MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219
SHA3-384 hash:	9b0e27e33b63e378c1608b5412d87fd5f147174b0fb54b2a7f5bef95176e7d72dfb5da102471c0ffa9f6888b6f28e0d6
SHA1 hash:	d0c903f7e8d039e02e60203f7f59746b3c75aa49
MD5 hash:	0a3d64e0b51b62f2ed11ccde02463b96
humanhash:	cola-emma-magazine-happy
File name:	mass
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'953 bytes
First seen:	2025-09-27 04:37:19 UTC
Last seen:	2025-09-27 06:48:11 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:pXISnfgcB7MEgrS8bDgdq4NlgqT1Y1igBATaxgagUdLEsgAP9wYgrGDgbDgMf9c2:pXISnfgcB7MEgrS8bDgdq4NlgqT1aiga
TLSH	T11C4100DA7C101913130DFE8CA3B2C469A05E84DDA78A21E8B6A55EAD9D4C70E7970F4C
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://94.154.35.154/powerpc.urbotnetisass	09a18ca51af0504d1de3691d6a5c290d3e2c1a6c98043957b8518267a3bb12ed	Mirai	elf geofenced mirai ua-wget USA
http://94.154.35.154/mips.urbotnetisass	b18659cad3db34b8d2d82ad5786c5696454ce7dd79e4de554f3da84f8f9d2aa0	Mirai	elf geofenced mirai ua-wget USA
http://94.154.35.154/mipsel.urbotnetisass	9b01970e468137eceb8f401e6f20a643826cb19b724a73de07c5d4abee718237	Mirai	elf geofenced mirai ua-wget USA
http://94.154.35.154/arm.urbotnetisass	a28ba2c86793fdc59244babe507f419e4cfa658bd61a5dd178ae090a5e795984	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm5.urbotnetisass	98b0356eb57747abf0f7aa3aac9c5ebee23164227fcbdf7a6e2984647b207334	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm6.urbotnetisass	4080cdfcf00475b9709de913f4fadccb5e43164702fa9c8247cc4927982eb9b0	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/arm7.urbotnetisass	483994d47c07d3cc14da050b1c6db9167bb9eef388a33aad5b3910ece49a830c	Mirai	arm elf geofenced mirai ua-wget USA
http://94.154.35.154/sparc.urbotnetisass	n/a	n/a	elf ua-wget
http://94.154.35.154/m68k.urbotnetisass	f4946b27267c603871ff2a00cfce51e49993eb1528240d4d028030f119bab328	Mirai	elf geofenced mirai ua-wget USA
http://94.154.35.154/sh4.urbotnetisass	89936f49e50a14f7c17b9ed52f01677b1cba93ff5d631fff8675a5eb68c7ceb2	Mirai	elf geofenced mirai ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-09-27T01:46:00Z UTC

Last seen:

2025-09-27T01:46:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/c182aa41-e3df-4008-a10a-70ec3db88340

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-09-27 04:38:35 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zbrepjxqkzizjpfq6kde5ljytvkdwehch2xsuwoy6zjlxbcbiimq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250927-e82jmsxry9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c86247a6f0565194bcb0f2864ead389d543b10e23eaf2a59d8f652bb84414219

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.