MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17
SHA3-384 hash:	81adcca95f5ca2b04a75d82021a51fae1b64701a69367f0ebcf389a22badeccb4434886cc5772535deb5258934163442
SHA1 hash:	6ed49b56dadb306b57324b591e77f0fe3fe9191b
MD5 hash:	499e2a79d4ebcf392331b9d9844d44b7
humanhash:	lamp-minnesota-equal-bulldog
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'959 bytes
First seen:	2025-08-07 08:19:13 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:iXAhmlXqnElXPCXlXzePlXaeazvZlXasaFvjlX9NU9z4gelXujclX/SvlXjejzqE:iSmlKElqXlaPlKfzvZlKxFvjltoz4ZlV
TLSH	T198516EC702514A312EA7BE23FEB98F7C358155D21CE1BF0465DD78A5528CE88F06AA4B
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.67.244.57/hiddenbin/Space.arc	f5c26797b96f03c0fc22ca06f7630c4fdc2aa1c09721662c02ff7a9bf803fe07	Mirai	elf geofenced mirai opendir ua-wget USA
http://103.67.244.57/hiddenbin/Space.x86	f00e344d0c4530bbcaabdc5b1d15cabe0572a550fd21302589724665a45128b4	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.x86_64	d31f069ada96d16d05e7ad3f2996bf395c8f665d283bb57755f93c71078069dc	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.i686	10e34ed179fdbfa963054766c49e534a77ddcb84abef5b17d5e83531013c0b36	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.mips	6543ec98c16b9c1519e71dd3ffaab0076ec848ff3f785b822945da81dfbd1806	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.mips64	n/a	n/a	elf geofenced ua-wget USA
http://103.67.244.57/hiddenbin/Space.mpsl	24da29d761fd956f8466907b9e8550d1a9a149947bae74b16d25a4021014a7f7	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.arm	1d7f44d4b8d5625cc8231d44111847b5693e80c9ec2c76b37f5090d6d04e1b73	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.arm5	7ca7d501bc0a8eda40d8746b0ac21a2ba38c7062cb81fe6e1007ded8839565bf	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.arm6	9ee881504b8d2f0ae4ad14a8269436eec02b95d2e5260b432e1b122bc5879c7f	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.arm7	22df6da06dac3e8ecd9057cc266cddbfaf2741dd188a5a84e75b7da40afff733	Mirai	elf geofenced mirai opendir ua-wget USA
http://103.67.244.57/hiddenbin/Space.ppc	feb60454b038a8cb1918dd40e599d8163d3986194c17933ef56d27a3cb708544	Mirai	elf mirai ua-wget
http://103.67.244.57/hiddenbin/Space.sparc	n/a	n/a	elf geofenced ua-wget USA
http://103.67.244.57/hiddenbin/Space.m68k	d4bbd809ebc42a56c1710da9cfffb8cf566ce90b9e7a294b2314e8c2f4a1196f	Mirai	elf geofenced mirai opendir ua-wget USA
http://103.67.244.57/hiddenbin/Space.sh4	9a9a03da6c7d9e83ddf8d4fcc7a99a8a63622b37f94d6151bcdb79789c9a21d5	Mirai	elf geofenced mirai opendir ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/102ff896-0fdd-4259-b258-0488acad3111

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-08-07 08:20:59 UTC

File Type:

Text (Shell)

AV detection:

23 of 37 (62.16%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2wabh3b7kxowwggvtixk5zfxb4g3uyekp7ahvwgncnn54vg73qlq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/250807-j8ky4sem5s/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/d58013ec3f55/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/d58013ec3f55dd6b18d59a2eaee4b70f0dba608a7fc07ad8cd135bde54dfdc17

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.