MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec
SHA3-384 hash: ca26ad423253686b8693e6f4d0b4083c4e9ba3a8f83e11a50558f6ea97451ba87491f2ecd9110830c55d10f4b1a356fe
SHA1 hash: aedb439bac086e0adde91372ebce589f82b44aa6
MD5 hash: 45a8ba83cd26be24ff0aea69100679cf
humanhash: hot-illinois-delaware-lithium
File name:exp.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'343 bytes
First seen:2025-12-24 13:25:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:od7R78Tdej2diOiNI8dEOdMr70df0dIydcOcNVdaCdGCG7dOSdvf:o0TVi/fa/uFNVFuFN
TLSH T1DE217FCE101ED731364E9E6073F6E598B5E3D8E21A560D33DFD48866C4E8A4437ADAE0
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.127/ntarm37490b35b3b2ad15b38e07c6d2614e277d2a43c76355f140c7c7ef6d7cf0f5ac Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntarm5e5e9346a47bce22519a79482111400fa4d1cb57614773f44d27c47574d1fa442 Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntarm64822e668692794fad83477e8ba761b11c25d57428ee6665f0f0cef3e7ba4873a Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntarm781aad7c6c7e13e69d0759539801b14a00e44d1363adf39ba5ecddb1874709e91 Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntsh4b7f840ae5abdf8f07a1ec90a5841a7f875ccec5c064482eee8f935d12f9c8fa6 Miraielf geofenced mirai SuperH ua-wget USA
http://130.12.180.127/ntarcn/an/aelf ua-wget
http://130.12.180.127/ntmips67d445a8aafcd3e7c47746cfcda4ad4a92f00fe2b67fb4f4564d9a5b6f219491 Miraielf geofenced mips mirai ua-wget USA
http://130.12.180.127/ntmpsla97f2be659972982b61aee906b13d8ea4e9e16a2d1284c33f8ed99d8ea41ff59 Miraielf geofenced mips mirai ua-wget USA
http://130.12.180.127/ntsparcn/an/aelf ua-wget
http://130.12.180.127/ntx868198e09fd8d9e79cd05d5b00f01c4199706fc156a45ac0bf74f251c8f36d385e Miraielf geofenced mirai ua-wget USA x86
http://130.12.180.127/nti686n/an/aelf ua-wget
http://130.12.180.127/nti586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/694be9cee126b9ff438ff0a1/reports/339dc262-3709-47bb-99c5-481fb2203949/overview
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ce039e1d-74df-410a-9da3-61589b020b8e
Behavior Graph:
Download SVG
%3 guuid=faafa703-1900-0000-df2e-b4a1ca070000 pid=1994 /usr/bin/sudo guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001 /tmp/sample.bin guuid=faafa703-1900-0000-df2e-b4a1ca070000 pid=1994->guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001 execve guuid=38caa106-1900-0000-df2e-b4a1d3070000 pid=2003 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=38caa106-1900-0000-df2e-b4a1d3070000 pid=2003 execve guuid=4501c30c-1900-0000-df2e-b4a1da070000 pid=2010 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=4501c30c-1900-0000-df2e-b4a1da070000 pid=2010 execve guuid=6642b719-1900-0000-df2e-b4a1ee070000 pid=2030 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=6642b719-1900-0000-df2e-b4a1ee070000 pid=2030 execve guuid=e3c9101a-1900-0000-df2e-b4a1ef070000 pid=2031 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=e3c9101a-1900-0000-df2e-b4a1ef070000 pid=2031 clone guuid=5975cf1a-1900-0000-df2e-b4a1f2070000 pid=2034 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=5975cf1a-1900-0000-df2e-b4a1f2070000 pid=2034 execve guuid=9067671e-1900-0000-df2e-b4a1fd070000 pid=2045 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=9067671e-1900-0000-df2e-b4a1fd070000 pid=2045 execve guuid=7d37d523-1900-0000-df2e-b4a10c080000 pid=2060 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=7d37d523-1900-0000-df2e-b4a10c080000 pid=2060 execve guuid=e4a82224-1900-0000-df2e-b4a10e080000 pid=2062 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=e4a82224-1900-0000-df2e-b4a10e080000 