MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7aec8dd6fd455cd313e5513cbd65c798f50a364b396b231a2cf3baf353cb548f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: 7aec8dd6fd455cd313e5513cbd65c798f50a364b396b231a2cf3baf353cb548f
SHA3-384 hash: e5d64e9a2a352ef531ca9a37f4423c48e6036507eb6394468e2ad899dabc152dcce4dcd64ca10ce00de9a7e75585df62
SHA1 hash: 79face13a6d331417e0fdb5dac6c7ac9e4a95d25
MD5 hash: 3461c1df2914c8861be6b50d24683bf7
humanhash: wyoming-burger-utah-stream
File name:2.sh
Download: download sample
Signature Mirai
File size:3'365 bytes
First seen:2025-11-17 07:13:51 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xDJStMXSsBbuSP+NSU5lASynYSGTUSTnTGxJSpA/S2jMSlnlNIpJS8xMtSgduS7e:NJbo1Mam+TQJTGpYCNGzBgJVFjv
TLSH T1656170F72388063B5CB6C9D672B90444B19491AB54CE6F73ABDC34B61D8DECC7C42662
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://41.216.189.110/00101010101001/morte.x866b9da634454d727ef4945e5aea7eef814bc95b55663d85423971641f31b80b5a Miraielf geofenced mirai opendir ua-wget USA x86
http://41.216.189.110/00101010101001/morte.mips1ec0f2561ddb1be3af92a07951e2f75bd929ab8a4709996e16702ff43d955653 Miraielf geofenced mips mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.arcce21f83e3dfcb6285e3d448c4b2d13b17baccd72b59c197f4943f354a7f57081 Miraiarc elf geofenced mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.i468n/an/aelf ua-wget
http://41.216.189.110/00101010101001/morte.i686c09490aa3ea0e45aa2512f7a369a34399f6b0b4dd9f654d8946202096d3d48a6 Miraielf geofenced mirai opendir ua-wget USA x86
http://41.216.189.110/00101010101001/morte.x86_645fa965225e35c97914d3d6b771c39e2971d4b8914609922852fe1efbc9a6010d Miraielf geofenced mirai opendir ua-wget USA x86
http://41.216.189.110/00101010101001/morte.mpsl59ba07d5b5d679c3815d5ae90b3a8724a83e81171ab409534c06d1db60716036 Miraielf geofenced mips mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.arm0439be6a9f9aaf5623ce70f54f82ab5268a44e746bde17138516f52896edeeec Miraiarm elf geofenced mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.arm5f5a3b1941dce7671aad2f0c427452a8f4643d0bd6506fd563f669c22d6db4a05 Miraiarm elf geofenced mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.arm6963e41aeaa3f297bff3ae1f0acc83b9a4d94f941d00aea025bc8a091757860f7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.arm7dfafa5b4d7a552dfbbc3f03e47adc80fa21ad45da03c1ebcf927377229d8c867 Miraiarm elf geofenced mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.ppc2aa3ff96943219421cda83751760f79478dcdf85a62563d2e64cc27c17e154dd Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://41.216.189.110/00101010101001/morte.spc4fe283d9131ca04a8dc9da34a9ca9b8b92db99f1a39bd434e20f0c39095b9f2c Miraielf geofenced mirai opendir sparc ua-wget USA
http://41.216.189.110/00101010101001/morte.m68kceba64aafe8d83bf0ea695c0290fd23e591b6afb660962ef4fd7ec27e4675610 Miraielf geofenced m68k mirai opendir ua-wget USA
http://41.216.189.110/00101010101001/morte.sh4a392585d6003c1ce9fe4983cb7edf01cc8d36b2f33fbda420380fb48dbc6be79 Miraielf geofenced mirai opendir SuperH ua-wget USA

Intelligence


File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive medusa mirai
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-16T23:15:00Z UTC
Last seen:
2025-11-16T23:42:00Z UTC
Hits:
~10
Threat name:
Linux.Downloader.Medusa
Status:
Malicious
First seen:
2025-11-17 07:14:26 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7aec8dd6fd455cd313e5513cbd65c798f50a364b396b231a2cf3baf353cb548f

(this sample)

  
Delivery method
Distributed via web download

Comments