MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe
SHA3-384 hash: b43d2900d84ba7539d2ca201125657eff3aa67ca0d83fe0fedb8fbe3bf7770248afb93a2be859d67cc29ad32da427975
SHA1 hash: 531b22993b3934fbf1d1cbb51e3e34dfa517ede0
MD5 hash: a1dc607ed5735537cbd81310c0a12e03
humanhash: shade-oregon-five-august
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'284 bytes
First seen:2025-11-18 17:40:14 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:Itd9D9Tsd9a9Sd959od9m90Td9s9xsd9A9md9GO9GnJd9L9YLd9Y941Ld9gO9gN6:iaPEDJtWvJqJLaJ/x3MLS9Y
TLSH T13B6172C9205246F02CB98F2723AD856471ABE1BB1CFF7F45D5EE24E884ACD96F140782
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.59.247.208/windyloveyou/windy.x863fc03da2b086a20cfeb572fe0eecdf99cd79cc0b5912ea1d9aa44090dcc0f9e6 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.mipsbf6b0faaecbe04385340f224de3878b9c8bb69bfce1fd3b0e3e8a0c32b99531a Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.arc0416c8bef32589f967b99afb6d0f6d732b92c2d2bd175b946d086d36436cd2a3 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.i468n/an/aelf ua-wget
http://139.59.247.208/windyloveyou/windy.i686987e6b9f0ce922f2619394e636cbfc43974b95dd1c62c38bb7edbbaf503884af Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.x86_64603d383dd003b84b3dec04e84a9d89449c647442e687b633850401abc73661d0 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.mpsl88d3efe82716b0c7f4c8d638fad7de418a42f978f03b7448637041a30825f98c Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.arm24ab0d2047629177539560dd033a45ada43f485e2b3426e34a00948054c867d0 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.arm5dcf780bc56623e229c45ba994ed1715d08a3819d42df6c327edb4cade2e9c1c4 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.arm63e34149ef68f83ee3af7a5592e6fa7ae578b760414bd3d7a0b16b9bd035c0174 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.arm7125f69fac702b60a35ab6198e07a17ad7991a4b438a136d8a599b71e0231954b Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.ppc658d3203fb16ac1857f399618e8db9d9717279d8b174592141d34ac5a2b0dd55 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.spc9002671c1d691803fb24bcb8292a58004569f8e584b18bd7a64082bdab495fd5 Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.m68k0062dfafcf30a95d5b30831430ff57a33ba8206e3e843181f25359a0c10a820d Miraimirai opendir
http://139.59.247.208/windyloveyou/windy.sh42601f3cd730b34172d36924782bd0ff2df0e83bdb2e8641d4cd156ca3642ea59 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/691cafaffcbc096cc8bfdba4/reports/66547a45-5195-4cd5-ab8c-adeefd6a380a/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-18T16:15:00Z UTC
Last seen:
2025-11-18T17:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d67af943-802a-44ff-ac26-3e31189a729d
Behavior Graph:
Download SVG
%3 guuid=128727fe-1900-0000-07b1-fc643a090000 pid=2362 /usr/bin/sudo guuid=154ef8ff-1900-0000-07b1-fc643f090000 pid=2367 /tmp/sample.bin guuid=128727fe-1900-0000-07b1-fc643a090000 pid=2362->guuid=154ef8ff-1900-0000-07b1-fc643f090000 pid=2367 execve guuid=3087d600-1a00-0000-07b1-fc6442090000 pid=2370 /usr/bin/cp guuid=154ef8ff-1900-0000-07b1-fc643f090000 pid=2367->guuid=3087d600-1a00-0000-07b1-fc6442090000 pid=2370 execve guuid=58342d0a-1a00-0000-07b1-fc644a090000 pid=2378 /usr/bin/wget guuid=154ef8ff-1900-0000-07b1-fc643f090000 pid=2367->guuid=58342d0a-1a00-0000-07b1-fc644a090000 pid=2378 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-18 17:40:47 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mebokmnhyhd5fjjpwyuuvbvh3hnfwsg432fbshylpplmpxvrxw7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/251118-v887gsxnez/
Behaviour
Reads runtime system information
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.11
Link:
https://yomi.yoroi.company/submissions/6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6102e531a7c1c7d2a52fb6294a86a7d9da5b48dcde8a191f0b7bd6c7deb1bdbe

(this sample)

Mirai

elf d9cc85bc8eb5a36032ac19e8e5d98770371f09ef7c84420d8df9bbbf86172e11

Mirai

elf 3fc03da2b086a20cfeb572fe0eecdf99cd79cc0b5912ea1d9aa44090dcc0f9e6

  
URLhaus
https://urlhaus.abuse.ch/url/3711547/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3711581/
  
Dropping
MD5 8b05f86b54028d6cc85b7422ca5dfe19
  
Dropping
SHA256 3fc03da2b086a20cfeb572fe0eecdf99cd79cc0b5912ea1d9aa44090dcc0f9e6

Comments