MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea
SHA3-384 hash: 021472252abdec42a700099f6410778d2806b579cee3b1c3ec606d7dbcaf1771509bde6a25d02aa164afc43dd4308672
SHA1 hash: bbac008989ec1d4d3fc5a91c8bd86fce61a02641
MD5 hash: b13fccbbed24a1bbea069973786288fd
humanhash: tennis-wolfram-timing-zebra
File name:giga.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'528 bytes
First seen:2025-08-11 00:01:54 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:Iv3CMWQ/pN/lJ/Y/d/E/nnad/W/b8/K/IGtGjG/mqZ/j2/2dE:SNzrE54nna5GbAS70imqtyP
TLSH T1F251A7CC01654670AC6249AB7AE7C104BACE949F6CC39FF7A4E93CE540CDD04AA80ED3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.42.88.217/HBTs/top1miku.arcn/an/aelf ua-wget
http://89.42.88.217/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/top1miku.i686n/an/aelf ua-wget
http://89.42.88.217/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.systemd-jdn/an/aelf ua-wget
http://89.42.88.217/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://89.42.88.217/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2d7220ef-3054-49ab-b680-5f1267bb1d80
Behavior Graph:
Download SVG
%3 guuid=53d26421-1600-0000-50be-366c010e0000 pid=3585 /usr/bin/sudo guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589 /tmp/sample.bin guuid=53d26421-1600-0000-50be-366c010e0000 pid=3585->guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589 execve guuid=2f8b8d23-1600-0000-50be-366c070e0000 pid=3591 /usr/bin/cp guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=2f8b8d23-1600-0000-50be-366c070e0000 pid=3591 execve guuid=6d21ff27-1600-0000-50be-366c150e0000 pid=3605 /usr/bin/wget net send-data guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=6d21ff27-1600-0000-50be-366c150e0000 pid=3605 execve guuid=ec04a2da-1700-0000-50be-366c78130000 pid=4984 /usr/bin/curl net send-data write-file guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=ec04a2da-1700-0000-50be-366c78130000 pid=4984 execve guuid=600a1b1f-1800-0000-50be-366c23140000 pid=5155 /usr/bin/cat guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=600a1b1f-1800-0000-50be-366c23140000 pid=5155 execve guuid=2af3691f-1800-0000-50be-366c25140000 pid=5157 /usr/bin/chmod guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=2af3691f-1800-0000-50be-366c25140000 pid=5157 execve guuid=7a90e71f-1800-0000-50be-366c29140000 pid=5161 /usr/bin/bash guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=7a90e71f-1800-0000-50be-366c29140000 pid=5161 clone guuid=70431720-1800-0000-50be-366c2a140000 pid=5162 /usr/bin/wget net send-data write-file guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=70431720-1800-0000-50be-366c2a140000 pid=5162 execve guuid=334cf868-1800-0000-50be-366c65140000 pid=5221 /usr/bin/curl net guuid=32d74223-1600-0000-50be-366c050e0000 pid=3589->guuid=334cf868-1800-0000-50be-366c65140000 pid=5221 execve 04c56e7c-282b-5750-bed9-7d1d59974342 89.42.88.217:80 guuid=6d21ff27-1600-0000-50be-366c150e0000 pid=3605->04c56e7c-282b-5750-bed9-7d1d59974342 send: 144B guuid=ec04a2da-1700-0000-50be-366c78130000 pid=4984->04c56e7c-282b-5750-bed9-7d1d59974342 send: 93B guuid=70431720-1800-0000-50be-366c2a140000 pid=5162->04c56e7c-282b-5750-bed9-7d1d59974342 send: 138B guuid=334cf868-1800-0000-50be-366c65140000 pid=5221->04c56e7c-282b-5750-bed9-7d1d59974342 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 00:02:24 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmvgndxpmz6lacxrb3yclvugre4u6mvmoenteufyk4l6r4sru7va._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/250811-abml1ax1dx/
Behaviour
Reads runtime system information
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.42
Link:
https://yomi.yoroi.company/submissions/5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5b2a668eef667cb00af10ef025d68689394f32ac711b3250b85717e8f251a7ea

(this sample)

Mirai

elf a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

  
URLhaus
https://urlhaus.abuse.ch/url/3592539/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f530e40e89fe6c93f70c073237e195c
  
Dropping
SHA256 a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

Comments