MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550
SHA3-384 hash: f8270006da3e262e3f179178eb5923cf3ee28049183f530773d15f4412cce76732edc3e2d532ae30a2acd2ecb0bc0074
SHA1 hash: f8a144f472938320abad209ee969c3539589293b
MD5 hash: b851f72f61623958ee09f4b569b4dfb8
humanhash: mirror-blossom-bulldog-pip
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'019 bytes
First seen:2025-09-09 07:03:28 UTC
Last seen:2025-09-09 23:20:57 UTC
File type: sh
MIME type:text/plain
ssdeep 48:sB7C7N7hBD6GBgLzPBzKWBloUB7l7o7UBfo3bBS9RBJcgBepVBLSOBX+CB4fTBAe:sB7C7N7hBD6GBgLzPBzKWBloUB7l7o7I
TLSH T146517689939B1C301977EE12E7BA511C3049D277A8E26BE5A9C4B6E6438DF383180B53
Magika csv
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://tehrancraftst.ir/hiddenbin/boatnet.x86cb9655c0c41db71cc2b31404c3e0c00a0bc48b31bfc08614d4b7a04abd03eaf1 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.mipsc2c64f46e764e2c2e35c941a51e54cd673a07cf4afda8917ca5a6d12d8f81ab9 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.arc209678f0f799b9fc7ed245166ae8d1dea05e997506b6158136777578b9514521 Mirai32-bit elf mirai Mozi
http://tehrancraftst.ir/hiddenbin/boatnet.i468n/an/an/a
http://tehrancraftst.ir/hiddenbin/boatnet.i686n/an/an/a
http://tehrancraftst.ir/hiddenbin/boatnet.x86_64n/an/an/a
http://tehrancraftst.ir/hiddenbin/boatnet.mpsl463549ee923875f37753a169ab12948bd7ce7b78b820f3b9b8b0bc808f7441b3 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.arm0296bb398cb75cfd440bfe672cc11a3842040a2e8ac966e7c909ed7e3fb571ba Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.arm5153a09ab302cdd3b57b3780e0df18db3c7202cc443ec9c9a2154b3ab17874bfb Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.arm6f22e121761e792ae745dc6122dc3ffa926c70bd09cc76a75f0a9ac0cfc1dc519 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.arm7a2fa7138d654723a38b2ae8dea75587ce1fb67676298ed98320ee31e0bce61c6 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.ppc968f8e013c63cb616ec33c3b4f0ec55e60c567369b97870795f7c2a30a1984d1 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.spcn/an/an/a
http://tehrancraftst.ir/hiddenbin/boatnet.m68k5d2799a6b653ed2f3a344b0c55d0792851206c0ef9dd0c3eba2bc0ce1f5a3704 Miraibotnetdomain elf mirai
http://tehrancraftst.ir/hiddenbin/boatnet.sh470e47b3f334a8eac64cbead5598dbc7d42e4e2f693eb89bbb9d161bb9e8d7bf0 Miraibotnetdomain elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-09T04:14:00Z UTC
Last seen:
2025-09-09T04:14:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-09 06:55:36 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pne4fu4jtsfdbkjfaogvvcsrsqcqnd4lqs2dehqnkrdumkximvia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250909-hxe32shl71/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7b49c2d3899c8a30a925038d5a8a519405068f8b84b4321e0d5447462ae86550

(this sample)

Mirai

elf 209678f0f799b9fc7ed245166ae8d1dea05e997506b6158136777578b9514521

  
URLhaus
https://urlhaus.abuse.ch/url/3620632/
  
Delivery method
Distributed via web download
  
Dropping
MD5 982d08fe10f1b38b058be32959334aee
  
Dropping
SHA256 209678f0f799b9fc7ed245166ae8d1dea05e997506b6158136777578b9514521

Comments