MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf
SHA3-384 hash: 10419ef7b598adfb8917aec2cfe2f2285264b7bccd473709194bc5d088f4464f3b869e6aefc253c2029f977d1396cbbc
SHA1 hash: bb0e7a4dc042b1d44eb83f9a18eaff6e6ac13fcb
MD5 hash: 8409ae4f4d91b47c8549489d35f3f96c
humanhash: july-pizza-uniform-berlin
File name:rt.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'961 bytes
First seen:2025-09-06 07:32:00 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:jiiKQp0AQn7VSKUQZu6jhzSQ5hQJyiMzQdjQpt13QZkQXNbj:ji22n8KdZu6NzfgwwGKbB
TLSH T1BF4149EC220346776D126C67FBE48D49B689C3DBD5D22F05B4D8B4BC20AEE08D891747
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://bot.orcacrash.site/bins/abba.x866adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09 Miraielf geofenced mirai ua-wget USA x86
http://bot.orcacrash.site/bins/abba.mips6d1673f67c4a2897f8bc24598c0716502511e931990cb51b64f7cdccd0190c31 Miraielf geofenced mips mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.mpslc3054655124cd9a33684cb89c8ee58a0d5c4b3288a68e4a83e379f9d72dcc5f9 Miraielf geofenced mips mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm442b342023a9ca213acbac43528a054c03ae4b5fb5f2be0aab044768b1d7669a3 Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm5489d87898d55f30c9f9a20376cb0ad0e3d1ba73e9d35c9721dd17ab38d2de69d Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm63d571fb731456d2485ae4b173a2d93d4819a12be18875fddc8fc3d647e5f00b1 Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.arm75455e286f922182a8ebb228e6e2736c017b0fdd920b0fd8b28ea5f341207b1ca Miraiarm elf geofenced mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.ppcb412664ac309ca0229a898fba550816a9aef19b74f456a1940d5c374ca1de2af Miraielf geofenced mirai PowerPC ua-wget USA
http://bot.orcacrash.site/bins/abba.m68k6b6c682bb2302870c36221b164656827f6ea76cfc1956c0583d0f7b7722c41b0 Miraielf geofenced m68k mirai ua-wget USA
http://bot.orcacrash.site/bins/abba.sh456bbbd96f4bff19c403bbefd05831cdf49b825ae9f7b98a348f46975ad8de656 Miraielf geofenced mirai SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-06T03:32:00Z UTC
Last seen:
2025-09-06T03:32:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/43d85bcc-8d52-4de9-bfec-f6421170c4fd
Behavior Graph:
Download SVG
%3 guuid=de91a96d-1900-0000-7991-ee5d64140000 pid=5220 /usr/bin/sudo guuid=8919986f-1900-0000-7991-ee5d65140000 pid=5221 /tmp/sample.bin guuid=de91a96d-1900-0000-7991-ee5d64140000 pid=5220->guuid=8919986f-1900-0000-7991-ee5d65140000 pid=5221 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-06 06:53:38 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lixpygyvp4cjar632tb6kwe2dt2kvkxug5x3qb7pp2g3qxqjfdhq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250906-jda6esswa1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5a2efc1b157f049047dbd4c3e5589a1cf4aaaaf4376fb807ef7e8db85e0928cf

(this sample)

Mirai

elf 6adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09

  
URLhaus
https://urlhaus.abuse.ch/url/3618482/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7adbd6f6da7e2529f2932f2c2b609c23
  
Dropping
SHA256 6adf15fd1fde656fa13739aaa90abb335338792d7f9b5a95c97fbc35bda71c09
  
URLhaus
https://urlhaus.abuse.ch/url/3618917/

Comments