MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138
SHA3-384 hash:	26c7e0121530d74f7ab4d8578f0d63ab740a4a87e21d3f0c29de146c765ce3119124446cb40eaa2eeef806371d383618
SHA1 hash:	a9a6419de5fd618f88dce1b7d3cdec1be36d7ac1
MD5 hash:	b58ba07be8303485152b51892a899f05
humanhash:	fillet-early-comet-comet
File name:	q
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'905 bytes
First seen:	2025-12-15 00:53:35 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:1tLXBLLsLHZdLhGLjwqLSDLpXpr4xRbN/SjZh10fwgWHdXok1Z8rwuQXORsmY3LL:1x16HjuccYpXCR5Kj7mIgYdXzllXeZuh
TLSH	T1F5A115D9BCB15777CEF09E2DF6A54A7B2081E294AC76DF94E41D30BCB4ABD44B200905
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://158.94.208.162/z/89/mips	1ef86f38b7e44a7511f09e4bec9a1da105e70db6d522467ac14b4ea42df632c9	Mirai	elf mirai ua-wget
http://158.94.208.162/z/89/mpsl	b3af651dbf2ffce881ed5539fcb7a3371f94f301eb4f7ac757d6aba63e5e1038	Mirai	elf mirai ua-wget
http://158.94.208.162/z/89/x86_64	9c033cf8304f0ed83cbba11c153b4fa29d766a90e57b1e8b715b9d25ef05ed76	Mirai	elf mirai ua-wget
http://158.94.208.162/z/89/arm4	n/a	n/a	elf ua-wget
http://158.94.208.162/z/89/arm5	71ecf29f0548ecb0051046067bf46b3966c596a554bde739db08900b38198918	Mirai	elf mirai ua-wget
http://158.94.208.162/z/89/arm6	28d8a15cfb38b9e56722fac60e7b53c84f53fcd678a62f67e82312be67b88bd7	Mirai	elf mirai ua-wget
http://158.94.208.162/z/89/arm7	8730e029d0f40e909494760198bd41b3a6aa44843a8968910cff20dea0fc35ca	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

38

Origin country :

DE

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox medusa mirai

Link:

https://www.filescan.io/uploads/693fb6b9cf690d27f3dfba5e/reports/96783fe8-8107-4746-936d-0d63467152b8/overview

Verdict:

Malicious

Labled as:

Linux/TrojanDownloader.SH

Link:

https://www.hybrid-analysis.com/sample/bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138

Verdict:

Malicious

File Type:

text

First seen:

2025-12-14T16:55:00Z UTC

Last seen:

2025-12-16T08:34:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/03b5e135-336b-4be8-a947-296cf0464c19

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-12-15 01:21:16 UTC

File Type:

Text (Shell)

AV detection:

12 of 23 (52.17%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xohb7qhoorlgfljged54uh7yjmdxmhfq2hi6iev4jblzzbazwe4a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251223-r7cv4stpas/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bb8e1fc0ee745662ad2620fbca1ff84b07761cb0d1d1e412bc48579c8419b138

(this sample)

elf b8efd9fc22ee259562c41a184ae8cf9d9228efbd58a20ccd2074476f63ea3c13

URLhaus

https://urlhaus.abuse.ch/url/3732736/

Delivery method

Distributed via web download

Dropping

MD5 7f1f09309771a31ba2b12e132a6398e3

Dropping

SHA256 b8efd9fc22ee259562c41a184ae8cf9d9228efbd58a20ccd2074476f63ea3c13

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample