MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b
SHA3-384 hash: fa82407ac9a622e8c23b3e1ef1999c4a8cc842adffbddf823574eb115052c900e338f299006a855931080224174b8338
SHA1 hash: 6d94cf4412e22ad061a732b22258423c644688d9
MD5 hash: 6e8e9d4d5a2d0b5697639f5caa1feafa
humanhash: undress-vermont-carpet-alabama
File name:massload
Download: download sample
Signature Mirai
Create hunting rule
File size:2'910 bytes
First seen:2025-08-01 04:52:17 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:W4qXU3dAxfYxsfzUvacYgka2pfaX2GaQHxo1Q7sDvAP2:W4qlxfYxsfzUvacYgka2pfaX2GaQHxoH
TLSH T1F45196840FD2467A7DB9AF33F5AAC298768A9087ABC1DF5644FD3CF1504CE08A492953
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.115.36/HBTs/top1miku.arc22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.i586809ea53b8504a335103fb7400ed77bafae562e22443988ebce61577a1e950236 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.x86_646874b1163b73786d72b89d1aac59d84e71c1a441be25bc612c24270909d77335 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.i686d35606a53e34a64f61406a84c406478ebeab1759e43c7b9d8821bf7b707ae2ac Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.mips8833ab23e04d218c18e782a07ba82a0a0635f17d37a65e99ff59099cbb3daf3a Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.mipsel0769cf479597eb4a09ebfd4aade04ed32913121feeadee993bcff3a5171ed1d9 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.armv4lb44b7abed7fb7b4ce7ddace42c8b012c4a0c933bf11b636b76b88928c44f1b46 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv5lf674ac1a986d52a6b9c771d34a0200124ba850f323c46d4861be0629f86d8584 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv6l4efe343901cd1e8b14225d8788f7521d2df9e6eb4b3092bd10daf7644050a9c3 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.armv7l53a1a9058313b55e43e3190ed913a3f01835cbff31bdec7b9de08a3656d4eb00 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.powerpc3c4866b60ac379643446fbbb1fd2ce38bd586ce2b91ecfec5aedbf304d022b36 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/top1miku.sparcn/an/aelf geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.m68k64b9835344669837dfc0eff895ad3deb3689e914d87c07ced068a68f9c772dec Miraielf geofenced mirai opendir ua-wget USA
http://196.251.115.36/HBTs/top1miku.sh4f060682bfe5b7cc17deee33cc26f55d017e725428e8092226fa57f3b458e6750 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
26
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b6bb9ff4-41e0-4707-b9a6-76d6b71ee011
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-01 04:53:19 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=syk6nzadruco3tywnqacks2npkovdpaqetam42ghurqax6zs5mvq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250801-fhkzmsvjy4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9615e6e4038d04edcf166c00254b4d7a9d51bc1024c0ce68c7a4600bfb32eb2b

(this sample)

Mirai

elf 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74

  
URLhaus
https://urlhaus.abuse.ch/url/3592531/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4a4791844870c281e29e9308494c91f2
  
Dropping
SHA256 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74
  
URLhaus
https://urlhaus.abuse.ch/url/3594102/

Comments