MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff
SHA3-384 hash: 20592354534daaeef999d0bab62a40465346b22ed84f46e4bf470337a02a7945b54d66441fb76762cf35aeb438a94e30
SHA1 hash: 8ba169bdb988c38e0cd46d05cb5a950bda1f30ae
MD5 hash: 33bd87c7b179ad738b2a8d7e5ded292f
humanhash: coffee-victor-dakota-august
File name:2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'643 bytes
First seen:2025-09-30 09:47:25 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:NJ961UONLGVM/95gJAAmeJNhxib7lYaRlQP:L96mOVGm/95grJfgnmaRlQP
TLSH T11A51EEDB129307312D6ADDBF72B9042C71C2E49698C79F09E8FC78EA198CE4C3041A93
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.94.31.73/bins/px8601b72c79eed35989c75829a991c896dde100a69c804e7da5a11d8ff8775ef648 Miraielf mirai ua-wget
http://45.94.31.73/bins/pmipsf9f91285c635db2501243e10cad6a348c6334dc7d196fcb56371bdfd0a5f084d Miraielf mirai ua-wget
http://45.94.31.73/bins/parcn/an/aelf ua-wget
http://45.94.31.73/bins/pi468n/an/aelf ua-wget
http://45.94.31.73/bins/pi686n/an/aelf ua-wget
http://45.94.31.73/bins/px86_64n/an/aelf ua-wget
http://45.94.31.73/bins/pmpslfa02abc79e59b9fece107740887b5c67337e1b5881304143ee207ea2757e1f33 Miraielf mirai ua-wget
http://45.94.31.73/bins/parm6a5d6f91177537c767aa986fc58a0ec357c9358bd8d22b896c8824a807e45a6b Miraielf mirai ua-wget
http://45.94.31.73/bins/parm5e1da8364c36d6713ed9a7c70f1754de483829a2ff4470817b2ec45e5471069b8 Miraielf mirai ua-wget
http://45.94.31.73/bins/parm65f254c4e33854807f8f3924c05682e7b4d0c0f8c5928e1920a1a9a494c798904 Miraielf mirai ua-wget
http://45.94.31.73/bins/parm7eab2c6ed803aa0b54354a9ab5cae9d59b4f6a501a8cd0cd7852b443d1788168e Miraielf mirai ua-wget
http://45.94.31.73/bins/pppc36cbb11b5a7c5a72dfe264378e0f47dd7a3b7fa3aa229f410a1cb36045a30d0b Miraielf geofenced mirai opendir ua-wget USA
http://45.94.31.73/bins/pspc7538128fa342c28659ca1e81c288f5224d9465faf65d4d30574a74d7643dd058 Miraielf mirai ua-wget
http://45.94.31.73/bins/pm68k53dab7c4471ba760a55de04a4275e2d65b969310b1ce6e9bdd0056b8bd1d13aa Miraielf mirai ua-wget
http://45.94.31.73/bins/psh4433387344154a5bb7a789f0ab8b595104f03503d27a6e1cdeec956900e0306ca Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-30T02:56:00Z UTC
Last seen:
2025-10-01T01:02:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3504a19f-f0bc-4e2b-97d6-d8e1207a2df1
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 06:48:57 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tub2qpmqqwblx5fp6h4hplt4dijyzegfgo2u4lmkir6gk4uzz37q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250930-lsz47sdq6x/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9d03a83d908582bbf4aff1f877ae7c1a138c90c533b54e2d8a447c657299ceff

(this sample)

Mirai

elf 01b72c79eed35989c75829a991c896dde100a69c804e7da5a11d8ff8775ef648

  
URLhaus
https://urlhaus.abuse.ch/url/3635445/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6977cb22effcf22ec82545a733083496
  
Dropping
SHA256 01b72c79eed35989c75829a991c896dde100a69c804e7da5a11d8ff8775ef648

Comments