MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e
SHA3-384 hash: 3cec1b948a1f4cfe3c4f89d24b03201dbf58b4ea00d07a67a38811fc9894b454ee90e10680592ced59e5e89767d67973
SHA1 hash: c313eaeaabc6ac2d9ea8e1b66576c3a08c277365
MD5 hash: 2090dbcb1a907982ff87072c2844c6fa
humanhash: texas-alpha-oregon-oregon
File name:tpfuckyoulink
Download: download sample
Signature Mirai
Create hunting rule
File size:3'711 bytes
First seen:2025-11-13 01:06:14 UTC
Last seen:2025-11-14 00:35:13 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 96:wqSt8+F2qjo7+kJqUjC+rEq2RG5+qPq5ah+ZSqoni+Ylqoni+fAqjo3+OLqStY+2:j+F6+kO+rV5+qn+ZH+YA+fa+OY+dW+LS
TLSH T11371E59E858193743CE14367ABB92810B08FF94221DBCAD5F8D8385DD03DE4578C639A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.183.232.177/chuckfuck/woah/nignak/wewe10.johnsmith31ba19427f633ecc9a3ce46126174214ba3bd4c88add6af187bf1033bec6128d Miraielf geofenced m68k mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe11.johnsmithc7500625f946b9a6ace8345cad976ff68cefda4645b04f431a8eb90a8ee9f210 Gafgytelf gafgyt geofenced opendir SuperH ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe12.johnsmith447b12c852e859924af85e80f6dc091336df554dc0fe6917fbe2b2a1583c7739 Miraiarc elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe1.johnsmithb736dff48bb383db58c0bafe0aba198c2514791c211d638d5a1bff900d4756d5 Miraielf geofenced mirai opendir ua-wget USA x86
http://94.183.232.177/chuckfuck/woah/nignak/wewe2.johnsmith8bfdfa1eda7dadba0dae04364ba346892997a495f318785f6c91429ba878d826 Miraielf geofenced mips mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe3.johnsmithe01088531f64f8ecff9dcc3d9f0062b00f40b8ae1eb4af5bb013754f31d9beb2 Miraielf geofenced mips mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe4.johnsmithb368bec6196ef9aeba8abf94993e4e2aeedb4ddc7567488949a97e908890a0d1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe5.johnsmithbce34aed842502447e7e303932a358422bee070d4be7b8e5044339e743719242 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe6.johnsmith5ade0e303b3889d40d568be538fa4e7981f776498b0960bf8da3f70a62ac4cd3 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe7.johnsmith7917c8cc42944b829e0c5fefc9b2fa418cc385058695e490f1e544a27c160849 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/chuckfuck/woah/nignak/wewe9.johnsmith92f7d47dee7eedd6b6b08e3cc63f1e54922d56300cc5ea347023985cfbb17fbb Miraielf geofenced mirai opendir sparc ua-wget USA

Intelligence

File Origin
# of uploads :
3
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-12T22:23:00Z UTC
Last seen:
2025-11-13T10:18:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6ac5fb82-6df3-406c-a792-fc254c614d94
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-13 01:07:25 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ht5dqqtpzxob75wwc2y6ovjjdddbhvh3mmvfyshtrdy6waiulwha._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251113-hd8k9acs3c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3cfa38426fcddc1ff6d616b1e7552918c613d4fb632a5c48f388f1eb01145d8e

(this sample)

Mirai

elf 31ba19427f633ecc9a3ce46126174214ba3bd4c88add6af187bf1033bec6128d

  
URLhaus
https://urlhaus.abuse.ch/url/3704012/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3704013/
  
Dropping
MD5 a2623bece5fe54397bf85586b5d7da2b
  
Dropping
SHA256 31ba19427f633ecc9a3ce46126174214ba3bd4c88add6af187bf1033bec6128d

Comments