MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217
SHA3-384 hash:	14db6cb40a804648d4519102ba1ad50c2e5f984869913deb1159495dbdf02e15773ca08a3a12b6a41dc8996a109a4d01
SHA1 hash:	5505e5f19147e5c9797f613de0d491bc97c94147
MD5 hash:	d67dcbe15c591a144b1a606793134c51
humanhash:	montana-hot-diet-oregon
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'509 bytes
First seen:	2025-10-08 18:27:15 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:It+D4s+U/+xXV+sjb+mF8s+CQY+7h7vJ+3uC+SwCL+O8hO8NIuHks+W7WK6wCs+/:iEpu9xRwYGlBcPLUJu+TmMrw
TLSH	T1E6713A8D20952B73185DEE36E26BE59733C78096E7CA4E56F8DC64A8405CE1C2740FCE
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://62.72.44.49/executorloveyou/executor.x86	4c8d84766919970863d17dc584456be71e4e83bd7e9a49c757abc90f169382b7	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.mips	4f926dbbcb5cde583b0219c0cc7c7b044b3d63d3706b7859b0761739e1206dbd	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.arc	72da919821739d45c7063f59bd40acf8d81484a79ebfbcc4a1917dfb14e2a080	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.i468	n/a	n/a	elf ua-wget
http://62.72.44.49/executorloveyou/executor.i686	ecb681fd70fa7206daae04969c4dd68d0f8628954d21c840a0d1420436a00d89	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.x86_64	61ec8368f202ae376de9147b2d6d9db7080dd7542524f85ce854b83fa274e8dd	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.mpsl	94bf729a461aaa5ea64a1eac62e389c3e448310ede53019d3bd2fcaf982be876	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.arm	8f34929c4a1ec3c340f19e8dd84db21dee6447b8ed95b6962af51340a453330d	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.arm5	0a6db04000d3c1326926aa00b84a6b6bca65d4a5e12947ae529fc2d4ac40db54	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.arm6	9e4690ae50d03eb950b5701e67675fe55c04bf140efb2644aa8825564967732b	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.arm7	4f3ae18842e9d5c3ef3cce9e195ddb8264d408d70a71a30799c3496aa4d3308f	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.ppc	b99b9ead168d33cad6378710c8822cacec9b9c875a2c6b8e76af1b6410688960	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.spc	a364aab19883159f71e56fdddf9db3c0e887c959cb3a737c208e590ac5bea250	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.m68k	472d9575f4e50b95112b5f63761df4099fbf3f2c816eea0077c4afe90db56dad	Mirai	mirai opendir
http://62.72.44.49/executorloveyou/executor.sh4	1d0b927a8ea35d87f944850fa51e9786e766f4465c1b8116c8aea9aec4a02622	Mirai	mirai opendir

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

Link:

https://opentip.kaspersky.com/37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/a99745ac-07a9-41ce-a438-fc0681175938

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-10-08 18:34:31 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g5awulgshxgyarhtlnz2imfm7fwvtn66ywy2hojx3it3z63pkilq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251008-w7cybsbr8v/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware Config

C2 Extraction:

eagle1997.executorstresser.ru

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/37416a2cd23d/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.36

Link:

https://yomi.yoroi.company/submissions/37416a2cd23dcd8044f35b73a430acf96d59b7dec5b1a3b937da27bcfb6f5217

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.