MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5
SHA3-384 hash: 1edac02c430b35f4e0b9f18dbfb8c81b19d1ebb747dfac66bb76b52d14939ca6c04143994443c6e8a9fd4255d9d49937
SHA1 hash: 681080e18037723440720885ddae30f79dd1726e
MD5 hash: 17b6b840a243d44a9b9f66efc9a26c30
humanhash: south-sweet-earth-maine
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'360 bytes
First seen:2025-11-30 11:18:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:/x7m7D7e7b7VxvatUAxg3gSkgMjxfq9Ewx9Mza+x797M7z7a7+xwRQdJJx2zOrlx:VkHMPE5y3Ywh
TLSH T1A061F6C6825C0F382C32DA97E37681683195858198EBBF92EDD8EBE0025FD387502773
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://41.216.189.185/hiddenbin/boatnet.x8675bb4c0200719b86a53be8b00dd65444023dfecfa50e250e1b357dbdf45d7973 Mirai32-bit elf mirai Mozi
http://41.216.189.185/hiddenbin/boatnet.mips55060b3fbff6963be8b700de47bbf18a3f1f3de35630cf9e203e4a0d5198eb7c Mirai32-bit elf mirai Mozi
http://41.216.189.185/hiddenbin/boatnet.arcd00ec7eefd46382b8baa4949ade387a6ac5d78f6c1d815bc5a9b17b5398a5a28 Mirai32-bit elf mirai Mozi
http://41.216.189.185/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://41.216.189.185/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://41.216.189.185/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://41.216.189.185/hiddenbin/boatnet.mpsl650acfa309721ba10798195cd66f8ebd84c6b11adcba0fdc3470211447ff06b7 Miraielf mirai ua-wget
http://41.216.189.185/hiddenbin/boatnet.arm8092315b10ccb89b7d3a0847b7839d9ed145e9ff1e7c80f943624c1c42f74180 Miraielf mirai ua-wget
http://41.216.189.185/hiddenbin/boatnet.arm57706a544f25e578b68935598e152b6e75c7795665e6b92cc48cecd7add6d0487 Mirai32-bit elf mirai Mozi
http://41.216.189.185/hiddenbin/boatnet.arm691916a301f6a4a76990dfdebb2eebb580bdbb5cc2df74b05965b4e95a8965d0f Miraielf mirai ua-wget
http://41.216.189.185/hiddenbin/boatnet.arm71643e9e1eb220a3cd9b796dda3a9e119be9b2a96a9b5b38dcac7ba8b91f8d895 Miraielf mirai ua-wget
http://41.216.189.185/hiddenbin/boatnet.ppc4812c30e1192996c0ccb8c2ff3049a25da367191bd48f291b7644b2c6abeb52d Miraielf mirai ua-wget
http://41.216.189.185/hiddenbin/boatnet.spcn/an/aelf ua-wget
http://41.216.189.185/hiddenbin/boatnet.m68k40b109e03d79821c271a710477e7e863539047c7532e6990303ac41af0bd37bc Mirai32-bit elf mirai Mozi
http://41.216.189.185/hiddenbin/boatnet.sh44def69bba619604c6bcab7039d01e9cbe69b7b9610cd15333ca8751a8e17f84a Mirai32-bit elf mirai Mozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.31312.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/692c28331b65ca0bb927fdf6/reports/1b868eea-d293-4ce1-9833-b791d3053b30/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-30T03:38:00Z UTC
Last seen:
2025-11-30T03:56:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-30 09:45:27 UTC
File Type:
Text (Shell)
AV detection:
20 of 36 (55.56%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75cok7qs5zefw2ybticme2urdk66xc7mmklctw4tvtagmd2yvlsq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251130-ney14avnew/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ff44e57e12ee485b6b019a04c26a911abdeb8bec629629db93acc0660f58aae5

(this sample)

Mirai

elf 36898eddab233ccae5030d01b753a2b52a0d45e732bab9b9f6f8adcd863948a3

Mirai

elf 75bb4c0200719b86a53be8b00dd65444023dfecfa50e250e1b357dbdf45d7973

  
URLhaus
https://urlhaus.abuse.ch/url/3720263/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ee6748968b650d5fe4f0969be601ff25
  
Dropping
SHA256 75bb4c0200719b86a53be8b00dd65444023dfecfa50e250e1b357dbdf45d7973
  
URLhaus
https://urlhaus.abuse.ch/url/3717862/

Comments