MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 2 File information Comments

SHA256 hash:	74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0
SHA3-384 hash:	421fef86a8e058f7de1cef697dcdb1b37d0610302403b2753ce126f6a0ee59cd9348d70bb265acc547b09e186954d51d
SHA1 hash:	f4d9c6b09d3cbbc83a1a75fb9166bc6599f62e87
MD5 hash:	db160e18a457a512d731d0e5c4a7a6f9
humanhash:	network-green-ack-india
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'044 bytes
First seen:	2025-09-15 02:50:23 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:i+O7+TuM+gr+Pt+5F+Bp+c5cE+WQg+JVL+4BJ+/R+xN+oKs+iz+lkB:i+O7+TuM+gr+Pt+5F+Bp+yr+WQg+JVLP
TLSH	T1CA51508910678235AD95EFD3E2AB8818338BA09E77CE6FC754F96CB4494CF44A540B73
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.84.55/renji/renji.x86	9c56f9aec59697a9c7834032e480e1c8be43218c912b57c818b457dd417bb6d1	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.mips	b4020cab0a431addf1854ce352f4e87580db3762ddbd5062090ed874c8c3480a	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.arc	32d84ec7a5f4c8c081fac153b98d3ad0855360e17b1ee505bc431544f71f2f65	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.i468	n/a	n/a	elf ua-wget
http://196.251.84.55/renji/renji.i686	99229a86edfbca412a9e9cc20ec1c76dff595b7cbccd7719848ecdae36f142fa	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.x86_64	c4b7dbf2dbd59126e3ffaa0fd5baf1800fb8a140005506e38025524f2f78cbc8	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.mpsl	dd23caa67b7a5a0f811dcad50f3d2ce0ff72d472810c1871ef5fbe243fc530f8	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.arm	b5c6eb898b6158357616cbdf56790f9aa61ccfe391e311f52df9d97ee7265d3a	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.arm5	a89f36b53e621b01342bed5b96bf001ff17f179003fdf1a6315211532a885a68	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.arm6	52c66a00a2ba15039ab043ac874b908b0c24b793c28442439d6476cb5d57ec47	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.arm7	d2ecab8ce321bf41f8a954aefe157093b6fdac17ee72fddd07e4c904be4a63bd	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.ppc	a7f411886349db308c3eaacc78dda73ad746cf8ac9656bc4065b8c6a096bb673	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.spc	f25f8be191753e7c2c2f692ecac5504588b20a307e1aa7c23fbdfd0eeffa4505	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.m68k	f6b54458fc39b77bec5ff4aa62675500be17141a934a6eae674d39675f747541	Mirai	elf mirai ua-wget
http://196.251.84.55/renji/renji.sh4	3807a288db8989920d148451c3835f0b7575c901dff9bd5fa9fd0ba96c26356c	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-14T23:55:00Z UTC

Last seen:

2025-09-14T23:55:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen

Link:

https://opentip.kaspersky.com/74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/25a9df20-6337-47bc-8d0b-1e75b0822b95

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-09-15 02:50:53 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oqmyzjujyrw75ag4bxixpl4iq36k4jmjnkqkhfyyt2ettvt5h3aa._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250915-dbz4wa1p14/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

UPX packed file

Deletes log files

Enumerates running processes

File and Directory Permissions Modification

Deletes Audit logs

Deletes journal logs

Deletes system logs

Executes dropped EXE

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/74198ca689c4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/74198ca689c46dfe80dc0dd177af8886fcae25896aa0a397189e8939d67d3ec0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.