pid=2062 clone guuid=eae8e724-1900-0000-df2e-b4a112080000 pid=2066 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=eae8e724-1900-0000-df2e-b4a112080000 pid=2066 execve guuid=d22c8728-1900-0000-df2e-b4a11a080000 pid=2074 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=d22c8728-1900-0000-df2e-b4a11a080000 pid=2074 execve guuid=60c05f2d-1900-0000-df2e-b4a124080000 pid=2084 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=60c05f2d-1900-0000-df2e-b4a124080000 pid=2084 execve guuid=46bbbf2d-1900-0000-df2e-b4a126080000 pid=2086 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=46bbbf2d-1900-0000-df2e-b4a126080000 pid=2086 clone guuid=c50acf2e-1900-0000-df2e-b4a12a080000 pid=2090 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=c50acf2e-1900-0000-df2e-b4a12a080000 pid=2090 execve guuid=44425c33-1900-0000-df2e-b4a12e080000 pid=2094 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=44425c33-1900-0000-df2e-b4a12e080000 pid=2094 execve guuid=30d0a039-1900-0000-df2e-b4a139080000 pid=2105 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=30d0a039-1900-0000-df2e-b4a139080000 pid=2105 execve guuid=79b6f139-1900-0000-df2e-b4a13b080000 pid=2107 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=79b6f139-1900-0000-df2e-b4a13b080000 pid=2107 clone guuid=84fffc3a-1900-0000-df2e-b4a140080000 pid=2112 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=84fffc3a-1900-0000-df2e-b4a140080000 pid=2112 execve guuid=2006593f-1900-0000-df2e-b4a141080000 pid=2113 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=2006593f-1900-0000-df2e-b4a141080000 pid=2113 execve guuid=fde44c47-1900-0000-df2e-b4a152080000 pid=2130 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=fde44c47-1900-0000-df2e-b4a152080000 pid=2130 execve guuid=601eb947-1900-0000-df2e-b4a154080000 pid=2132 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=601eb947-1900-0000-df2e-b4a154080000 pid=2132 clone guuid=7272c847-1900-0000-df2e-b4a155080000 pid=2133 /usr/bin/wget net send-data guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=7272c847-1900-0000-df2e-b4a155080000 pid=2133 execve guuid=c096c14a-1900-0000-df2e-b4a15c080000 pid=2140 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=c096c14a-1900-0000-df2e-b4a15c080000 pid=2140 execve guuid=5862864e-1900-0000-df2e-b4a165080000 pid=2149 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=5862864e-1900-0000-df2e-b4a165080000 pid=2149 execve guuid=d804ce4e-1900-0000-df2e-b4a167080000 pid=2151 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=d804ce4e-1900-0000-df2e-b4a167080000 pid=2151 clone guuid=c33ad94e-1900-0000-df2e-b4a168080000 pid=2152 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=c33ad94e-1900-0000-df2e-b4a168080000 pid=2152 execve guuid=63c23b52-1900-0000-df2e-b4a174080000 pid=2164 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=63c23b52-1900-0000-df2e-b4a174080000 pid=2164 execve guuid=e9ecd156-1900-0000-df2e-b4a181080000 pid=2177 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=e9ecd156-1900-0000-df2e-b4a181080000 pid=2177 execve guuid=e4de1057-1900-0000-df2e-b4a183080000 pid=2179 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=e4de1057-1900-0000-df2e-b4a183080000 pid=2179 clone guuid=1ce4d157-1900-0000-df2e-b4a187080000 pid=2183 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=1ce4d157-1900-0000-df2e-b4a187080000 pid=2183 execve guuid=2f12b75b-1900-0000-df2e-b4a191080000 pid=2193 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=2f12b75b-1900-0000-df2e-b4a191080000 pid=2193 execve guuid=3d999960-1900-0000-df2e-b4a1a1080000 