MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a
SHA3-384 hash:	41c7b5ceb7ff1e66d6590e3ce9b4dde3279f86b5bfe343d9162cfa9d91980b7ef608a67c43cc0a24be3c354a7f706e17
SHA1 hash:	a356b125f1fffa2cdcb2fe26fac195437d6c4d92
MD5 hash:	a649d2baddfc4f64ddea083be5f06788
humanhash:	potato-hamper-king-vegan
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'019 bytes
First seen:	2025-09-12 10:15:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:iXchmlXqnElXfCXlXjePlXaeazvZlXaYaFvjlX9NQ9z4gelXujclXPSvlXjejzqE:i2mlKElaXlKPlKfzvZlKlFvjltoz4ZlJ
TLSH	T129514497233185756CEB7653FDF9DE1C3180A0911D9BBF08D6EC34A9A18CD8A3888E53
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.187.229.191/hiddenbin/Space.arc	a6ec68635f2000d140eb6010d0133db3ec9170f1f73f752938f35fa165722dcd	Mirai	elf mirai
http://160.187.229.191/hiddenbin/Space.x86	6619c1ca05935f567d8aa610a9a91ab297d09226ee196f6ca7f66288bbff3bb1	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.x86_64	3a60b1e61bf7498f19ec5151b203b526ed64cb0c666ddc1b5ccffb2ce20ff4c4	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.i686	1d8804244fad816f6dac0d4538435467f210e2c5631c7f8fb5c48277b94afc45	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.mips	987cc77bdb569bb8693e990d56a2d3a8f79e53ec580ef92ed5f71120c6122026	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.mips64	n/a	n/a	elf ua-wget
http://160.187.229.191/hiddenbin/Space.mpsl	c903653ebefa08080845123a3b2e1011d6318436de5012ac96491e727cea2f15	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.arm	3d3c44ce46874dcf7147f04fc3f66477ad85aa0146e3880605a12630795eace0	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.arm5	d9cb6aa3b5c9c952ee72dc75e946855079afcea380bf362ba13ec2e915aeac22	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.arm6	767463d9d83c67006f32e92ba4f7332bb28568b7632867798041be58188fe9ed	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.arm7	e8ec2a855b2b427d02e225cf7f2b5877dfd8beeb556bc5a590a137aa39968558	Mirai	elf mirai
http://160.187.229.191/hiddenbin/Space.ppc	99969aef5a3338f8c9c25adb94e32679a89640d6c05e4ecd8321a7e78e9bf941	Mirai	elf mirai ua-wget
http://160.187.229.191/hiddenbin/Space.sparc	n/a	n/a	elf ua-wget
http://160.187.229.191/hiddenbin/Space.m68k	48c5fa2872a9eb948bd41c836b3291de395afcf2ea9883bf0feb45b7ca05fd2d	Mirai	elf mirai
http://160.187.229.191/hiddenbin/Space.sh4	0bc7b344a1c851ac386fcc2629daa6e48fdd67fafa061d2b7ecdb4d729bceb3c	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-12T08:00:00Z UTC

Last seen:

2025-09-12T08:00:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/f8097934-bc47-4ffa-8023-d3668f1de432

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-09-12 08:40:27 UTC

File Type:

Text (Shell)

AV detection:

23 of 38 (60.53%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qvk674uc5fzgnttbynxwhkgjlhy53pfennc3jxerz7uhgo5atyva._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250912-mat1xasps8/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8555eff282e9/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/8555eff282e97266ce61c36f63a8c959f1ddbca46b45b4dc91cfe8733ba09e2a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.