MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0c4b995f35b1ddbf6134199e71edce69594d1def5c90fa899eca2c8e8cc4a21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash: d0c4b995f35b1ddbf6134199e71edce69594d1def5c90fa899eca2c8e8cc4a21
SHA3-384 hash: e20a39ffb39780ec32628232d25ce54f71fe2bedeff4f172d1b427baa15e50b650aca973e4f836668f3461aff7bae815
SHA1 hash: 695f772ca46340be958bf48ca6611b964c514f4e
MD5 hash: 2adf570573c859c8409d94b8972d9251
humanhash: green-zebra-muppet-friend
File name:titanjr.sh
Download: download sample
Signature Mirai
File size:3'254 bytes
First seen:2026-07-11 15:21:25 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:Itssm7v+ltsInhc0JgAjCLM858NIG4ksayq037xzv:iBm7mlWohcut+LTJa237Fv
TLSH T169617C85215C2B31AC99DAD632AB403C619790E74FCB5FBD98D828F948CCE1578C36A2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.154.43.192/titanjr/titanjr.x863a25b82a489e1e0529e1bd2b422199289a205edcc62b8c03aedc05915ffdff1b Miraielf mirai opendir ua-wget x86
http://94.154.43.192/titanjr/titanjr.mipsad6a2d876975f7051eafee1852d0287de8f792c8d64d5d0ffd41b634d391e195 Miraielf mips mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.arc022ecdc03e542dec7f460d92692009bd9dd0fc3ac1eab9593945c84ff0a4fa30 Miraiarc elf mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.i468n/an/aelf ua-wget
http://94.154.43.192/titanjr/titanjr.i686fa7909526294f9a963b87b828c32b336a4ef87c2e7ca8bc81a83da68a6d8cc7d Miraielf mirai opendir ua-wget x86
http://94.154.43.192/titanjr/titanjr.x86_6449a25be22ee766aa66d0ce3a47a26d61a38a7c364a832ef388f1e252bcf35a9e Miraielf mirai opendir ua-wget x86
http://94.154.43.192/titanjr/titanjr.mpsl8072b5b0fe6fc53e9adf018ab1ca3efcdc2c78e2ef1e335a318aec736eb017d3 Miraielf mips mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.armbc44a47d9c38eef76b43a039437f62910bd3a5a9b16012848a21070f19c78af9 Miraiarm elf mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.arm57a4ac2fd1ba4c98850399b64563a87aaafc8499a8d52beb2e957a59e332e40a9 Miraiarm elf mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.arm6bc2ddf63fb0fba2d53bfc11e1f87dd466ad3bea900712eb9ae03f91119b67dfc Miraiarm elf mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.arm7ba3833aaa12a252a4acc72b63c9c2bfd44a73559de3b1d54c87ab52dc8de087f Miraiarm elf mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.ppcdeaf754ff44d89f83ff622b7996592407455c9bd9485249933ee8029162bf190 Miraielf mirai opendir PowerPC ua-wget
http://94.154.43.192/titanjr/titanjr.spc9f66434f98f3fa3e9c36ca3c8e1bf7beb295f567acc70b04e120cf94d182043a Miraielf mirai opendir sparc ua-wget
http://94.154.43.192/titanjr/titanjr.m68k8b35bc886f3c46afe759dad21cd8bbb05b2c360a4a6b6e8bae8a8be334ac012c Miraielf m68k mirai opendir ua-wget
http://94.154.43.192/titanjr/titanjr.sh4a5e1e01bb88ba6e7e9adc99398cd9937e42e612e10d0843542703dbdf758e3f2 Miraielf mirai opendir SuperH ua-wget

Intelligence


File Origin
# of uploads :
1
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Threat name:
Linux.Downloader.Medusa
Status:
Malicious
First seen:
2026-07-11 15:23:44 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Result
Malware family:
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery execution linux persistence
Behaviour
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Family: Mirai
Malware Config
C2 Extraction:
oefjpwefgjujw865.hopto.org
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d0c4b995f35b1ddbf6134199e71edce69594d1def5c90fa899eca2c8e8cc4a21

(this sample)

  
Delivery method
Distributed via web download

Comments