MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f
SHA3-384 hash: 8405322bcb8a5b03a7f96bd8e0a10a43663dc88c261a5cf5283b389fca45d5ca601e9b48a62ee978675d3f45e1194903
SHA1 hash: caef5bf261d89a21618d9ea7636d3a0a31346db5
MD5 hash: 5d02d3f5ac7a5ec1984e3fbedd2de2ac
humanhash: nitrogen-idaho-juliet-thirteen
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:4'517 bytes
First seen:2025-10-06 23:35:11 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:YeMM2MMw3eMMbMMWeMMEMMUeMMHMMWeMMNMMd0eMMVMMyeMMKMMgeMM+MMceMMNA:vMM2MMLMMbMM9MMEMMzMMHMM9MMNMM94
TLSH T1809107B9F0818636DADFC7B731A6404AA18156E765DA1F8C87FE25E92C4CFCCAD80D41
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.x86ccc6687d55dfeadf98b084e5793ea4d701bbaba59a7486532b1f548f6360112b Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.mipse5418d13a80d3d12aa6defc35ee83d93548730d86ff298739a33b2e5be0a2356 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.arc36f916270f34cdf9dca6eca1839f453dbc72ec09c5e5b183e0f2be662b901cf0 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.i468n/an/aelf ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.i6865d125863cda9a3413fb4fafb9663b9f7af06d2df1e403939b424aeed7f7fe3ac Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.x86_64181772d1375e7c40c29e78937c2d8baa04810db808adf2814a4295e60810efaa Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.mpsl3710c2270c07a02df0c2a8e2582b2142ca5384d7cf102474bedd9137b00362d1 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.armc8295c8b5be86dbda4da6c0df624eeb7190ef156e5a3b6264923d02a53d7a3c2 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.arm587b2e84ad84e8bc204b6be5483d78855af000e999f0b63c47c86566963c55dcc Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.arm69db960ba3c7049755dba3ad900f4f4709795cc090cf1ed2e6be1cfb1db713ede Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.arm798177fbf9d8537b709dd37dbc170f97085bd809fc400298fee0dd8f489375cd9 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.ppcd4372744acf13969afac12150781b853ebd19f0a01447816763fe3949e351b74 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.spc3850533162a9a2790f751d0ffdec398b8329237663bf5463ecf9f695d09a7c7c Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.m68k934fe47ae1664567345559c342eba464aa377c1bdd50d728ba070f9343c7fc30 Miraielf mirai ua-wget
http://194.26.192.247/001010101010010110101011101010101101010111010101/Labello.sh4ef33efbfbe671d27b31f2df01219e68f2e3bfcd66956a9fd8b9a8151a9b75d50 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-06T20:51:00Z UTC
Last seen:
2025-10-08T10:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-10-06 23:35:54 UTC
File Type:
Text (Shell)
AV detection:
20 of 38 (52.63%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=75hgbd7qb7p6g4bignwgoybvkszwbruxmago63lkn6wffl2w2mhq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251006-3k7mrawwgv/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
Deletes log files
Enumerates running processes
File and Directory Permissions Modification
Deletes Audit logs
Deletes journal logs
Deletes system logs
Executes dropped EXE
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ff4e608ff00f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.42
Link:
https://yomi.yoroi.company/submissions/ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ff4e608ff00fdfe37028336c67603554b360c697600cef6d6a6fac52af56d30f

(this sample)

Mirai

elf ccc6687d55dfeadf98b084e5793ea4d701bbaba59a7486532b1f548f6360112b

  
URLhaus
https://urlhaus.abuse.ch/url/3660842/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8e6f0112ce912d4c8535cf803f762e62
  
Dropping
SHA256 ccc6687d55dfeadf98b084e5793ea4d701bbaba59a7486532b1f548f6360112b
  
URLhaus
https://urlhaus.abuse.ch/url/3662863/

Comments