MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b
SHA3-384 hash:	018b1e7e5f854c8f3b84955ea45a92293d3f02b300e31a6335ac2c6fb51ca074108b459b562c20aee584192a0c247337
SHA1 hash:	c98cb4aaada58039010800c0a4d6285925db2071
MD5 hash:	420df10085bd16eadb29008de43601b1
humanhash:	asparagus-vermont-undress-gee
File name:	syslogs.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'564 bytes
First seen:	2025-11-29 04:05:41 UTC
Last seen:	2025-12-02 13:28:48 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:iDO8DviD8wD/qDpmDR7qDtitGDaMD5+lLD2uXJDbaD/SDIMxDEIDjl3:ifO9+McBDyLr6OHxdd3
TLSH	T1695190CA12524F316CEED92F77B988883184E5FBB4C6DE24D9DE78AE448DE0DB040646
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://151.242.30.13/bins/x86	37f7a145112264b800b0d92a85bcc3ae6569fd50189e4080a9e13b0292df746c	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/mips	49b5d4b51083347f4aef30fb43fb58c9e330a220aa5c399dc3ada968d6a54216	Mirai	elf geofenced mips mirai opendir ua-wget USA
http://151.242.30.13/bins/arc	a24a51b3ea4777475bad5ad18c053d99707d85d0e816278e4a27058a919eb224	Mirai	arc elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/i468	n/a	n/a	elf ua-wget
http://151.242.30.13/bins/i686	51e5d00211eb3a69cd7796e2208a2010aa263ce3490cf19ced71bec279bd303b	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/x86_64	2cfe3d9f0100eb65810c632cd830a0ab516ce17a86536dee646ad819776b700a	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/mpsl	ce67ce77f0ab2080a75313c92dd557f2779d88d44a7ad532d08cc0be80675e4b	Mirai	elf geofenced mips mirai opendir ua-wget USA
http://151.242.30.13/bins/arm	65ec93db8296b4ae09dd7a92272be5305f2c2ecd32566d73b07ae32eaf991056	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm5	d4ac7e5c0f78e10f1fe63eb105a7f6c295ac5cc9b1cdc9eddeb2642acc51639e	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm6	1f984d0ca8c9f8b92d0f34afd449b540206b6634730e2975b309d494bc682e13	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm7	0a61672a8fa4115cc530b8b7651c20d5e9030af98f99ed92b35cdb6e8fc7c9e2	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/ppc	cea109a1388edb5a1829d952637a0d9b37a48d8eee6fed0c2fe7b250085c707f	Mirai	elf geofenced mirai opendir PowerPC ua-wget USA
http://151.242.30.13/bins/spc	07019ea27232f2c0f528115a443e5b61fc45a53b05ccc28f60496ddd8a08b40a	Mirai	elf geofenced mirai opendir sparc ua-wget USA
http://151.242.30.13/bins/m68k	31c7ba1ae705063552f31e6deca1602468cfa6f93ed33e59b89312bb7dd0d8aa	Mirai	elf geofenced m68k mirai opendir ua-wget USA
http://151.242.30.13/bins/sh4	14d4af82d5566a2cd3a4f81aef840a0f5d4c6f62f95eee5d7ae9e838bccabdf3	Mirai	elf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-28T19:38:00Z UTC

Last seen:

2025-11-29T03:53:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/44e44dd2-a7e7-409e-995f-f025528d2239

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-11-28 22:14:35 UTC

File Type:

Text (Shell)

AV detection:

22 of 38 (57.89%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xvepwpoqm6ucpvxkr2qd3tfwxhrnjd7v2aknjororj6lgl6sl6nq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery linux

Link:

https://tria.ge/reports/251129-en83zszrdz/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

File and Directory Permissions Modification

Executes dropped EXE

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/bd48fb3dd067/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.42

Link:

https://yomi.yoroi.company/submissions/bd48fb3dd067a827d6ea8ea03dccb6b9e2d48ff5d014d4ba2e8a7cb32fd25f9b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.