MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40
SHA3-384 hash: 781081d5fc3c80e90d0c226cea1bd836afcfe83fbdc0a62b80e50f11a8e37201dcc4eb7e15bacd255c16a6721637a89e
SHA1 hash: 3a6b773b1f16b5c0ba86fef7a4e501446aec16b7
MD5 hash: bfcb2f15738221435f6ef314255e78a5
humanhash: golf-angel-april-double
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'314 bytes
First seen:2025-08-21 08:21:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:ikQmkxIkyWk1ok/QkHskUSkoWk/aLkCmkVEkvMkqmkYZYBgJsk7wk:CCBgJ5
TLSH T15D61A5FB078545735CEE8EE3B1A84529719842ABA4DE0FF95BECA5E40C4DFCA2C41E41
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.14.92.254/00101010101001/morte.x8698a08153ae3856d66cbb485d14384d16b3412edc02b1cedb5ab7f7088fec732e Miraielf geofenced mirai opendir ua-wget USA x86
http://185.14.92.254/00101010101001/morte.mips02791c8e66fd555038e212af232ae33dea2aa32149e34ad6b05247ed9d42bf9a Miraielf geofenced mips mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.arccb3a31fad83f0b73e35f695169bb2c8af3abeeb23c71d8156f82e2efa6d6c9d8 Miraiarc elf geofenced mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.i468n/an/aelf ua-wget
http://185.14.92.254/00101010101001/morte.i6862ab5e8e9e782736799502c77f21f308bc81eb7afc05a20cd3c12cfd3b87a08a3 Miraielf geofenced mirai opendir ua-wget USA x86
http://185.14.92.254/00101010101001/morte.x86_648a84d5daafc0c5b774caaa7b1d81c84a3a11493c5e5b37af71067fd42bcd3afa Miraielf geofenced mirai opendir ua-wget USA x86
http://185.14.92.254/00101010101001/morte.mpsl6c68a4c3fd2d7b7a0452910a131ad0bfcc0828841236568cac4fdee5602e027d Miraielf geofenced mips mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.arm128e2eaa4b5bc0f0fa6a912c83b1a93e15f8938e2f191c32b632ad730bbf5ded Miraiarm elf geofenced mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.arm58e5d79d0f9d154588fbe6f46f2bcf01ebf56a6843580f73b9b2ecc8853045959 Miraiarm elf geofenced mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.arm6e6a1bf91f82475a944b0b17cc3e2ac7b0d42873438c46124b0d1b92ff7736b02 Miraiarm elf geofenced mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.arm7bfe51a757880dbeddeb894c2547d213741ec94512d2ae376d6efd1669246be67 Miraiarm elf geofenced mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.ppcc1c6aeea507d812202db3c6f14bb37de47fe43131272643c634f782ce6adce30 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://185.14.92.254/00101010101001/morte.spcb7889be6f61ea0a974ca961cadd8a435e688bf64b0c110ebcf6ca04551ce5933 Miraielf geofenced mirai opendir sparc ua-wget USA
http://185.14.92.254/00101010101001/morte.m68k53697f8b50b170a2bcde95ab606cfa4b3ddce102f1dc64276a230edb6cdcc305 Miraielf geofenced m68k mirai opendir ua-wget USA
http://185.14.92.254/00101010101001/morte.sh421296e5d9b334b070c54fbb3f245b81a250bb5c77618cf00205d90fc393a49cf Miraielf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-21 05:24:52 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkubfq7y5nbtmovhsiarsfglzuwq4muhubtrarr5dp6yf4sqrzaa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery execution linux persistence upx
Link:
https://tria.ge/reports/250821-j9seks1tb1/
Behaviour
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
UPX packed file
Enumerates running processes
Modifies init.d
Modifies rc script
Enumerates active TCP sockets
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4aa812c3f8eb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4aa812c3f8eb43363aa792011914cbcd2d0e3287a06710463d1bfd82f2508e40

(this sample)

Mirai

elf 98a08153ae3856d66cbb485d14384d16b3412edc02b1cedb5ab7f7088fec732e

  
URLhaus
https://urlhaus.abuse.ch/url/3607832/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3607613/
  
Dropping
MD5 18d11f5a4f9c45a4d4ac869488404672
  
Dropping
SHA256 98a08153ae3856d66cbb485d14384d16b3412edc02b1cedb5ab7f7088fec732e

Comments