MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4
SHA3-384 hash: bddac59584f54067f92e0d7705ba69b703232b64af87c9209ce8d7f0a26e2e30b3d66808060abe9db24e050185a70db7
SHA1 hash: 517119d1b35e05823891ee5cb4e035adcfe18b5f
MD5 hash: 2514a0dc22544f9f5a810441ed3c1dc4
humanhash: alabama-tennis-mango-thirteen
File name:2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'330 bytes
First seen:2025-11-25 06:53:14 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xjlSbCXSGTbuS5wNSWDlASA9YSYlUS9n9GxJSfu/SQtMSLnLNIpJSqvMtSWDuS9/:/vK9+Y0u9QJ30p6Ql2ZBgJVba
TLSH T1F46180FB034406735CB689D632BD0444B190819B1DCEAF72ABEC28E88D8DECC7C43666
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://41.216.189.88/00101010101001/morte.x869b43bef9c5fcff3217cdbefa1e1f8bc6351a9ab0e8f873972be83759325f4d8e Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.mips63dc940d8fc586157e601e5054758091ca3ec92a794f8f97b39da839799c7666 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.arc89c86e3c52b96982abd18417c28c2a9b3fb30a06f5944198182630f259cb22c0 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.i468n/an/aelf ua-wget
http://41.216.189.88/00101010101001/morte.i686ef355775c70039f1d2deb70ea3b4df78b3904738846caa421bba5e17c3027ed7 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.x86_6476a07b51fc60e465707e5c92aaf3383d0b5d5f7d2c75aa456b5ec61bbe2e3469 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.mpsl5201421a8c9f6767ddd3d6a8e3cdbf0881cc205a9521bf9801fcdf8bc791e953 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.arm9087ee67d776f0fac380a9c41b038b3cce52aead5e1507a67e96fd18bb00b314 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.arm5211b2c1aa6d2d14e86a7949c5501e78d233caa81287a82b8a64e4662cd28a11e Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.arm659a1494391287d88ade5c9f1c3e2a0421a0cbe06d754bcc0fada277f9341b2cf Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.arm7257c4f7395f590c313b751291d8c2087a6394f7447dcb2244504cf6e1ed0cb4d Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.ppc84b27a0c97b5b10ef73f00157541dc2daaf8c4a481cc52a6b40d492eb186e7d6 Miraielf ua-wget
http://41.216.189.88/00101010101001/morte.spcfe4cfbeb2bfe6d29b6e3e2dfb766ce143bf53497939ff26d486b11f8b6fd1cd7 Miraielf ua-wget
http://41.216.189.88/00101010101001/morte.m68kb500adcf946c82fa540bfd7fff2b193883caf4178aab3ab947d96425db8fedd8 Miraielf mirai ua-wget
http://41.216.189.88/00101010101001/morte.sh4c7bdb154068f113a84cc7d7668b8b728f52b16c9310945ba79670b7fbae045ac Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive medusa mirai
Link:
https://www.filescan.io/uploads/692552a5f6a4ba1793b00f7c/reports/12591bd1-68c2-4c19-8eb0-0c9951cf3376/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6c75a959-d080-4b80-9d0c-6d9817b17030
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-25 06:53:23 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptjqowqydap6yltk2vuswqg4sn3nnzb5xv3e676kks6ilu3jm6sa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251125-hntj3sxrfz/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7cd3075a18181fec2e6ad5692b40dc9376d6e43dbd764f7fca54bc85d36967a4

(this sample)

Mirai

elf 1a7f0bfa2d7aef0366353faf4c82b95dd33c320214c943256491f7fcc113383d

Mirai

elf 9b43bef9c5fcff3217cdbefa1e1f8bc6351a9ab0e8f873972be83759325f4d8e

  
URLhaus
https://urlhaus.abuse.ch/url/3712132/
  
Delivery method
Distributed via web download
  
Dropping
MD5 da4538ae08a74962fad776567d812cde
  
Dropping
SHA256 9b43bef9c5fcff3217cdbefa1e1f8bc6351a9ab0e8f873972be83759325f4d8e

Comments