MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1
SHA3-384 hash:	cba0ff1f376a00dccc02407427b0212e0a27a66f62fb85dff0056294a68e4da84fd46797e426fe83d636d4f3f83fd7de
SHA1 hash:	55c48306da6c4e670fd167c66cf187029bb80fa8
MD5 hash:	dfb7a89636093dba661252bb7edd62d4
humanhash:	failed-sixteen-cup-crazy
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'314 bytes
First seen:	2025-09-25 18:40:44 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:ItZZsvbhRkHlfjmsnTFuGgJF6PnLDYNIpKksHME/hFsDocGgJsV9pk:icdy9rTFu1IvL+JB5eDoBgJsZk
TLSH	T1776184F6234286339CAACED332AE8504754580ABD4CF5FF55BFD24B98C4CEC9AC41652
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.72.82/00101010101001/morte.x86	27ed1e4b1f179555a2c68978b5639802b211d8dae49b65d88a0313e924864d47	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.mips	666767bd28d0fb24ca972246aa73932d71a30ddca5a0f4b6a730eef506305d10	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.arc	fa75437e2e7019dd5e7543aca3dbcf58bf8a86efd50e1a8fb08b877e00dc661a	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.i468	n/a	n/a	elf ua-wget
http://196.251.72.82/00101010101001/morte.i686	313f87e22b3cb8932e9aefbc8743c37e701daf40f5902986b0338ac090240409	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.x86_64	bd7d31ddbc5878f9d635f1ca4aabab67490fbe075ee0d9aa00f0fbca4d3bb209	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.mpsl	68c74f5b9af34b7862d3f2ac9ef6414cfcb58125c78d80d4e3374dacdbcd91da	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.arm	d9ab1253763b1af3f90a6345db9a1eacc9e5bce76d3cc21de177fe6e39b3df11	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.arm5	73bc5ac30bd6862a81ea07096697a459ff2f4e0f22ef5207ba1fa7e890de3f7f	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.arm6	84fa88f488dcac685b9dc425fa13411d9f9cc428fcac9f27f1c919718e1189b5	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.arm7	f38a2852519f14d654ae30f22933bbf9dff308d63ba7d1bf6bb31efd06a08d4a	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.ppc	aad1ec25bc56693cc40828a6f8d4fb5afae9196ed415e7606eaee465d7e5fd4e	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.spc	93fe2714b44b7d85763ffd53134c78bada32da20ca0eebddb1fd6c2570d116b8	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.m68k	d2c8df309b9e28bd66087c9f45b70f788dda3d4988f65642f79c83904394fa72	Mirai	elf mirai ua-wget
http://196.251.72.82/00101010101001/morte.sh4	29edec46b9370fc454f0e2b3b0280a0d49e6c85139b0a2edc46fc75e1829c1f8	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-25T15:48:00Z UTC

Last seen:

2025-09-25T15:48:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d1e8a16c-9d23-4ac2-becc-aecc8f03d533

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-09-25 18:41:42 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v2nnwhopabnspf3qrvfd6jxybdosv7xbihtzj5c7re3auigv4piq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250925-xbt3eavtbz/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ae9adb1dcf00/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ae9adb1dcf005b2797708d4a3f26f808dd2afee141e794f45f89360a20d5e3d1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.