MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8
SHA3-384 hash: 1f0fc7071f9f42218f2835e4cbfe793780419674a72081c9357b9406a242c4812c68960b3f4a0ba176d2d19029b1c594
SHA1 hash: 1ce266fa1532d0626f1f10354473cea2c0ad95bd
MD5 hash: 072474eab4389fdc5a5e243dbacd84f5
humanhash: monkey-bacon-louisiana-blue
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'714 bytes
First seen:2025-07-28 22:48:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:UbPKBE7m/c7rYJKeRsTcxhA6TfI8TqXVTpuuctr5D+q9Mw:UbPKBE7m/ucKeRsTcxhA6TfI8TqXVTpk
TLSH T1895160855DC205B2ACB6DF33F5AAC6983D8EE0A3ACD8ED9754EE3CF2444DE106414A53
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.73.115/HBTs/top1miku.i58668ba5ec8df1009b7df49156b75101bd0cb995ec7c3f395e89fcaf4e0ffa021e0 Mirai32-bit elf geofenced honeypot mirai ua-wget USA
http://196.251.73.115/HBTs/top1miku.mipsa45df75f26e340d38db002bb1efffbf223090e958d3c89b302e8e3296a70e4a5 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.arc3c50537e42808274d55be2ecc86d0f1a500b4035ab3909aecef40674b5e17376 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.i6864effee870aa7a9d00e6ee7e91507f9baa7cc61f2a73a0ba2ed3313c5d1a1ded7 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.x86_64534ae1dae832cc0346b2668f297d6607146a284d52911745f66287e221e8eb6a Gafgyt64-bit elf gafgyt geofenced honeypot ua-wget USA
http://196.251.73.115/HBTs/top1miku.mipsele3dbf697428e94539ead3bf7be9031446c413d90c23fca0189322902913b9385 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv4lc6d6cd1f14b543ce376cb43f767526b2ee56006597b50d814e29d91ea87bd473 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv5lab3684d9e81eb52ac6d2de5b6cfb2c555ee9f4d281e98d21c7afad6fc7c86d60 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv6le5473a4d57b8ddba7aaf61c94087164f486536eeb92937315d50b11285fcf745 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv7l66dcb48a513212f97ea2d5854a75684e45205ef7df570537b6dccf9a50f884fe Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.powerpc0a5518cc7853e55a323b28b5f624b5fafd9117579b1aa146156673d5119f7a9b Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.powerpc-440fp026e03188789384e1d0de10c3c6600c04fb3c9980723537f46b2021023297396 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.m68k24fceae9a3d9a561b077832522cbb11fc839d32c89b2019cb06374c4a52f269a Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.sh44e30c23211a643f52b7a509c8f9697a5d2b48a8fe84d02141b1be02ee4206c43 Gafgytelf gafgyt geofenced opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-26 11:14:04 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvn2oig3awducha3aql5uec3swxzzmorxt5nboazigfs5dvidpma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250728-2rsxhaslt3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 555ba720db0587411c1b0417da105b95af9cb1d1bcfad0b819418b2e8ea81bd8

(this sample)

Mirai

elf 68ba5ec8df1009b7df49156b75101bd0cb995ec7c3f395e89fcaf4e0ffa021e0

  
URLhaus
https://urlhaus.abuse.ch/url/3591078/
  
Delivery method
Distributed via web download
  
Dropping
MD5 65ffae744843325e8fcd37d3c2b1d44c
  
Dropping
SHA256 68ba5ec8df1009b7df49156b75101bd0cb995ec7c3f395e89fcaf4e0ffa021e0
  
URLhaus
https://urlhaus.abuse.ch/url/3592535/

Comments