MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6461da69aa962db95ecfb349e8dec95670bb0ac310ad08e87f343ac42125c5aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6461da69aa962db95ecfb349e8dec95670bb0ac310ad08e87f343ac42125c5aa
SHA3-384 hash: 0adc852208acd0b67474a5f237ae667be8d1de92e9e02625b26c38ea54b4ad42854426f780ec98ad78aabbe913dd8585
SHA1 hash: c2308b075133613d58868978d40beaa201509587
MD5 hash: 3f6fc668d036b2f07516a35dab55520e
humanhash: california-seven-hotel-thirteen
File name:sploit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'537 bytes
First seen:2025-11-24 04:57:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:wP8MMOo85MqM0IMIMBUvCLRMeMm6AcM+xM5eMnxMRMChrQ:wP8M15MqMRMIM+aMeMNM+xM5eMnxMRMb
TLSH T1BE517F9F82B215342C52681231B70664B0B446D744C9DFE388E83EFAF0ADC46DA57FE2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.200.220.115/sploit/fuckyou192280bfd9013c86f0ca3229656a2b9a7f27bf617d98a048493bdbdba1f99ed15 Miraielf geofenced mirai ua-wget USA x86
http://91.200.220.115/sploit/fuckyou2n/an/aelf geofenced mips ua-wget USA
http://91.200.220.115/sploit/fuckyou3390f17c33e36fc42f8a471b949126fe2b97e22dfbe01fd7f5ce8b57b0abcd982 Miraielf geofenced mips mirai ua-wget USA
http://91.200.220.115/sploit/fuckyou4d00972ea9879e13aef538e68df470ea18ea8191206871a1b8629457e63b63856 Miraiarm elf geofenced mirai ua-wget USA
http://91.200.220.115/sploit/fuckyou5n/an/aarm elf geofenced ua-wget USA
http://91.200.220.115/sploit/fuckyou6n/an/aarm elf geofenced ua-wget USA
http://91.200.220.115/sploit/fuckyou7n/an/aarm elf geofenced ua-wget USA
http://91.200.220.115/sploit/fuckyou8n/an/aelf geofenced PowerPC ua-wget USA
http://91.200.220.115/sploit/fuckyou91c828c43e8a1c55b4c48e0b787c7ee5d8ccd4e2c5f441b783266ed64e35cda83 Miraielf geofenced mirai sparc ua-wget USA
http://91.200.220.115/sploit/fuckyou10n/an/aelf geofenced m68k ua-wget USA
http://91.200.220.115/sploit/fuckyou11n/an/aelf geofenced SuperH ua-wget USA
http://91.200.220.115/sploit/fuckyou12n/an/aarc elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/6923e5b3e5743ce589e7a0ae/reports/0acbd53c-845c-44dd-8c00-0f2355c484fe/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9f705c7a-db5f-4f3b-b5cb-257fd72dedd5
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6461da69aa962db95ecfb349e8dec95670bb0ac310ad08e87f343ac42125c5aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6461da69aa962db95ecfb349e8dec95670bb0ac310ad08e87f343ac42125c5aa/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-11-24 04:58:30 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mrq5u2nksyw3sxwpwne6rxwjkzylwcwdccwqr2d7gq5miijfywva._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251124-flmbwayla1/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6461da69aa962db95ecfb349e8dec95670bb0ac310ad08e87f343ac42125c5aa

(this sample)

Mirai

elf 92280bfd9013c86f0ca3229656a2b9a7f27bf617d98a048493bdbdba1f99ed15

  
URLhaus
https://urlhaus.abuse.ch/url/3715530/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a3c0d93741e9137a018e52a141f3e9b2
  
Dropping
SHA256 92280bfd9013c86f0ca3229656a2b9a7f27bf617d98a048493bdbdba1f99ed15

Comments