MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8
SHA3-384 hash: bf5ec18106739093a706078bf5e67ae3f078c05090aceba431ddd5e30b4d96c75bfe3afadca4a9603ac44b5b98e15052
SHA1 hash: 89fc4534b140f52ebef84420b843e3d0f4236ccc
MD5 hash: 0ce735d692827eb3c30a642449846d80
humanhash: blue-nebraska-table-fruit
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'724 bytes
First seen:2025-01-04 13:26:37 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:i/3F3ex3A3a32B3WE3B3c3N3W3Q3M3L3swz:k1uxQKGBnxM9Gg878W
TLSH T1A2719191DA4201741C9A9772A9BB55AAF045B3C734E33B0FF6987CF5618DF006487EE1
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc0b7c0bf25d7092d28d5f7e41087c53309ae1c39f2f8b60517b3e9cd89404312e Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.x8639e7164325dd360f891bf0f9f8e7bebb1c90eb071bb5e98d621793d416647482 Mirai32-bit elf mirai x86-32
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_648462b46a614a1430cc8ee38ec616c52be8a40cb313f4a924d997e3e4bb2cb51d Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.i6863ef4071f6400e80f9fe2cc0b73f4753887cf67baf991c7d6379f4a3a6057646e Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips484b9bfe7ff983a6e55c5304c38d3183bc32e843bb3fed4627d94f9a8a9d4ea9 Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64n/an/an/a
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpslb6e72937a27d08132efb5a7dbcf36ee1170437696ade39fc0217ef6a43347c27 Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm88652bbf95c9ef10f2a72c92d46096bd4d8605e77fbbffadf9d5dfc46e9a58e2 Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm595601c0e7521db857b5640e1ec5e15ef42b0c73d6a5724877a424328a667fc1a Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm61807c743b59f7ca6ab655005a5cda2d2618b8b16392dc7104603ccb3a661257d Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7fbf8b8524b49dbcb4369bc7f84cb321a01fbf956c3c4ea7475e7fcb813ba13cf Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc24f9b7f2f153bade71e8953d874ebf9b7f2e2e0c0434fcbce2b4d79bbc0226bf Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparcn/an/an/a
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68kdca32783ebbbc476651fea7d7ea8ce5bff3c2f03e5723c49a5d80cb6505f86b6 Miraielf mirai ua-wget
http://141.11.33.73/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh402c5a8cb66d88b3c55bcfb54784372504f36f08523e8e421bbe451502213d807 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677937f974a2bd296e269886linux22vpnfull_triage
Tags:
ransomware medusa virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug busybox lolbin remote
Link:
https://www.filescan.io/uploads/67793727d8e3c9589c5d61c5/reports/28500ade-1489-4391-8ff9-c1cda52568ff/overview
Result
Verdict:
MALICIOUS
Score:
11%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-01-04 13:27:04 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbr6vzxzdqu5x6r7vdgzr7qilg6ifrncvro2dul6qbt6ox33ypea._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250104-qp3s5stmap/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6063eae6f91c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6063eae6f91c29dbfa3fa8cd98fe0859bc82c5a2ac5da1d17e8067e75f7bc3c8

(this sample)

Mirai

elf 0b7c0bf25d7092d28d5f7e41087c53309ae1c39f2f8b60517b3e9cd89404312e

  
URLhaus
https://urlhaus.abuse.ch/url/3388566/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1dcd23c847d8cba5b5d634511b6bf9ee
  
Dropping
SHA256 0b7c0bf25d7092d28d5f7e41087c53309ae1c39f2f8b60517b3e9cd89404312e

Comments