MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8aad8b019c4cb7ccd20606f9e57b66e7905d0725d64e6b2cb769b176c951d24b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	8aad8b019c4cb7ccd20606f9e57b66e7905d0725d64e6b2cb769b176c951d24b
SHA3-384 hash:	0f0d08d61b48718e2cc2cfa14b4abc7827f02c4b29e01e0e501b13237f32b77722220dc5ec970fc3c75c486e229bc622
SHA1 hash:	93ea86f6b0ba1884b21f69733c6af182c7bb444c
MD5 hash:	e6529b3578796bb4d422157a93282ab6
humanhash:	apart-don-december-blue
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'374 bytes
First seen:	2025-06-22 19:46:29 UTC
Last seen:	2025-06-23 02:25:46 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:ItcnIZscKlbhcJCkc61lfcIDmsck/Tc/9/GgJcbs6cUPnLcR9RNIpKkscCNMEc2U:iCZ0d7Pq91KLL6JB7sKBBgJsHk
TLSH	T1446172F7134246739DAA8AE732EC8406618584DB99CEDFB55BFC38B50C4CEC9BC42652
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.115.188/00101010101001/morte.x86	8a16774410cd820e08f6d56a5c70791182d491a0b92624845d2278433fa11922	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.mips	4fcb2fab9c54bdd1bed2dd70e3a208ae1bbfa3306e0d482c7152a7985f517a31	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.arc	332f1ca455cd804a621bd848d2cd667ee38cdba152d200b2b1bb39ed8e53f397	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.i468	n/a	n/a	n/a
http://196.251.115.188/00101010101001/morte.i686	1137bbdbb0788a00096b8dc8521af26f2047722060f95896ade3b86a53040949	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.x86_64	ebeccbc485ffea80fa094342e864c68db5a2a561197056b831a3967228ce9a1d	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.mpsl	94d22a6d1e2725deee385638549d660df5dc78d955b307bae574f2956c959199	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.arm	eefc4bd621c42b34760de2a5b8e955555cba30150f2bec63e918e8f44a974d86	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.arm5	7c93d0fa6fbd0cd6d45f96d7a0677fec79cd536b610103f39b0caf3e885141f2	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.arm6	d52ae20b7fd6bc9d57380bd4b5c1d47187e29b7b996fcd73a56a4c9b96d8f656	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.arm7	8156bd4567395b4983eb386b02c95979218635554c3490cc856016628733d973	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.ppc	80643ff2a299931cd7b6af1417a97edaefc2c95e8f1fde7693e4f5422a1ca826	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.spc	a623f77747f399b2f378b2a3924f8655a9be9822700a4ad2cc115a8f6b668319	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.m68k	b32ab1775610fb38c5f1facd4365514fbae05a338e61667a96dede08f1c0a61c	Mirai	mirai opendir
http://196.251.115.188/00101010101001/morte.sh4	07cb862d0f4699d6f009b62d79e593b001b5b3ba224f63b5bab45d71507fa618	Mirai	mirai opendir

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68585de7b06783b9ebd6a3b0linux22vpnfull_triage

Tags:

downloader ransomware agent

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/26075814-541e-4ff1-affb-570e44a34a0f

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8aad8b019c4cb7ccd20606f9e57b66e7905d0725d64e6b2cb769b176c951d24b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8aad8b019c4cb7ccd20606f9e57b66e7905d0725d64e6b2cb769b176c951d24b/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-06-20 00:23:00 UTC

AV detection:

15 of 24 (62.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rkwywam4js34zuqga346k63g46if2bzf2zhgwlfxngyxnskr2jfq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250622-yj5pjstn14/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/8aad8b019c4c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Mirai

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/8aad8b019c4cb7ccd20606f9e57b66e7905d0725d64e6b2cb769b176c951d24b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.