiki Family.MIRAI

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9

ReversingLabs TitaniumCloud

Gathering data

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gun2kjg5wr574afiqaoxxd4gnft64v2w6xp4z6gd37xiypyfw6uq._file

Hatching Triage mirai

Result

Malware family:

mirai

Alert

Create hunting rule

Score:

  10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260405-hyvj5abv4k/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Mirai

Mirai family

Malware Config

C2 Extraction:

cnc.xenema.vip

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/351ba524ddb47bfe00a8801d7b8f866967ee5756f5dfccf8c3dfee8c3f05b7a9