pid=2209 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=3d999960-1900-0000-df2e-b4a1a1080000 pid=2209 execve guuid=eea3f960-1900-0000-df2e-b4a1a4080000 pid=2212 /usr/bin/dash guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=eea3f960-1900-0000-df2e-b4a1a4080000 pid=2212 clone guuid=a05c8f62-1900-0000-df2e-b4a1aa080000 pid=2218 /usr/bin/wget net send-data guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=a05c8f62-1900-0000-df2e-b4a1aa080000 pid=2218 execve guuid=aaa79165-1900-0000-df2e-b4a1b5080000 pid=2229 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=aaa79165-1900-0000-df2e-b4a1b5080000 pid=2229 execve guuid=f7610b6a-1900-0000-df2e-b4a1c4080000 pid=2244 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=f7610b6a-1900-0000-df2e-b4a1c4080000 pid=2244 execve guuid=14a3756a-1900-0000-df2e-b4a1c6080000 pid=2246 /tmp/ntsparc guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=14a3756a-1900-0000-df2e-b4a1c6080000 pid=2246 execve guuid=f261c56a-1900-0000-df2e-b4a1c8080000 pid=2248 /usr/bin/wget net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=f261c56a-1900-0000-df2e-b4a1c8080000 pid=2248 execve guuid=60688d6e-1900-0000-df2e-b4a1d3080000 pid=2259 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=60688d6e-1900-0000-df2e-b4a1d3080000 pid=2259 execve guuid=ab34d178-1900-0000-df2e-b4a1e9080000 pid=2281 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=ab34d178-1900-0000-df2e-b4a1e9080000 pid=2281 execve guuid=92301279-1900-0000-df2e-b4a1eb080000 pid=2283 /tmp/ntx86 delete-file net guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=92301279-1900-0000-df2e-b4a1eb080000 pid=2283 execve guuid=37eb5579-1900-0000-df2e-b4a1ed080000 pid=2285 /usr/bin/wget net send-data guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=37eb5579-1900-0000-df2e-b4a1ed080000 pid=2285 execve guuid=efca6a7c-1900-0000-df2e-b4a1f7080000 pid=2295 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=efca6a7c-1900-0000-df2e-b4a1f7080000 pid=2295 execve guuid=81253f86-1900-0000-df2e-b4a106090000 pid=2310 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=81253f86-1900-0000-df2e-b4a106090000 pid=2310 execve guuid=d03dba86-1900-0000-df2e-b4a109090000 pid=2313 /tmp/nti686 guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=d03dba86-1900-0000-df2e-b4a109090000 pid=2313 execve guuid=1a2c7d87-1900-0000-df2e-b4a10b090000 pid=2315 /usr/bin/wget net send-data guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=1a2c7d87-1900-0000-df2e-b4a10b090000 pid=2315 execve guuid=9a769f8a-1900-0000-df2e-b4a10d090000 pid=2317 /usr/bin/curl net send-data write-file guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=9a769f8a-1900-0000-df2e-b4a10d090000 pid=2317 execve guuid=e9d9c594-1900-0000-df2e-b4a123090000 pid=2339 /usr/bin/chmod guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=e9d9c594-1900-0000-df2e-b4a123090000 pid=2339 execve guuid=84798795-1900-0000-df2e-b4a124090000 pid=2340 /tmp/nti586 guuid=51d83a06-1900-0000-df2e-b4a1d1070000 pid=2001->guuid=84798795-1900-0000-df2e-b4a124090000 pid=2340 execve 5e5f7305-15b5-5488-9f49-ae1b177ec723 130.12.180.127:80 guuid=38caa106-1900-0000-df2e-b4a1d3070000 pid=2003->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 134B guuid=4501c30c-1900-0000-df2e-b4a1da070000 pid=2010->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=5975cf1a-1900-0000-df2e-b4a1f2070000 pid=2034->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=9067671e-1900-0000-df2e-b4a1fd070000 pid=2045->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=eae8e724-1900-0000-df2e-b4a112080000 