MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97501e74a88751d926b630297cd6e19192d3ffa5ec082edb4b90ee509223352d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97501e74a88751d926b630297cd6e19192d3ffa5ec082edb4b90ee509223352d
SHA3-384 hash: b0d81ed15ce265fdf7b8ef769579ca42f02d3bca55e18a4f7dfd8aac5061d4e210dd8ba51c4e0ba6a719152a9ca11ab3
SHA1 hash: 577e37430d9b1f8f74e6133bae157317dfdeb4b8
MD5 hash: dc4da3dadf389b8ea2bbcac272458920
humanhash: artist-georgia-artist-social
File name:oayhng.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'166 bytes
First seen:2025-04-20 06:37:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:q0F4nSOnhv0F4nh3Onh/Ii3v0F4nQiOnZ7Fv0F4n7iOnMd1CFv0F4nvdOnv/v0FW:v3RIikH7ymyf3cM8LUdglYVXs4zkn7e
TLSH T18241D3E3124616357DF236E3637AAA4C3583A1BA1DC52E0489E834BCE1DCE940CC0AB7
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
https://files.catbox.moe/2bhx9y.x86115e92114c3802954f3259be86cc769affa1958803ad32359d3e29de8f2c116a Miraielf mirai ua-wget
https://files.catbox.moe/4omzl4.mipse6d6ed3bf93d930e8c3974b9bf27f523680cff5f7867cf1b3c36989e45fc901e Miraielf mirai ua-wget
https://files.catbox.moe/6v7ix5.arc3398ecf445031152899deae88a3ddd9cfbe1238affdde964066b5941d0f82616 Miraielf mirai ua-wget
https://files.catbox.moe/oc0ldr.mpsl5d2178b47517e80e43a3b9003193f0012a373e28384acec15eb1de14b55bd54f Miraielf mirai ua-wget
https://files.catbox.moe/uaa2kq.arm599f159a4e28dc07b5eb7a0a491b4c899c1476b18365456f40a1bae507f33f83 Miraielf mirai ua-wget
https://files.catbox.moe/ta106c.arm5135ec0e9c4251841e5ccc68939ac0d928ec6286a5af03eccf72eb2c0db37e8d6 Miraielf mirai ua-wget
https://files.catbox.moe/1qciiq.arm66922c0c2e60132bef1ae7274e01e5a9afb7d1365bd69cc9abd55ccd78d240074 Miraielf mirai ua-wget
https://files.catbox.moe/4c7wo7.arm7b4477f6aff47cbddb8ab253fe036491d2c1cf0568ac3e5d2ecad1e707ccdd45a Miraielf mirai ua-wget
https://files.catbox.moe/fiq76q.ppcc60409f67208533b75daeea86fd6ea1160bdbefeba26d47af32751c7e3304d7a Miraielf mirai ua-wget
https://files.catbox.moe/sgn4so.spc30bf5d013bae8e761b8ea4e797f7be278e6fc0b967e32eb0ad7b92983c094261 Miraielf mirai ua-wget
https://files.catbox.moe/50casy.m68kab1f904714411049eb8b5f69112d06899cbb2d400aa530868ea0272ae0413f8d Miraielf mirai ua-wget
https://files.catbox.moe/b9cpju.sh456c2bf0e92f46f532de19da4c4b7b4f291fffd783625ca7f2a6fe273894ef3e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68049653280f5f89a0d2485clinux22vpnfull_triage
Tags:
medusa virus shell
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/97501e74a88751d926b630297cd6e19192d3ffa5ec082edb4b90ee509223352d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97501e74a88751d926b630297cd6e19192d3ffa5ec082edb4b90ee509223352d/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-04-15 04:54:13 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s5ib45fiq5i5sjvwgauxzvxbsgjnh75f5qec5w2lsdxfberdguwq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250420-hd4x3awthx/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
Executes dropped EXE
Modifies Watchdog functionality
File and Directory Permissions Modification
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/97501e74a887/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 97501e74a88751d926b630297cd6e19192d3ffa5ec082edb4b90ee509223352d

(this sample)

Mirai

elf 115e92114c3802954f3259be86cc769affa1958803ad32359d3e29de8f2c116a

  
URLhaus
https://urlhaus.abuse.ch/url/3518935/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ddfc6a717fd70d1a8189678028b3f924
  
Dropping
SHA256 115e92114c3802954f3259be86cc769affa1958803ad32359d3e29de8f2c116a

Comments