MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7
SHA3-384 hash: 9ee5e440d24b97897d34c1301ef223063a16a897fb9127b57ae9797e16d2e304b233cccff55f1baefd1953ebeb66b695
SHA1 hash: 2e609ff5f63459db6191a4e173660d09f1ed200c
MD5 hash: b58907faa64f0f4357281970faa46c5e
humanhash: mars-ten-twenty-blue
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'623 bytes
First seen:2025-10-17 06:03:24 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:/pJibpID9Epe0e/a/qVp+hEpGpApsOsxzJpRKHpuRgpD8vpUfmpW5QpT5mtp9GJX:/+bW9ECBaEiA6zJuHqgCvimwQ2tmJAPm
TLSH T13551908918855B396CFAD82E73B9A408B0F990CB74DB6F16DCDC74E6848ED54BC0079E
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.141.49/main_x86f31b2a135b8ddcb9722663b8ec4520b8924a2c38b8dd3c99e6bf6d19544aa91e Miraielf mirai ua-wget
http://176.65.141.49/main_mips0ebf90fd660237531739c37f1425f2d4e5f6ff31d1bae5b5a98c935bc21867ad Miraielf mirai ua-wget
http://176.65.141.49/main_arcn/an/aelf ua-wget
http://176.65.141.49/main_i686n/an/aelf ua-wget
http://176.65.141.49/main_x86_64ee7c32f57efb86a285514da96e2598f7d81688c177ec3de92e4f828cd23b47f7 Miraielf mirai ua-wget
http://176.65.141.49/main_mpsl43eb865a957058c8def3999c593386106d5b29598233768cc051e88a1ab96508 Miraielf mirai ua-wget
http://176.65.141.49/main_armdd0d12712ab5d8e4b26dbd5a059bd53d7e064ec8db2f2cf2a42e043c8dea2b7f Miraielf mirai ua-wget
http://176.65.141.49/main_arm5b3ae8570a382da334ef90b15c0fa21202d5115d32e2c7031e15576d6824adf18 Miraielf mirai ua-wget
http://176.65.141.49/main_arm6e742ad42f67f70b3affdc31018fdea67666ab740b48adf4d0488c08fe21db994 Miraielf mirai ua-wget
http://176.65.141.49/main_arm79783c5a5f2e0a5e430ad7a84a5ef5572eec1ee2600e00c24b69f7140ca96bb6b Miraielf mirai ua-wget
http://176.65.141.49/main_ppc94f74449bbff8ee640fa827d4eca9a376df175ddad43dbcda1a2a2372e588cd8 Miraielf mirai ua-wget
http://176.65.141.49/spmain_spccn/an/aelf ua-wget
http://176.65.141.49/main_m68k042febd0f4564e3ee998b8e38962c58a73b41cf1caac748c3cd4f54122d6c281 Miraielf mirai ua-wget
http://176.65.141.49/main_sh49d89128c9ddd6b99a29bb271a8f5555dfd27dffde8a1bccff44661e9c84a4c3a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-17T03:57:00Z UTC
Last seen:
2025-10-17T04:57:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a75fd3ea-cebc-40c5-a252-a0b287da25a5
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-10-17 06:04:24 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yvjmz5js7fsyj7m6jer6xtjl3yhqxbmhx5rtybitltxcp27lphtq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251017-gsdtrafv3a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c552ccf532f96584fd9e4923ebcd2bde0f0b8587bf633c05135cee27ebeb79e7

(this sample)

Mirai

elf f31b2a135b8ddcb9722663b8ec4520b8924a2c38b8dd3c99e6bf6d19544aa91e

  
URLhaus
https://urlhaus.abuse.ch/url/3657447/
  
Delivery method
Distributed via web download
  
Dropping
MD5 41745a858b3419c18068d0540859cffe
  
Dropping
SHA256 f31b2a135b8ddcb9722663b8ec4520b8924a2c38b8dd3c99e6bf6d19544aa91e

Comments