MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8
SHA3-384 hash: 87197f7e7295a45ccf671179a6387b43f2e5da071975b0cd593d385b0a95ad176fb58893f3aaa4fee11669b587905bec
SHA1 hash: 3463e8c5eed4bccf3f232dca0f0329298fbe6e89
MD5 hash: a6a7813cd31e079aeeb8be9345891aef
humanhash: don-nuts-leopard-hydrogen
File name:update.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'151 bytes
First seen:2025-11-28 06:50:57 UTC
Last seen:2025-11-29 05:44:18 UTC
File type: sh
MIME type:text/plain
ssdeep 24:otitctwt+tGtyjDtutStGt+tcNIstwHtI:otitctwt+tGtyjDtutStGt+tetwHtI
TLSH T15B2165F904679338CA17DE90E2B7DE606917C18C51045EC679AEED3EB0C9D14BC30AB0
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.100.191/no_killer/Exodus.x86_64a79e587a952f0f540251071d2d2f2a1470ca48627033391ea132278a7ad59733 Miraielf geofenced mirai ua-wget USA x86
http://196.251.100.191/no_killer/Exodus.x862414fcb4a686bfc03b4ffdd1ef84e3c96edb8f3d8e9f68986de590a42e11a58b Miraielf geofenced mirai ua-wget USA x86
http://196.251.100.191/no_killer/Exodus.spc317e10c4068b661d3721adaa35a30728739defddbc72b841c3d06aca0abd4d5e Miraielf geofenced mirai sparc ua-wget USA
http://196.251.100.191/no_killer/Exodus.sh4244bf271d2e55cd737980322de37c2c2792154b4cf4e4893e9908c2819026e5f Miraielf geofenced mirai SuperH ua-wget USA
http://196.251.100.191/no_killer/Exodus.ppc2544a1729bf96a5ecbacf2418dd0a47f00af10b2a7d0a386350082ad8d4108cd Miraielf geofenced mirai PowerPC ua-wget USA
http://196.251.100.191/no_killer/Exodus.mpsl9fca4ac73ac712ae1560705dfc6ae4b41a3ee3456e16ba53849d4794e7afa947 Miraielf geofenced mips mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.mips953e6ca756d3b298f0e872ddf414ae3f1377baf8d34a594fb9bcf4a48954f87c Miraielf geofenced mips mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.m68ka113d390ee11769c87aaa0e21e87e6e3e6622dc0d6099be5234d8ab732a9b376 Miraielf geofenced m68k mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.i6868414da0e36f1b0e03928a0e1aac9d51f29ce1c44cf393da8572ae448feb5f832 Miraielf geofenced mirai ua-wget USA x86
http://196.251.100.191/no_killer/Exodus.arm777199c4fd2c1546f14f102074d84d7c8a7187ff3f352bea351694670408e1109 Miraiarm elf geofenced mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.arm69e9c0408142a86b9567adc6252e1591ba5bd47b8f1fd2c40213c937341b22f21 Miraiarm elf geofenced mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.arm53218f0b060fdadc2277d71bb2d581dbac0b9f65cbe463672ec258eb8f5fae9d9 Miraiarm elf geofenced mirai ua-wget USA
http://196.251.100.191/no_killer/Exodus.arm43a2c84f36e52fe44fd206353057dd85e70e541bb2eb2d3cdc4a20285cbe47005 Miraiarm elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
2
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/69294671efb2056353582ef0/reports/9f3617b7-4181-4aa0-b4fc-0c750759a925/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-27T21:23:00Z UTC
Last seen:
2025-11-28T03:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-28 06:52:14 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s73rbh4w2mgzgdgfos4ww2ku6lzeitxwoenpb3jf4ka3on3zm64a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251128-hmqf2askhj/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 97f7109f96d30d930cc574b96b6954f2f2444ef6711af0ed25e281b7377967b8

(this sample)

Mirai

elf a79e587a952f0f540251071d2d2f2a1470ca48627033391ea132278a7ad59733

  
URLhaus
https://urlhaus.abuse.ch/url/3718419/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a9462db9dfc4ab3039fcd656ded7ce85
  
Dropping
SHA256 a79e587a952f0f540251071d2d2f2a1470ca48627033391ea132278a7ad59733

Comments