MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA 1 File information Comments

SHA256 hash:	e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc
SHA3-384 hash:	e8b0d161be905cd36cbd879d174a3cbee245005430fb0b96ce1704afda8adda76195adc97438fd2a28d650fee7eab090
SHA1 hash:	45929662d5178e3d11f86db2f872483f0df857b8
MD5 hash:	c69c3692890c281dd44aceedeb85d613
humanhash:	solar-september-crazy-green
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'104 bytes
First seen:	2025-10-05 02:04:50 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:i4I749uM4Wr45t4fF4Xp48r4gQg4vVL4+34pR4HN4uj4sz4LkB:IUX
TLSH	T16B51368501728231AE55CFE3E2EB88583387A0D6BADA5FC794E978F4424DF54A8417B3
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://196.251.116.246/renji/renji.x86	3b8b3166046f6310c6ff7e99e7a3766ec3f516f077fc6d535ccf33f1b3346bc9	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.mips	78efee6f5bb1e4d6c63cf1d0cc3995f7d0d7bbbef2a57bdeb3fadfd540da1406	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.arc	b2669b17e9b6f3344abe99990ac485f1a9b4f011bf4c23c42ca29b661c9cc8d7	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.i468	n/a	n/a	elf ua-wget
http://196.251.116.246/renji/renji.i686	a6a3fb6b321c100947d2e47c153539481ddb9687f2f9acb2b80452c22f9a42ba	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.x86_64	e41b7dcdc2b1890ab60902d7c59b04c55517de3d702f8e5e8b00984fe6c4721f	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.mpsl	f72e24eca09cb6c5163722c1cade919e29d999be2e728165a9aa2ad500d2c518	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.arm	fa37a402046a41c935e53266abc74cb7d6420348c2c72b845f0f02a8cd0e9c19	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.arm5	427a0c4baf1949ff74507734759fa55a2b20aed895f11e2c4ad014a7300121b8	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.arm6	005af579f5e913be2474eda75d957906973487bfc3f7d009043bfd4544e22ad8	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.arm7	2f132310ed9eb143c1006fc6a22161deae113f3b9d1c037386007622708ec521	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.ppc	31972bc808e9f06a2bacb1c194e25e810590fbd52fef4cd0305740e240ca4d48	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.spc	cc0918dbb2a3d0ec79d31287892b365ffb3cc812e5300cccec3cac5832f65e70	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.m68k	3a006c800aa1f1e5b9584b38e60a13c8f3fcdc6ca55ef8ec5670412d7fa6a8c3	Mirai	elf mirai ua-wget
http://196.251.116.246/renji/renji.sh4	2e5116d89acf9f1d1c20ac896bfe6280e4c5e4dd6044ad5e94bc10310a35e667	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-05T00:11:00Z UTC

Last seen:

2025-10-06T22:39:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/1fd50225-3ad8-41df-94ef-3e38cad8a51e

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-10-05 02:12:21 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5gw7wdwgar3mxqkh2uucrrzco4g65wn4jlenb6njdtnvyvesn3ga._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251005-ch78dstns6/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

UPX packed file

Deletes log files

Enumerates running processes

File and Directory Permissions Modification

Deletes Audit logs

Deletes journal logs

Deletes system logs

Executes dropped EXE

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/e9adfb0ec604/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e9adfb0ec60476cbc147d52828c722770deed9bc4ac8d0f9a91cdb5c54926ecc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.