pid=2066->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=d22c8728-1900-0000-df2e-b4a11a080000 pid=2074->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=c50acf2e-1900-0000-df2e-b4a12a080000 pid=2090->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=44425c33-1900-0000-df2e-b4a12e080000 pid=2094->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=84fffc3a-1900-0000-df2e-b4a140080000 pid=2112->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 134B guuid=2006593f-1900-0000-df2e-b4a141080000 pid=2113->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=7272c847-1900-0000-df2e-b4a155080000 pid=2133->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 134B guuid=c096c14a-1900-0000-df2e-b4a15c080000 pid=2140->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=c33ad94e-1900-0000-df2e-b4a168080000 pid=2152->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=63c23b52-1900-0000-df2e-b4a174080000 pid=2164->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=1ce4d157-1900-0000-df2e-b4a187080000 pid=2183->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=2f12b75b-1900-0000-df2e-b4a191080000 pid=2193->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=a05c8f62-1900-0000-df2e-b4a1aa080000 pid=2218->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 136B guuid=aaa79165-1900-0000-df2e-b4a1b5080000 pid=2229->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 85B guuid=f261c56a-1900-0000-df2e-b4a1c8080000 pid=2248->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 134B guuid=60688d6e-1900-0000-df2e-b4a1d3080000 pid=2259->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=92301279-1900-0000-df2e-b4a1eb080000 pid=2283->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284 /tmp/ntx86 net send-data zombie guuid=92301279-1900-0000-df2e-b4a1eb080000 pid=2283->guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284 clone guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9c578459-fc2d-5995-9925-ebe708f9b2a3 94.156.152.67:18129 guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284->9c578459-fc2d-5995-9925-ebe708f9b2a3 send: 15B guuid=b9575b79-1900-0000-df2e-b4a1ee080000 pid=2286 /tmp/ntx86 guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284->guuid=b9575b79-1900-0000-df2e-b4a1ee080000 pid=2286 clone guuid=8edd5f79-1900-0000-df2e-b4a1ef080000 pid=2287 /tmp/ntx86 guuid=f0494f79-1900-0000-df2e-b4a1ec080000 pid=2284->guuid=8edd5f79-1900-0000-df2e-b4a1ef080000 pid=2287 clone guuid=37eb5579-1900-0000-df2e-b4a1ed080000 pid=2285->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=efca6a7c-1900-0000-df2e-b4a1f7080000 pid=2295->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=1a2c7d87-1900-0000-df2e-b4a10b090000 pid=2315->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 135B guuid=9a769f8a-1900-0000-df2e-b4a10d090000 pid=2317->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-12-24 12:51:43 UTC
File Type:
Text (Shell)
AV detection:
10 of 36 (27.78%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vw2grb2i6fdfo4otkiwtdhu5rxcye2l7rdercmetyz6brgijg3wa._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh adb4688748f1465771d3522d319e9d8dc582697f88c9113093c67c18990936ec

(this sample)

Mirai

elf b8a732a632c0cd50dfb807cd068f4bad0c1ec3050affebb735d7032401798e2f

Mirai

elf 37490b35b3b2ad15b38e07c6d2614e277d2a43c76355f140c7c7ef6d7cf0f5ac

  
URLhaus
https://urlhaus.abuse.ch/url/3742379/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3742382/
  
Dropping
MD5 d48c1d5f11905783d9fdea688151c776
  
Dropping
SHA256 37490b35b3b2ad15b38e07c6d2614e277d2a43c76355f140c7c7ef6d7cf0f5ac

Comments