MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114
SHA3-384 hash: 66d7810441d850a282f2a4b3bdf414d70b9bacd1c1b371e62b8a7970e518a845b2783bee9b6fc73e46737f631f884971
SHA1 hash: cf2f748cd9ce143ba6dce2440909dbdf68dffcc8
MD5 hash: d5ae01edb81016f237c24b28e6997822
humanhash: robert-london-bakerloo-four
File name:2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'270 bytes
First seen:2025-08-13 07:18:12 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:xjlJXfbu9N3lAfYHUHMGxJ1/HMpSNIpJbMtjuxV1+cGgJV37pa:/1qjqA0HMQJRs166v1+BgJVla
TLSH T141616BFA23810A336CA7C9F372AA8408B18085DB5DCE1F755BDC2CA56C8CEC83D42652
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://5.180.82.94/00101010101001/morte.x867dee059214e018c5d8fe8a4f5134a3a796663b341ebc4c2e5f48890c2c1c6709 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.mips4374c2bcd82a9175104233dd41a244c79a4011229c1d0e79926824e5d952f3b8 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.arcn/an/an/a
http://5.180.82.94/00101010101001/morte.i468n/an/an/a
http://5.180.82.94/00101010101001/morte.i686f806434477e2b8013e7dc883552b7885e5d6411e8d9d8a6def8f160be26e73ed Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.x86_64807a9944e99238e83914e70e3e8208787d3016490ec9a7dc2a559feffc5c81b4 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.mpsl38d949366514b26db70a02d677339bfbf53cb16bdd417b4edca759c9a8f93b5f Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.arm38d3aed08e16eaa5b2701a1ac678078896acd95a3c318d1cdb095e1459eb40ac Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.arm5bdfbfd87808f947232e7342eb6428e4a27224e5ed0765faf2a8872937d375e9f Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.arm64451fa0d3358f75b4d585e4b1eaeaaf566fd16ef50aea60055294c93d6e2193e Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.arm77e14125d251f14643d726aaf2e99002713db2a9c2b7b61585d69824656fe1e27 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.ppc1c1d6f1ce292fddd46c85ca8117920339a39817127ad4e66b74c84aa72a95ebb Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.spcb357a66a99f635dd30e4673b0975e2cfb2c012ed3e87eab663ad2816e5675702 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.m68kd8bdc7de8f37ca4de666abd3e7be322fd048668e89567ee1868d57354ade14b5 Miraielf geofenced mirai opendir ua-wget USA
http://5.180.82.94/00101010101001/morte.sh41bc4e0ceccc4a14d711be436f2633dcc42cad7ea70eab59d30488f06652a5f57 Miraielf geofenced mirai opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/62c91888-ce94-45e6-9a35-7a876a9f1154
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-13 07:18:26 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yxd22evf6pejtr35mtn6mftp435ktwljeioarrf5zuy6qph4geka._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250813-h46jksw1c1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c5c7ad12a5f3c899c77d64dbe6166fe6faa9d969221c08c4bdcd31e83cfc3114

(this sample)

Mirai

elf d289fe4e5897e08d51f9a3ecced86a882a528adea15c9078c9e1ccf18db4320b

  
URLhaus
https://urlhaus.abuse.ch/url/3601678/
  
Delivery method
Distributed via web download
  
Dropping
MD5 02abd0e22f0acd28aa41cced4fcc238c
  
Dropping
SHA256 d289fe4e5897e08d51f9a3ecced86a882a528adea15c9078c9e1ccf18db4320b
  
URLhaus
https://urlhaus.abuse.ch/url/3601753/

Comments