MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d
SHA3-384 hash: 1dc56dbc139c40ad23b5c3f23d84d519612ba7c653f258e09d96553519bc32fab1b3060839ae9776e424b6806661aedf
SHA1 hash: d268681f9ca261641153eff72bd5dec3df57a6dc
MD5 hash: 6e3e70875b174ea5cece61700737f8bc
humanhash: blossom-whiskey-one-illinois
File name:hidden.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'354 bytes
First seen:2025-04-11 11:43:29 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vpa/4pVw98pNONjOp27kp3iILpSHcJpxcepFAs3pAV+pEp0pHSKppECpz0z5ai:v04M98qOokEILGmge4CO+Q0UKwCUz
TLSH T1C841F4C52A814339ACF6DA2AB1F58858F0A1D8C7A4CBEF14E5DCBCA5908DC587840BD6
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.141.183/main_x86a03d0a1356cb1a22f0bc4a232f561c406a6072816dd109e619186e00ccf6621a Miraicensys elf mirai moobot
http://176.65.141.183/main_mipsa9246d5d98dd3a07391a6bd7a86c9ae4488df7e2a5c5babfb3250be4773d1ff7 Miraicensys elf mirai moobot
http://176.65.141.183/main_mpsl6b9b34312bccb963518166aed28bfb26597113393dd52a1e915a21f626150990 Miraicensys elf mirai moobot
http://176.65.141.183/main_armdcb50cb8051684e5a00aa177dc76a7d16f6402050fc478a608f6c9b87a621119 Miraicensys elf mirai moobot
http://176.65.141.183/main_arm51b754fade3c32ad195938ce9045cc81e6158367c72edee9019f904c78f48405c Miraicensys elf mirai moobot
http://176.65.141.183/main_arm60ef683cbb05703c1d3eb11761c918ac0d05045dde58d93bbc685fe21b5e8b6da Miraicensys elf mirai moobot
http://176.65.141.183/main_arm79c5ab60db0c154601652024f9ec695dfc7990cc379ea718531d393d0f073d27f Miraicensys elf mirai moobot
http://176.65.141.183/main_ppc3188267507e7b287eb8e1fdbe6a2ed1a3b1fc987ed32ffd5885377ff5352c159 Miraicensys elf mirai moobot
http://176.65.141.183/main_m68kfc67e573af10c615e1508be14edf1b2013cc9391609fff7753c13ca9223b0fcf Miraicensys elf mirai moobot
http://176.65.141.183/main_spcn/an/aelf
http://176.65.141.183/main_i686n/an/aelf
http://176.65.141.183/main_sh4b5ec111066098220bd6a79c77c95c5390651ba063cfd416051742093b6729341 Miraicensys elf mirai moobot
http://176.65.141.183/main_arcn/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f9071d1dba888a93d079cclinux22vpnfull_triage
Tags:
medusa agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin mirai remote
Link:
https://www.filescan.io/uploads/67f9008c2d430c849e13c000/reports/561e83a7-8581-4ce9-b1f6-22e260c5fb03/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-04-11 11:44:13 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wya7b4khczzygvgb5cvaph4dh5jm54na6lp3j4acw6mfjhhkabwq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250411-nv79psyjs5/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Traces itself
Mirai
Mirai family
Malware Config
C2 Extraction:
main.jojoasmr.xyz
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b601f0f14716/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b601f0f14716738354c1e8aa079f833f52cef1a0f2dfb4f002b798549cea006d

(this sample)

Mirai

elf a34fddb1cc4936f11f7429dae938e8e7a7e6ff628a1b65052afd574fe8216842

  
URLhaus
https://urlhaus.abuse.ch/url/3494898/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3494886/
  
Dropping
MD5 1d01832ee1cdfb3422e2853f97c874da
  
Dropping
SHA256 a34fddb1cc4936f11f7429dae938e8e7a7e6ff628a1b65052afd574fe8216842

Comments