MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18
SHA3-384 hash: a5e33278973c10fae30ca0b876c8da37b8c0ed13e63f5335add48996d440c63f1b862d2467d697de696a708b9ee06a4e
SHA1 hash: c34c89acda51f5dfdefe548b5b5bd6a2649f7451
MD5 hash: e8e1ee65dd800664f9cbac6ad1875287
humanhash: bluebird-pennsylvania-quebec-lactose
File name:lawl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'855 bytes
First seen:2025-11-20 10:34:39 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:w78zs6F7zhNLCzqwJG5zXL1hzY+lizthlizm0B3zDKWRYz0lk1tz7+QlezBtJ0z1:5zs+zh8zqH5zXLzYRzt2zmqzDKDz0CzR
TLSH T15981D49B45835B343C80D6A6EDAF17447287FA6200DBCBD4E4A819BEA27DE0878417DD
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.183.232.177/ohmygawdignoreme/wewe10.johnsmithf40328bcb4713ef5ed123f071620ab4266a20e3684c6480bd1f5503e6004f9e1 Miraielf geofenced m68k mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe11.johnsmithf675eadbc12d7c6d3e994fd4f3dfbc89ea1e4e223db211d905a4b1549fc6b420 Miraielf gafgyt geofenced mirai opendir SuperH ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe12.johnsmithf1241fbd06cf10e46f8f2d2cf887cb15df743c96b045e1de8770f47822187aba Miraiarc elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe1.johnsmith9fd930b3b809af86c55193eaedffb3921760bdd86164b3e210e1419ff1504dc6 Miraielf geofenced mirai opendir ua-wget USA x86
http://94.183.232.177/ohmygawdignoreme/wewe2.johnsmithfd43cd285c221153bd79cc46a623a0e7084711f50a3854429e7459b3bba8cc99 Miraielf geofenced mips mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe3.johnsmith186c6815d14dec2e9281bc4bb1aac9f7fc3c46f711fdad86c910dc3d6bfb1caa Miraielf geofenced mips mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe4.johnsmith16d8dc0bb359acb95207e3f6678f86e7a88a9b9a27bddafb426b81e93f9db91f Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe5.johnsmith670251565543d34305ec08e0a2199387b61a79ed28d159c570c6d2ab3bf0a6e7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe6.johnsmitha6415db151d92170e48488c645bf4dd220a5359ba938108e8c98ec712592b25a Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe7.johnsmith936b7a63ce57e9d34cfbbc08a236c21b0a7295d08b890c0e33498174572903ee Miraiarm elf geofenced mirai opendir ua-wget USA
http://94.183.232.177/ohmygawdignoreme/wewe9.johnsmithe1d5f77d935de6feeae4fdf20a1f88728b1ef29d0dd089d4201c57b9aa454cb5 Miraielf geofenced mirai opendir sparc ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/691eeeeb05386ce62550fa4e/reports/6fded1a8-f6f4-46dc-940d-823a583fa588/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-16T01:43:00Z UTC
Last seen:
2025-11-20T10:58:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b58837f3-d182-4e97-9065-d114962065aa
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-16 14:33:43 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j46admcz7x7icz5ygqpu5anxekglhmybodhhx7phzxqjtlq2rmma._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251120-mmv4qsxrcr/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4f3c01b059fdfe8167b8341f4e81b7228cb3b30170ce7bfde7cde099ae1a8b18

(this sample)

Mirai

elf f40328bcb4713ef5ed123f071620ab4266a20e3684c6480bd1f5503e6004f9e1

  
URLhaus
https://urlhaus.abuse.ch/url/3712724/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2d69dacbdca3560c5f9a41f182c2e639
  
Dropping
SHA256 f40328bcb4713ef5ed123f071620ab4266a20e3684c6480bd1f5503e6004f9e1

Comments