MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6
SHA3-384 hash: 2c8ef8db7af2f116c8540eab7129e9d341fff891a74c580bbf1fa8951505b473f67d433af64d27321272bdeaf5ee6c69
SHA1 hash: 497958d90b23e8d5f48d0c35f9a602c4e9e16429
MD5 hash: cdd31e7e86dc24907dec92e0d764bfeb
humanhash: steak-single-lithium-tango
File name:ssh.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'910 bytes
First seen:2024-12-27 09:46:24 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:o8zMbvvC67Y2BCKE2t9zmsjTd8zMb6Kn6ez2BCKj2I9eFs2Tp:o8zMbvvC67XE2Tzjfd8zMb6Kn6eSj2+4
TLSH T10F51225EEBA230A9CF59CF17AF6358CDA504A2ED948B8FD5F5E0C92C40A46D4F2E050D
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://79.124.60.186/bins/telnet.x86e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8 Mirai32-bit elf mirai x86-32
http://79.124.60.186/bins/telnet.arm78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a Miraimirai
http://79.124.60.186/bins/telnet.arm59fb807fda0cd97a310abe874e17dd481aeb13455c307331f46c20da65fce6367 Miraimirai
http://79.124.60.186/bins/telnet.arm62957962f6f7db455ef6f6172b85ef157862b41ef8a2236796c2669055dee915e Miraimirai
http://79.124.60.186/bins/telnet.arm78ad5ccff643191b3111166d99224d702c0c06e4629edbb953b060aa133c0f0fa Miraimirai
http://79.124.60.186/bins/telnet.m68k8ad5ccff643191b3111166d99224d702c0c06e4629edbb953b060aa133c0f0fa Miraiopendir sh
http://79.124.60.186/bins/telnet.mips0282a7e9745d35ad0d4c59ba8e1d321db5b9cc2c0d4c3558ce5232a2809fb18c Miraimirai
http://79.124.60.186/bins/telnet.mpsl4f47e52d92aab4f7620ec086f055251c0df84dc2029118f565b1f73ff73e9f32 Miraimirai
http://79.124.60.186/bins/telnet.ppcd1fcea5085dd722e81a3bcbf228db140dff2fab14c38b61760f030ccd2a58d80 Miraimirai
http://79.124.60.186/bins/telnet.sh41f25187fbf13c3cd01c90eedd66a791cf5c8eb5b13ac0f49cff1a3b220d2627b Miraimirai
http://79.124.60.186/bins/telnet.spc1f25187fbf13c3cd01c90eedd66a791cf5c8eb5b13ac0f49cff1a3b220d2627b Miraiopendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.Shell.DeleteHistory-2.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676e779a75bf3268d2fec892linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive lolbin remote
Link:
https://www.filescan.io/uploads/676e779c4ad9baa7bede2df3/reports/18163c0b-6436-4ff3-8fff-83f75625e1e3/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6/
Threat name:
Script-Shell.Trojan.Geninst
Create hunting rule
Status:
Malicious
First seen:
2024-12-27 09:47:05 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=abatvieajq47u2wmwogjekym5j2eroe3dbx4lvwy2el42t4vg3ta._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/241227-lr7gwstqdr/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 00413aa0804c39fa6accb38c922b0cea7448b89b186fc5d6d8d117cd4f9536e6

(this sample)

Mirai

elf e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8

  
URLhaus
https://urlhaus.abuse.ch/url/3378232/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9ced588aec0ba67ad8f01ce3ea50cbfa
  
Dropping
SHA256 e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8

Comments