MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a
SHA3-384 hash: 6a542b4955b1eec1dcd16eea7b47f7e20eb58d54a54634cd65de349c07013bdbb1ca6f4f79b4cfc2be47863777409fb3
SHA1 hash: 19ad92b3cad8471040b23f83b427b48239f20f25
MD5 hash: 5acfdc791ea7363a2219bc210a06d161
humanhash: bluebird-blossom-ten-william
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'628 bytes
First seen:2025-06-18 11:31:08 UTC
Last seen:2025-06-19 05:09:51 UTC
File type: sh
MIME type:text/plain
ssdeep 24:UCxKhC121IikCTnyCuICK9+Cv8CIEtuCyJ6C0UWnCwdGC2Q2IKYaC2202sYlCvoL:U7hi26jo4jT596vPG2Kd+uKzL
TLSH T10551A58532619A303DAA5D36B3FB540D3680A8631CD81D155DEC7FFA4A8CC4A358AB67
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.30.44.120/dwrioej/neon.i586c5794991f1ceca147265864150f2a8c245ec60ab0462abc0cf2d00543b74b3b8 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.mipsf77e4acbd6326bd6ebfed249313eb3f99069751a025f978e7e1a88e9c711a1f6 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.arc4dce5f6b955b2456cb81f5625afdba3e8ba361a8d7e6597de1083721d74cc16d Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.i68631d8145ddf9912deb0222f31c52e3c75f3918f805f20038337728443be40f277 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.x86_6492a79801513ef6941ab613b53691339d35bda1a353414009bc9a4a75d4e34b66 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.mipselc07f3fb9f3251b3448ddedb0169a4b69d6d614eaaa70bfb1b91a180e812352fe Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.armv4la47012567e4ef274f837186c0cb1bdc9df87529d16b0932521da38bd7dc4e76a Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.armv5l70cddc0a6c24918bb16a4db01d74f6e14b76655cfcc3e119df3d47fd0d026b7b Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.armv6lc0203d4a204525281f9f39bbfb62946d8162852000256dbf45629bcd2cf50c3b Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.armv7l9892aa1cedc01466f2f5a606155e3589661350a2795f84593667ed2996415a76 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.powerpcd8307e926f92c19d71a188722c7527b48d1e5d4d291a820c0aa82c7aff61994f Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.powerpc-440fpce170ef64daa43aff21cb7dc0dc9c9d2209aebaec5457935023aad89bbabc054 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.m68kac627b19ca80a14f772635365f464d6c797bc7b23e20a644ea3604da98202d77 Miraielf mirai opendir ua-wget
http://160.30.44.120/dwrioej/neon.sh4b6d6ac4bb29f671fd57e2168e944c1d00045933fb27b182e1eec65f088978e60 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6852a6522cd8cc1f2022390blinux22vpnfull_triage
Tags:
backdoor agent overt
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-06-18 11:34:28 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzxdiauhyuwrql67aedes7m3j7zr6mpzflztoeht7g6jrjgrqqva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250618-nm79qszthy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 366e340287c52d182fdf0106497d9b4ff31f31f92af33710f3f9bc98a4d1842a

(this sample)

Mirai

elf 2877a98a36f77d67b72b8202b855e00e441e3370304b45cb41038669d6153a68

  
URLhaus
https://urlhaus.abuse.ch/url/3543233/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3559970/
  
Dropping
MD5 c0808cc74280bbdb3c00ba19a2a020e0
  
Dropping
SHA256 2877a98a36f77d67b72b8202b855e00e441e3370304b45cb41038669d6153a68

Comments