MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b
SHA3-384 hash:	114cb9d88355ba4822c0a83a805a06d87117c674b6280d4c13534dafd9be9bc1d2d7dc639db93412191dc6a3551e500c
SHA1 hash:	86f37b247e4d1d454a0c418f45827d5215cde2b7
MD5 hash:	b1137f24526842a8f378522eabab959c
humanhash:	muppet-mountain-blue-apart
File name:	1.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	3'314 bytes
First seen:	2025-10-03 05:35:40 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:ItwtEtbZswt3tsbhwt2t9kwtLtglfwtdtamswt1tyTwtQptQGgJwtMtj6wtNtqnn:iohuxXzvs18HLCJBpCNKBgJspk
TLSH	T14B616EF703424F779CEB89D732A888446144A4AB68CE9F75DBDD24A81ECCECA7C45641
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://151.242.30.16/00101010101001/morte.x86	92d69c7546249a3195233a2b73f4bb30ea88bd2827d4c110398b1e941e56dbb8	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.16/00101010101001/morte.mips	93f5237da0a31e68e9329282d64a46434b4248cb6b3012a1585c0f72a8bcfcd5	Mirai	elf geofenced mips mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.arc	8ea12d1456993834e828c565cc19065d411401378a6c98b98c73d18680686017	Mirai	arc elf geofenced mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.i468	n/a	n/a	elf ua-wget
http://151.242.30.16/00101010101001/morte.i686	fc990589d1f85aaed8a231b1e7b48a121aa1c6a1eb19eb4843a6c13d376d992c	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.16/00101010101001/morte.x86_64	c3e1d20599df336815a735e7b0dfb30c365393aa981875d8a607dc20b5a06be2	Mirai	elf geofenced mirai opendir ua-wget USA x86
http://151.242.30.16/00101010101001/morte.mpsl	n/a	n/a	elf geofenced mips mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.arm	1ea88b28b54a4454882dbe3565215e39dbea43229a630885e0432ee243f46324	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.arm5	45d8bd8c375305921de509f4724914162b1dfb209617d24a6d87b8eecd6ffa0b	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.arm6	d1da191ce2dabc7519c8eef07fb246354d23117c67430437506fe2062cee9e84	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.arm7	0f3829f85ac77d1b9e15cbac4fc01afd3e5c5b114c247245029b1ad29c478f3a	Mirai	arm elf geofenced mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.ppc	c758b10c61c61d14d4fc1fdeca89e71109db4352307b66a445941e6c2ea91008	Mirai	elf geofenced mirai opendir PowerPC ua-wget USA
http://151.242.30.16/00101010101001/morte.spc	99b49622032cec0dc901aaaa7fe74bbe467cc4224b3cf3d1e6c2e667df27b7c2	Mirai	elf geofenced mirai opendir sparc ua-wget USA
http://151.242.30.16/00101010101001/morte.m68k	bee9c25fe35b4a590540518d411e378026856c6e3af5c03cdc37e7b1d919b017	Mirai	elf geofenced m68k mirai opendir ua-wget USA
http://151.242.30.16/00101010101001/morte.sh4	7a3a20e1b1341eb8cb77856de47cc177e6ae61345a19359fa6173ab1f30444ba	Mirai	elf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-10-02T18:18:00Z UTC

Last seen:

2025-10-03T10:29:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/8f9f6002-67d2-46aa-b0d1-dd428ffb6047

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2025-10-03 00:28:05 UTC

File Type:

Text (Shell)

AV detection:

23 of 38 (60.53%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=62bmzhgbn3a57ajbyyp2ujteawxgpm3xejhmxmuv53t5dnh3f4vq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux upx

Link:

https://tria.ge/reports/251003-gchg1asq16/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

UPX packed file

Enumerates running processes

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/f682cc9cc16e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.39

Link:

https://yomi.yoroi.company/submissions/f682cc9cc16ec1df8121c61faa266405ae67b377224ecbb295eee7d1b4fb2f2b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.