MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 2 File information Comments

SHA256 hash:	757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315
SHA3-384 hash:	c1804ea2de8b7363579d459e4a0f10c361901743f69034c5f05ed622a0b3bfdee14057b98030104cdfa091e699354de4
SHA1 hash:	55ad948bdb23eb6826325e9e266ddfa13604cf5f
MD5 hash:	4a00c198153af6a22e57c09f488b9747
humanhash:	lemon-mars-spring-friend
File name:	ohshit.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'940 bytes
First seen:	2026-03-31 12:13:44 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vp47047N7hp4v46Gp4gn4zPp4f4KWp414oUp47147o7Up4fO43bp4E49Rp4h4cgJ:vq7/7N7hqw6Gqg4zPqgKWqeoUq7e7o7U
TLSH	T1925182C592856D326CB7FA23F6B6C128308190935CEA7F99DDD8BFE4868ED247240753
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	BlinkzSec
Tags:	mirai

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.139.96/hiddenbin/boatnet.x86	6638c6aae5f21777821af608664aa93598dad45dd84510045f8aa20b7ea8f71d	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.mips	45894380e529a897d0f9b04071efbec44d86940cef1923df015deedc350746e0	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.arc	n/a	n/a	elf ua-wget
http://176.65.139.96/hiddenbin/boatnet.i468	n/a	n/a	elf ua-wget
http://176.65.139.96/hiddenbin/boatnet.i686	81624654cd84695cb1c881a0c5eec8ec6d7e2df2d515f9ffb08c72e522a64a69	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.x86_64	a55f39dc610ec4dd3918dbba2997644d710ae61c2c5bc1e987b5e64a6db82baa	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.mpsl	cf4a7efd5a9eef3fa50ba1463aa7ffef36548c11486c76b43b90a83ae304d29d	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.arm	9779011a3f6b3fd45fc0fac60aad08cf3db37689ac3a5595c4d2a725b8d99e53	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.arm5	114e5ec5f210360cc42fcad1595665a43a3af92e537d47ef902ade871b8ac200	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.arm6	d04a50371f6a9b25d19475bc8455997d2a2ce339534373439ebe04220df3eecc	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.arm7	d619e3024f32eddf2054b7198d8820d5d2dd5c12d27920150317d13f75ee3c4e	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.ppc	782606738079703fc7ae546f5cd5904e530e318d19a48e4a64309a93c4c623d0	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.spc	32ace463b3ef724a87ad97fa7dd17a6578981cf060595fc092bb089692c04ce7	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.m68k	78471120e4d5bd409a59d2f12d1f7c5cea94c1f818fd92db8d3bf5647ebc5da2	Mirai	elf mirai ua-wget
http://176.65.139.96/hiddenbin/boatnet.sh4	0253355d66c4f314ddb4b5a15b7b1dc205f2c9fd7852319fe5b84b54f98ef93b	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

medusa mirai

Link:

https://www.filescan.io/uploads/69cbc15dbe4fad62665e0cf3/reports/ff3e4666-34ac-489b-bef0-e07cac5cd034/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-03-30T15:25:00Z UTC

Last seen:

2026-03-31T11:45:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/9c2e4975-0949-44ae-899b-7c5492fc6de4

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2026-03-30 22:00:00 UTC

File Type:

Text (Shell)

AV detection:

23 of 36 (63.89%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ov66qkco6nmvx2r5xtwld374ugtvso5dhnhr7x7hxxhsrohdumkq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/260331-pegmgscz9w/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/757de8284ef3/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/757de8284ef3595bea3dbcecb1effca1a7593ba33b4f1fdfe7bdcf28b8e3a315

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Linux_Shellscript_Downloader Create hunting rule
Author:	albertzsigovits
Description:	Generic Approach to Shellscript downloaders

Rule name:	MAL_Linux_IoT_MultiArch_BotnetLoader_Generic Create hunting rule
Author:	Anish Bogati
Description:	Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:	MalwareBazaar sample lilin.sh