MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9
SHA3-384 hash: 7976b75d8ea88839c200f398e7c087964fc1487278b933ccffed78cd7e18ab3c953d1c05d0bfa30d285fdd5dc14004aa
SHA1 hash: 1685372d9caa32538f7d60bfa6c3f7cfd88673fe
MD5 hash: 8e511fc7a0590a5034ab0591ce83da23
humanhash: mirror-nine-west-connecticut
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'419 bytes
First seen:2026-02-23 01:33:53 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:igvUqPvUdPvUVvUPvUVPvUyZvUSvUhvUoPvU7vUtvU7yMvUcvU7qFCPvn:igvUqPvUdPvUVvUPvUVPvUgvUSvUhvUU
TLSH T13B419FCD129216306EA3DCAAB3ED988432D050F3B4C19D56D4D934FD888ED1837CA797
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter adliwahid
Tags:mirai
URLMalware sample (SHA256 hash)SignatureTags
http://62.171.159.81//arc493d16585f6517226e6f9a595945450aefd437ec1eedb05160c8a8c63e51e857 Miraimirai
http://62.171.159.81//x8632c7cc8b0c85be01b23c0b826fabaa757fd2dbb516a2ff38a26dd09a24d9cd33 Miraimirai
http://62.171.159.81//x86_64ee00209955d8efe53fe6ff284d72a33ac4a440f2e67a9d684020eb16bfb471a4 Miraimirai
http://62.171.159.81//i68662e2eec5a667765305303b5594797e31de5ce7d1a6c1fa3361c97570b5ac834a Miraimirai
http://62.171.159.81//mips4cd772c9fc218a2c4e7757cb23d19f89c8861013a4cfdce6d0a51dd38e137755 Miraimirai
http://62.171.159.81//mips64n/an/an/a
http://62.171.159.81//mpslcb1e37c0e272099d0179bb1a53e916d0208d615cbf9214837c6c4b985d33dd3e Miraimirai
http://62.171.159.81//armn/an/an/a
http://62.171.159.81//arm5e120e5c15e833ca008528e41b0b0859cd35068a00767b5fe7b73be8b618d2c13 Miraimirai
http://62.171.159.81//arm617f579e6a7d9f23ab61522c7e9411254524eddbcd5348d75e6369640995f38c4 Miraimirai
http://62.171.159.81//arm7736f43d55eb1d8c59630c9077ae28f03c2430ec1398165514214f0fb5b9aa26c Miraimirai
http://62.171.159.81//ppc7d2fa921fb4312bd0e56861b3bb90b7a1e8095d6c2eb7758498d50fed14f4471 Miraimirai
http://62.171.159.81//sparcn/an/an/a
http://62.171.159.81//m68kc1f6e0c2823e27d39d2f79c55ece6bfaa4034cbcdb4e3e9e337cc3f34e8e5541 Miraimirai
http://62.171.159.81//sh4edff2e6e0454710afc295a98cae5e641ca87b0f5ceed02699392bdd987026cb2 Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox medusa mirai virus
Link:
https://www.filescan.io/uploads/699bafc697feb4afd6529361/reports/464ca1cb-5365-4f62-8615-76b625eb4e3c/overview
Verdict:
Malicious
File Type:
unix shell
Link:
https://opentip.kaspersky.com/779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-22 03:08:11 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6nt6yq5bgxymfot7oad4v536twf7thmhquprdpzn22ozbncnwuq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:botnet antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260223-by72wsfx6a/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (69124) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/779b3f621d09/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Mirai

sh 779b3f621d09af8615d3fb803e57bbf4ec5fccec3c28f88df96eb4ec85a26da9

(this sample)

Mirai

elf 493d16585f6517226e6f9a595945450aefd437ec1eedb05160c8a8c63e51e857

  
Dropping
MD5 b8cde8b709ca93b44e02ef7a7371b74c
  
Dropping
SHA256 493d16585f6517226e6f9a595945450aefd437ec1eedb05160c8a8c63e51e857

Comments