MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621
SHA3-384 hash:	ee53b199d2b7c56cfc45646e90902d4de15fb6fb0d68d8f416efc1c2f779bc831e3866d9ddbd8f263020d08139bc633e
SHA1 hash:	e4e022884f2e721892898f2b0d5f3a8c26d5ba7b
MD5 hash:	89c7344fbe37f859b71b07d8a911ccca
humanhash:	island-tennessee-equal-football
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'344 bytes
First seen:	2025-09-26 06:19:51 UTC
Last seen:	2025-09-27 06:54:11 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:It3ZsVbhTkhlftms9T0FGgJH69nLKDNIpKksJMELhzsspcGgJs0spk:iinAjFV0F1axLKJjFIspBgJsdk
TLSH	T10B6172F623C106779CA289D232A84504B2D9E09B54CF5FF55BDC2AE52E4CFC9BC42B41
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://89.213.174.225/00101010101001/morte.x86	cd2c99ab859d6dd28255d69e9e7f549695f87f339a0dc91766807e789d827a04	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.mips	f7e8bdd3c471eb15a664c8b38e2a068be130cd568b78c40a56bfa852604abf1a	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.arc	6bac36a9da6baf62b802eb49e4be1b916ef48359ea88afa524ce06932a663137	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.i468	n/a	n/a	elf ua-wget
http://89.213.174.225/00101010101001/morte.i686	6910d0fd17d05762ddaa59499e6c598d5cf384738798e2631ceaeda1e10a476d	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.x86_64	80e0b3e1815760e8d6200118fcd7ebd67f3ff943551f0105a5ade4e52ec87961	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.mpsl	782f17e0bf0ab1220f126b70d30c6b0bd1201de8c1ae65f0c088cb2dc3f22004	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.arm	f4cf19e5c13a745e6a73b89bf7ed820d461f3dc9bb2c4380da369427785a6bf5	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.arm5	89b07e9752c1c269364c64abf35a23949fdd1bff15431cc99ea351134337490f	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.arm6	51a95c7fa8678e36792e75114dcb9a8a340b51c2a0c34e2061bf3eeaa2f2e2dd	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.arm7	b4618e7cdbfc97c1502c84aa95db42545803c26f8101865c11737aa9f7e109d9	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.ppc	4f733b6403ab10c8c6784d88db610b80a3d891a6c50c034d60a61f91b3617625	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.spc	3ae19d7041ed54a585eb8199f47aa79a5194d54c35551dce95bf0d4734df8caa	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.m68k	883e61d4155f62b361a56a8e9dfe09d627967b72373ad3be703710b415e081ad	Mirai	elf mirai ua-wget
http://89.213.174.225/00101010101001/morte.sh4	60b91391b0914e8a56249cc3edf24c577aeebcf02c2d74b5fa9b1a602e759c35	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-25T15:41:00Z UTC

Last seen:

2025-09-25T15:41:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/b89b2397-989c-48f8-914f-ebc5eb0d01b6

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-09-26 02:30:50 UTC

File Type:

Text (Shell)

AV detection:

22 of 38 (57.89%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tf4vcwhrvrezu5xifogfe6gsdl2t26hoza6bt4yp2ns5ed5iuyqq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250926-g35p8aep2y/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware Config

C2 Extraction:

uraniumc2.ddns.net

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/99795158f1ac/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/99795158f1ac499a76e82b8c5278d21af53d78eec83c19f30fd365d20fa8a621

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.