MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b
SHA3-384 hash:	eccca44bba52c9c96b525d0334a5e4a7a74818d1e82ad0c094e12bd8965fb16d45512daf054e5c4fa40c1e195a53df21
SHA1 hash:	f81c9b0ef610b299321490d1a1d38d0498b21e1a
MD5 hash:	c36c1e853765e0ec144f0fe178f81609
humanhash:	arizona-romeo-arizona-high
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'529 bytes
First seen:	2025-10-20 04:55:33 UTC
Last seen:	2025-10-20 08:20:30 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:ItcNwNbix0scNbN6Igi8cNSNxl6TncNywNybYkyuewcNHxNH8H26HwHdscNZN079:iuN/sNaH4L0GbXUNiDrLMJJBgDQZ8
TLSH	T17191768608C20A295BF3DF52A3974A15B8E5F2C94EA2CF52B0D7BCB5318EF447883513
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.115.74/golden/deploy0check0spamxnxhaus.x86	0757935c464158bcca6da39ec76e4253ba56bc09803bf0d6669b890ad3599c99	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.mips	5f4af94285cde809fe59f628cdabb749de98975ef7b14662051a77040c3dc148	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.arc	8ea0f34ceea82b1188d8c6feca728b1a5146df08f9a25411e553087914b0685e	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.i468	n/a	n/a	elf ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.i686	161d64f5884f7021d1b5aa57fa98b08f411e35df5778285883f3bf55c256269c	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.x86_64	a58833fc74d4adc92242163a236acfa01c954c4e5fe57f57c1222bd4798649d6	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.mpsl	n/a	n/a	elf ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.arm	78700874563a0533809857c8c5e6c77595bcc81a41a45b28f703b7d5e3ac524d	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.arm5	ae97ab43ee823362be487dd88c353fbec116fec6f8b9f72492c06d1eb6ccd8bb	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.arm6	95ef733e0cb1b888c9d852cbdd7321d720ea0ac4813f4921da89ad48d44fea60	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.arm7	b086b3f127e9df4ba9c71ccf57eb111e85f8b6753286af43bd6458feba0ef6bf	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.ppc	e8ac65cec8b26f20f3676f24df8e2bcaef0d40f939ab4118115626de5291352d	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.spc	77f4582ed32a648651332662f063a2fc4894e1311539d5241be54cfa1a72f447	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.m68k	e71d8cf30af1dce46914dc3c606d0d4a6a7ab92e15a062df1e5c68a9de08bb09	Mirai	elf mirai ua-wget
http://196.251.115.74/golden/deploy0check0spamxnxhaus.sh4	0f37e52de645751fe8a322823b8cf943680afb04d784a43ada3425950838df55	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-19T23:16:00Z UTC

Last seen:

2025-10-20T03:06:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/549635f5-b6db-4c06-9865-4060ee1edabd

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-10-20 04:14:35 UTC

File Type:

Text (Shell)

AV detection:

14 of 24 (58.33%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v3mmepkois7tibsv7p2gzfjbhayszcojlmiwu5lmjf3blyji5e5q._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251020-fklzqafp4t/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

UPX packed file

Deletes log files

Enumerates running processes

File and Directory Permissions Modification

Deletes Audit logs

Deletes journal logs

Deletes system logs

Executes dropped EXE

Mirai

Mirai family

Malware Config

C2 Extraction:

network.spamhaussupport.org

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/aed8c23d4e44/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.34

Link:

https://yomi.yoroi.company/submissions/aed8c23d4e44bf340655fbf46c952138312c89c95b116a756c497615e128e93b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.