MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb
SHA3-384 hash: 6c1cdc3c000765ac9122bb396f80bb0e3a18eddcbcbe573c1bcbf5542c6234ab0044bc90a1de7cf10de04e0ff9b88cfa
SHA1 hash: f238ab5f857d945295b946dc2413aa9ff295ff3b
MD5 hash: d57b86176a74bbadda703125b1b1b379
humanhash: fanta-jupiter-indigo-venus
File name:run.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'815 bytes
First seen:2025-11-20 08:57:43 UTC
Last seen:2025-11-20 16:55:46 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:/gbU9ETEra/qVUrLA7V4EUAtYzJMH8gGvkmkQYt2JkP45:/gbU9EEBQe4EUAmzJMH8gGvkmkQYt2JD
TLSH T155517FA511524F3D7CF29A2FB2AD0409B1F395AB60E7DF149CD834A6618ED743C02E5E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.26/main_x860d7faa61a016d1ddbba591a09ce005623faced2ec2750b1f3148950f877a5b2a Miraielf mirai ua-wget
http://213.209.143.26/main_mipsb870b0c66e5cdbab21bc4d28c3e5e66a557f6d03ab30857312d445e6624d8894 Miraielf mirai ua-wget
http://213.209.143.26/main_arcn/an/aelf ua-wget
http://213.209.143.26/main_i468n/an/aelf ua-wget
http://213.209.143.26/main_i686n/an/aelf ua-wget
http://213.209.143.26/main_x86_6470653f2079ed5ad5982aa4fbff4ac49c79a54b5ad6a0240fed2848897c00b17c Miraielf mirai ua-wget
http://213.209.143.26/main_mpsl36a37ced893b0ab6400b785e14ee1c63e03f39cbb5bb18399b635ef59ffc3b14 Miraielf mirai ua-wget
http://213.209.143.26/main_armf0492645461def1452f4eb2d9ae14b218869b4dbc2093199042752b723a43bb7 Miraielf mirai ua-wget
http://213.209.143.26/main_arm5e4c4775ebf8858e632497092e578940b33228349fadef0207aed99a7fb14d37b Miraielf mirai ua-wget
http://213.209.143.26/main_arm6dabf196b20d87c5b615e6b4ba7b5a73caf04caed60f032d9454b61fd7d34fca6 Miraielf mirai ua-wget
http://213.209.143.26/main_arm78fa63cf16bd8b5f0c267c99c6d62004db560a66360695c949b498231836df8ff Miraielf mirai ua-wget
http://213.209.143.26/main_ppc0c84dd5e63104cb7ab0194b28f5c41adee4c460b54cfaa9f9dd855ebe589e18a Miraielf mirai ua-wget
http://213.209.143.26/main_spcn/an/aelf ua-wget
http://213.209.143.26/main_m68ke4c9bb581e89de0ccdc2d33b90c2c3833492f4b6d238b0428ba5dfae94a348a4 Miraielf mirai ua-wget
http://213.209.143.26/main_sh45c8b91b9f5f0bcd72fd1ad5a8229396bfba43ecf1ce1f2eb3a483347652a876a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash busybox evasive lolbin mirai
Link:
https://www.filescan.io/uploads/691ed82bd6ee29a04089452b/reports/f9f26dc7-b3e9-41ae-ae8c-888f8ad45f82/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-20T06:37:00Z UTC
Last seen:
2025-11-21T23:02:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4c1e8f22-241f-449f-9495-4ad2b2b33707
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-20 08:55:20 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=63x33fo3pt2calonz5dt33j35xw6fsjckjielryr5y7sjwegvl5q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251120-kxa57ssmas/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f6efbd95db7cf4202dcdcf473ded3bedede2c922525045c711ee3f24d886aafb

(this sample)

Mirai

elf 0d7faa61a016d1ddbba591a09ce005623faced2ec2750b1f3148950f877a5b2a

  
URLhaus
https://urlhaus.abuse.ch/url/3712406/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3712470/
  
URLhaus
https://urlhaus.abuse.ch/url/3712476/
  
URLhaus
https://urlhaus.abuse.ch/url/3712481/
  
Dropping
MD5 6bde316169670df808566b1d38de9b4e
  
Dropping
SHA256 0d7faa61a016d1ddbba591a09ce005623faced2ec2750b1f3148950f877a5b2a

Comments