MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e
SHA3-384 hash: 3c86168ef3f0777dbd23fa4cb89778b62a7ef47c5e8db59e779166b77c085c7d23700c32a67471e923694db729959275
SHA1 hash: f6cb72e3326e16e5225aee7fabbe6b88b5c6cf49
MD5 hash: 58af6fd627904a168ca8a1206e322afe
humanhash: delaware-stream-apart-hotel
File name:cayosinbins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'672 bytes
First seen:2025-04-08 09:07:20 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:1p4lp4Rpk4EpUJp0pop7UpHcpHcpy3p0pkrp7:1GlGRa4ESJey1U1c1ciOiB
TLSH T14531BECA21E15EB0ECB4F9273668C80075C6E5C75ACB2F456EDC38E984DDE08B002B93
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.144.18/mips26950b2d833c28791a1e462931417e8bd90cfc2b1617e7625a7a5879b94c916e Miraielf mirai ua-wget
http://176.65.144.18/mipsel5c02f98cc951dae0813a7b6e394e29acb6e2c992654fff2b0d30395251cd5f13 Miraielf mirai ua-wget
http://176.65.144.18/sh462a35f2908ff62726a82027bb143bffb06cccebbf78648cefad288cc5e8566da Gafgytelf gafgyt mirai ua-wget
http://176.65.144.18/x863bf717ab4ae62075f4cd87db2fa5a9dcb31f585572d35ada7a9620c65dd1bb38 Miraielf mirai ua-wget
http://176.65.144.18/armv6lde472b3de76b8971222d3c1b6bd78f7f15f5876edc19aa7ab5b786c32c40fa1b Miraielf mirai ua-wget
http://176.65.144.18/i6868b483e2e0940331af03d36c023a878a3cf66d1b03656e33c5daa874ebd863670 Gafgytelf gafgyt mirai ua-wget
http://176.65.144.18/ppc1e09667466e27c4ce0baa4244625aa757bf27f4442c68269cc1917411267dbae Gafgytelf gafgyt mirai ua-wget
http://176.65.144.18/i5861363c04b1245850e6c13728596bb25ca1636f5c259fd51778c50d4f0f08d2910 Gafgytelf gafgyt mirai ua-wget
http://176.65.144.18/sparccf99c3812f303311025c6804634e4ae6de1b5509e25c978f715263b536fad3e9 Gafgytelf gafgyt mirai ua-wget
http://176.65.144.18/armv4lcb09b67ca812e5787da288fb0414257318ac2d17dc7cd2d17eefe38aa8a3f742 Miraielf gafgyt mirai ua-wget
http://176.65.144.18/armv5lcfcda4dbc002a66b3033b95f9d684a8170286d539d89d431ec6ae5afcfaea784 Miraielf mirai ua-wget
http://176.65.144.18/armv7l7d2c06fc5ee108aaf14f4a5c21349adc80d3fede31bfeff4660bad18ad1a5f0f Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f4e930a695a0cd1facb891linux22vpnfull_triage
Tags:
trojan mirai agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f4e7822d430c849e0c9708/reports/df7de4a2-a39b-4689-a07b-5f423fcfb010/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-04-08 08:59:38 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5is2rq7iyduflolc2djxly5mg4uakoge5nfm5oaezuh47wocanha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250408-k3z2hsswcy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ea25a8c3e8c0e855b962d0d375e3ac37280538c4eb4aceb804cd0fcfd9c2034e

(this sample)

Mirai

elf eb8c3711242d572d21d97dd3cfd8ac18288fad84a17ccb2b8efeacd09b03058d

  
URLhaus
https://urlhaus.abuse.ch/url/3504214/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b256cfc5587200b045d60077cbdd1dbd
  
Dropping
SHA256 eb8c3711242d572d21d97dd3cfd8ac18288fad84a17ccb2b8efeacd09b03058d

Comments