MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc
SHA3-384 hash: 5e6cccc17a776b2e7d7aebdea45b87abd2ecaffc933c8fc7fe842d3c348cf4699da13b9f3427aef1a1949d62b6e36d6f
SHA1 hash: b1dad243b7d2acdf16219c582e76c3cc78f7f72d
MD5 hash: 11445bb8b8e14f541daf7fc91f52f8da
humanhash: eight-salami-arizona-magazine
File name:rondo.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:6'892 bytes
First seen:2025-06-14 14:50:09 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:CRN061IRmR98RGAz++7ZU2fR2L7zjOlLHaPCk5dzIWCcFTlH:qNxH
TLSH T169E10ACEACC199D5A08E090671CAC77DBD25C19D31A2EEFEE466843AD0B5700706CFD6
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.91.254.95/rondo.x86_6442aa715573c7d2fca01914504cb7336db715d73d1e20d23e4bd37f2e4f4fe389 Miraielf mirai ua-wget
http://154.91.254.95/rondo.mips8bf8928bc255e73e0b5b0ce13747c64d82d5f2647da129f189138773733ac21f Miraielf mirai ua-wget
http://154.91.254.95/rondo.mipseln/an/an/a
http://154.91.254.95/rondo.armv4l63e826bb485deda709b388bb8de936b4ce5c5402767d5de41c2714712df28c51 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv5l0a9ebbecc8ec58c253039520304ca373cfb8d1674d67993e6485e244a77d6ec9 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv6l6c81fd73b4bef6fef379cbefdcce7f374ea7e6bf1bf0917cf4ca7b72d4cee788 Miraielf mirai ua-wget
http://154.91.254.95/rondo.armv7l42bc4535a0b440c19b63f9e4eab58bf09f07d18efdf1d48615b4908ed55d7a51 Miraielf mirai ua-wget
http://154.91.254.95/rondo.powerpccd254bc3380cbc9442e3a4dc68f0e5d30535c463176cf7df38b6df692ae9d524 Miraielf mirai ua-wget
http://154.91.254.95/rondo.powerpc-440fpc4684a64a85f3ee27b2de7a5841da583226e5441e8c5a35892aac72c4dfd0a28 Miraielf mirai ua-wget
http://154.91.254.95/rondo.i686e7d00379ea426bc9dc53651dad22f8f62c6e9fe34ec71d5ad44324caf64dd79f Miraielf mirai ua-wget
http://154.91.254.95/rondo.i58657573779f9a62eecb80737d41d42165af8bb9884579c50736766abb63d2835ba Miraielf mirai ua-wget
http://154.91.254.95/rondo.i486a55a3859a203ca2bae7399295f92aeae61d845ffa173c1938f938f5c148eef99 Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdamd64a2e4531fce22a715410f42753f3e0300571faedf82ed9518e4ae0287d3a5c66f Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdi386d602c1b320c2c60d587808e90d687368f6d791ee17987e5f7344bc61a6239042 Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdpowerpcb10db2af4ce4e8d8fa9c0398f9300bd677c4b7512dc02b563ea9b7f63b7ebd2f Miraielf mirai ua-wget
http://154.91.254.95/rondo.fbsdarm64de498bbf6700ef84697786340ee00180ec12b45afb2d86660378d25af0f839f3 Miraielf mirai ua-wget
http://154.91.254.95/rondo.arc7005206ad91eb182c5d422bef55202a59dfc9e9bdd2343ff165c8d36c715fdd12a6 Miraielf mirai ua-wget
http://154.91.254.95/rondo.sh420a24b179bdbbdcc0053838c0484ea25eff6976f2b8cb5630ab4efb28b0f06b5 Miraielf mirai ua-wget
http://154.91.254.95/rondo.m68k3daa53204978b7797bd53f5c964eed7a73d971517a764785ce3ab65a9423c2e7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684d8cfd8bd5d68a12e8a085linux22vpnfull_triage
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e39c5301-e3b2-4f0b-84ab-2545fd44cf42
Behavior Graph:
Download SVG
%3 guuid=7e496c1e-1900-0000-2af6-98554c140000 pid=5196 /usr/bin/sudo guuid=b0509921-1900-0000-2af6-98554d140000 pid=5197 /tmp/sample.bin guuid=7e496c1e-1900-0000-2af6-98554c140000 pid=5196->guuid=b0509921-1900-0000-2af6-98554d140000 pid=5197 execve
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-14 15:01:33 UTC
File Type:
Text (Shell)
AV detection:
6 of 23 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2gubsaevfnillmqtzncpihjqjcbqixkkheoqjoatvmtf6rhe2lga._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250614-sba73szjw8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d1a81900952b50b5b213cb44f41d304883045d4a391d04b813ab265f44e4d2cc

(this sample)

Mirai

elf 62f43091390604c1996d521b8be30a5ce5e12d2990b7e213772bb091e2156cde

  
URLhaus
https://urlhaus.abuse.ch/url/3561892/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c069c49b01c34c20177c1872a7613103
  
Dropping
SHA256 62f43091390604c1996d521b8be30a5ce5e12d2990b7e213772bb091e2156cde

Comments