MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976
SHA3-384 hash: 5fd5483ca9598d63510cc534be841c49814a40aad84c8a49499492b42409764cf55c4be3b390c253f9890a13037f24ec
SHA1 hash: 17c5d2a49c30f7ddf1ded3e8609e5c4fadd55f20
MD5 hash: a248c675985050ada88a3dcf8068b85c
humanhash: comet-aspen-illinois-autumn
File name:uuu
Download: download sample
Signature Mirai
Create hunting rule
File size:755 bytes
First seen:2025-04-06 10:07:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:oOmKpLFmKnNIl53mKs0LKamKJ/emKXNmaXJNmZCemJLmkVXRFmUhXJLKK:oRKB8KnNI7WKPKVKJ/BKXEgEIBwch8cH
TLSH T1DF01A1F834512366090D9D5C9077DAC7F023D0E506328F0868DD3178CAA8D51F119D68
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.36/arm153a8a2ddd3d18b9a864a7360b8514ceac65ae64ee4e0f058e9ec361ae91d732 Miraielf mirai
http://42.112.26.36/arm572eb6026c66c96d050f30a3da54cb3c85fad70f9f5b805ea8cf543835ab38dcd Gafgytelf gafgyt mirai
http://42.112.26.36/arm6ebfbcbe0c33d53b3f5b5f5e4ac1ec5a8f858ed2aef69c141437e202e3cac75ae Gafgytelf gafgyt mirai
http://42.112.26.36/arm75c0cefe3a02543464efb9a60941a8c28b9359b8d715dcf0c3a9c9094b27d3764 Miraielf mirai
http://42.112.26.36/mpsl994cd87c6f0f7edd7efcc88aa5d5ee7b21f2c273cbe8c887363e28f7727a1166 Gafgytddos elf gafgyt mirai
http://42.112.26.36/mipsd0a8950232e943e951c209a7ac06f99d76b59839b11ac5b0678ab5667a4c245b Miraiddos elf gafgyt mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f39024a695a0cd1fab9b7flinux22vpnfull_triage
Tags:
medusa trojan mirai virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f25293b070fb3f945f6448/reports/81637efa-058f-4fb0-864a-d32b10ab628b/overview
Verdict:
Malicious
Labled as:
Linux.Medusa.D.Generic
Link:
https://www.hybrid-analysis.com/sample/4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-04-06 11:36:00 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2l7c22tap5med3ucss35qkq5emd5247cvyhoiwpmrabdjx53f3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4e97f16b5303fac20f7414a5bec150e9183eeb9f15707722cf644011a6fdd976

(this sample)

Mirai

elf 153a8a2ddd3d18b9a864a7360b8514ceac65ae64ee4e0f058e9ec361ae91d732

  
URLhaus
https://urlhaus.abuse.ch/url/3502690/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3f7cb5a28945b149448d03e329ef02b5
  
Dropping
SHA256 153a8a2ddd3d18b9a864a7360b8514ceac65ae64ee4e0f058e9ec361ae91d732

Comments