MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb
SHA3-384 hash: 5803f8a23705d7235ead4aa15e8f73f31dba65368dd517cd6c9d9fe538863fb1ac10a23739e922ac03381f3f4fe79610
SHA1 hash: a9c6104d7246b48f20219c70f6dad8a04e6847b0
MD5 hash: dd305f0d888a3635102cdf4cc9776e39
humanhash: avocado-vegan-sierra-green
File name:cnd.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'958 bytes
First seen:2026-02-08 01:07:50 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:BbToobonauSroDCrOoTboQTotjoaPo0lomGrzoIdo5HL:BYVnTS8ilY1GHvmmE7J
TLSH T1D95160E5A978C2757E9D5D3F726E03853DD3AC6F58A07F0488E6BC92004DC28749D926
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://167.71.115.223/main_x862153b4cd87fa3a4f1cb33ead4ba721aa0f05f4e6305f40956fbaa2ebb2625660 Miraielf geofenced mirai ua-wget USA x86
http://167.71.115.223/main_x86_64950ae1b85bad802ad87e67a11e4ddcc931edc1ddfa98070d8ec8c50a41503b13 Miraielf geofenced mirai ua-wget USA x86
http://167.71.115.223/main_mips35e4054f8d15c625e0cd6414632ce22c34a19d01c73cee849b77d3dad766692f Miraielf geofenced mips mirai ua-wget USA
http://167.71.115.223/main_mpsla54d355a00dbffc5b36729744ec1d3998cf7d7e05dfa2a6ecfb2cf030709bf41 Miraielf geofenced mips mirai ua-wget USA
http://167.71.115.223/main_armdd45c834d7f6ed0c8d31263fcda6abdb591b60e16860feb5ea37776056d6ad97 Miraiarm elf geofenced mirai ua-wget USA
http://167.71.115.223/main_arm57103ee0f5cbc4b9d1bf43d077242b918f4629ae607e1f947918c69bc1402cd43 Miraiarm elf geofenced mirai ua-wget USA
http://167.71.115.223/main_arm6a6cd7de3926608d1cae5abc503f551f15a99ae1f8d540e1f6460c5daa16f9ea4 Miraiarm elf geofenced mirai ua-wget USA
http://167.71.115.223/main_arm7ce8aaa109a2aac2e0b8437e0aebc29edc1d747e3f2d95a2f7c05e6eb98d15ecf Miraiarm elf geofenced mirai ua-wget USA
http://167.71.115.223/main_ppc5be52984477f5c6e6a04a1aab68cf3183ce33c09fb9562ae9e67f74886566525 Miraielf geofenced mirai PowerPC ua-wget USA
http://167.71.115.223/main_m68k688183fb7d0b2a7d8116e0f7840ec023b63f03d35d0e7ec0ec2247e87fbb0335 Miraielf geofenced m68k mirai ua-wget USA
http://167.71.115.223/main_sh40d27d0dd64b65bd5e7a3064e8d99acf8dd48bb4b4f607695ab1d32a82412d0b3 Miraielf geofenced mirai SuperH ua-wget USA
http://167.71.115.223/main_spcn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-08 01:08:55 UTC
File Type:
Text (Shell)
AV detection:
15 of 36 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oanegoaaimsxra26v6mn2lnsiif4znyaxywodrtrijpzobpoxx5q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260208-bhd4wahx7c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 701a433800432578835eaf98dd2db2420bccb700be2ce1c671425f9705eebdfb

(this sample)

Mirai

elf 2153b4cd87fa3a4f1cb33ead4ba721aa0f05f4e6305f40956fbaa2ebb2625660

  
URLhaus
https://urlhaus.abuse.ch/url/3774144/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c7911e986708f553150c8defada2e523
  
Dropping
SHA256 2153b4cd87fa3a4f1cb33ead4ba721aa0f05f4e6305f40956fbaa2ebb2625660

Comments