MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc
SHA3-384 hash: c0e247b5577694adc72e375c373b1085574a4984965948089ce192aba9b272d792375f64d9afc3b0858fb9ebbcb45111
SHA1 hash: e7f8d5fa19cf1f0ceb18f77bbb479b4e2102dbd7
MD5 hash: 7246ce795caea2cad9dcc42549721b2c
humanhash: beer-neptune-hydrogen-cardinal
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'784 bytes
First seen:2025-12-04 06:31:38 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:iD313ax3A3O32B3yE3h3g393e3I3M3T3Ewz:wlqxQ+GBjRQtOY8DUW
TLSH T1ED717F91D90341741D1B1762EABA23EBF082B3E274EB7B1B358828F5788CF009485DD1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc90b7e578af0714b52a06ee50dce6db037bae1aabf28c3876f3d2f42740443bfa Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86c13c619bb3beb9caa94910facaaa8b7947f06e475277a0cab0f0729e6e56df0b Mirai32-bit elf mirai x86-32
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64a6464a1fa55443cb28d7eab9c74045f446e9f08dff075670b82035afbb20351d Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.i68694749f41f357a3f0d8b62d2bc3251852b0711755468aae0a390bbe42331dd549 Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips2af6638b891578e2146bbdb84c32f92840ddc9040d85780c89141d587a1c13f9 Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64n/an/aelf ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl436962fa88d60ef9cd91886d4fa31d8868c72fca45eea552d9a8bbe5a30fb3a7 Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm2dff6876d3830bbb02698b21dd3a09ee743975344ea83076e4b77626ed755ceb Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm561ca745008c8f309c964c58de8279db2fde24e3b123c86c57c34838765cc651b Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm67e70e33fd40d93084c8879ee80eefc22718a5ed210b94f4fb31e8f79d4392005 Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7e65f5bf7c484e697effd8733a6117524f29ba61390a88c021054a8c8eb59ceee Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc60a5fe543c74174f8b121fa0542a1bc362b9e1f238002afca436eb8283a1da1e Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparcn/an/aelf ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k4f779b276c0965994ff7c14af23bf20909398b6c29ee53d92a7c0595737f7be8 Miraielf mirai ua-wget
http://103.77.241.151/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh43963379220b151f757c9af0814754680fc2de2e3b19ec7386a3faa90c7688816 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69312b03bc15eab491f40f24/reports/29f23127-ebd4-4aab-b5f9-a2ebc965af40/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-04T04:14:00Z UTC
Last seen:
2025-12-04T18:04:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-12-04 06:21:28 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vzssrpshj2t6bid7gaiawzfywakgwzz32c5pxuqajehqwikv4x6a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251204-hatb6abz7b/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ae6528be474e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ae6528be474ea7e0a07f30100b64b8b0146b673bd0bafbd200490f0b2155e5fc

(this sample)

Mirai

elf 90b7e578af0714b52a06ee50dce6db037bae1aabf28c3876f3d2f42740443bfa

  
URLhaus
https://urlhaus.abuse.ch/url/3724765/
  
Delivery method
Distributed via web download
  
Dropping
MD5 770fc2fcb82f2719e9452fa7fc4cee47
  
Dropping
SHA256 90b7e578af0714b52a06ee50dce6db037bae1aabf28c3876f3d2f42740443bfa
  
URLhaus
https://urlhaus.abuse.ch/url/3724842/
  
URLhaus
https://urlhaus.abuse.ch/url/3724843/

Comments