MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d
SHA3-384 hash: 5916a91343b0b3c4e4afbae8523cbe475c4b29b4ef1b8cc9ead65b66d5f61c298718c7122ce90181b41de7b63dfc0c0e
SHA1 hash: a65a0da9eac7730c1310fc0aa4b55b5d6e22c1d1
MD5 hash: 00381a7fb27bfd95a55825a56213183d
humanhash: moon-missouri-one-iowa
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'940 bytes
First seen:2025-08-20 15:24:51 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v07V7N7h0q6G0gyzP0aKW0goU07g7o7U0fH3b0l9R08cg0JpV0ySO0W+C0XfT0/i:v07V7N7h0q6G0gyzP0aKW0goU07g7o74
TLSH T165516B8603164E741D636A73F6F6C7783489E0650DE9EB85E9CCB5E9034EC9837407A3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.80.228.130/hiddenbin/boatnet.x866a8d0995d75b3b3907ad732060e3b1b7cb465b005e75efb29605add1061c7ba0 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.mips11bc0fa333db7e15b69b3c0710c753021dd6665593de2397c23c9faae6e7fa24 Mirai32-bit elf mirai Mozi
http://45.80.228.130/hiddenbin/boatnet.arcf1910af4d5e7d2b07a01de0b9793cb2d9248f3fb58a2360d2cb0e341be2a90c7 Mirai32-bit elf mirai Mozi
http://45.80.228.130/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://45.80.228.130/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://45.80.228.130/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://45.80.228.130/hiddenbin/boatnet.mpsla286960cf28636055c1e427ed4409eea5c39bf1f99920cc93f040fd14240e675 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.arm4c07e75e2af5f6c6df85426a1de392f170940959732682b45fa762a7d1504d39 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.arm541792a4ccd7a2c916da73b04442db2a1b67f902b7ac41e99824d46de24dc8028 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.arm6366ea24746c64be379b1efca25b963dee012186b618af54b7d3f353daba2b6b2 Mirai32-bit elf mirai Mozi
http://45.80.228.130/hiddenbin/boatnet.arm732d67ba1a2b31f014a4092f3ec8a41f9f0147f57cdca28ebed8dca28470ef0d0 Mirai32-bit elf mirai Mozi
http://45.80.228.130/hiddenbin/boatnet.ppc52ccdf11f27f8affb8bac47456d35c6e1b6ee9fca37586d24dbf3a378d0905cf Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.spc664a1eb8c25ed7d70b4dd8376830bbeaf879d45bf9885d3a6279fa938f8470c5 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.m68k4c44810e1591a4f8db0683b218677a351255b8261a7b14ac41da20e965c4bd22 Miraielf mirai ua-wget
http://45.80.228.130/hiddenbin/boatnet.sh4a3a4afc7862b3480a8f9fd5662653c38bbf7c159e3bb1e0757bb0673a371b8ef Mirai32-bit elf mirai Mozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-08-20 15:20:11 UTC
File Type:
Text (Shell)
AV detection:
23 of 36 (63.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5mdoq5bmvdnlzd3pvzhwkimajprqn2ixibmatlvlfula6gefpeoq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250820-styfbstycx/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/eb06e8742ca8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh eb06e8742ca8dabc8f6fae4f6521804be306e917405809aeab2d160f1885791d

(this sample)

Mirai

elf 6a8d0995d75b3b3907ad732060e3b1b7cb465b005e75efb29605add1061c7ba0

  
URLhaus
https://urlhaus.abuse.ch/url/3607319/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bddf888f555c824bd21a4142739a9879
  
Dropping
SHA256 6a8d0995d75b3b3907ad732060e3b1b7cb465b005e75efb29605add1061c7ba0

Comments