MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b
SHA3-384 hash: 45024656716f8f38f6838db01cbe2bf200801fc2344c73754be023d416d71b1c611154e6257fff235dc55970dab7d18a
SHA1 hash: 0b49a0dacc1325e04b8c9642973d9e5542ca03c4
MD5 hash: 879e65e87627b1943893fbd8f80d4434
humanhash: cardinal-montana-delta-jupiter
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:910 bytes
First seen:2025-02-06 15:51:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3KQHNQLOQnNIqnQuKx0QZQkQJ/QEQV1x6QaQQtbQ/HR:oQHNQLOQnnQuS0QZQkQJ/QEQN6QaQQlY
TLSH T15411CECD90D9E0C2192DCDDA715DDC0D6250A7D8B4BD5735FDB58C32409A2023064BBB
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://36.50.135.137/bot.arm2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81 Miraielf mirai moobot
http://36.50.135.137/bot.arm53fa6d7197bbec5bb1d96f97f1737645b22cb844c11a3aed930cd2b2b3d659be3 Mirai32-bit elf mirai
http://36.50.135.137/bot.arm61f33e44067287ff5c4104f8bbe22b77ad05d935458a6f5c71462bdff49d0ece1 Miraielf mirai moobot
http://36.50.135.137/bot.arm7a22926e5a56297c9f3f2081362b07caf284b599ac41febb56242fc6d3ef12797 Miraielf mirai moobot
http://36.50.135.137/bot.m68k641b2dc15b24ce75704e00821fd1558f4e6eef1993cdb5d809ead88bcab07ae1 Miraielf mirai moobot
http://36.50.135.137/bot.mipsa7b7a683e1b1607f9565ef324595a683e74d7a6ccb6818797dc4950e799df3b4 Miraielf mirai moobot
http://36.50.135.137/bot.mpsle6098ccc165ae47685de413442c912af1e929360f14f95b4a34f07b0f39cc187 Miraielf mirai moobot
http://36.50.135.137/bot.ppcd8a26bc1b096eb6147dbef58c33722f8f6d71ca64b7249998cb38978f7aabe76 Miraielf mirai moobot
http://36.50.135.137/bot.sh4d20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.spcd20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.x860308459dfb913a3648bc2221a6cb559e6959335f59b40ee5fe67112f59020edc Miraielf mirai moobot
http://36.50.135.137/bot.x86_644721d351f7d60b6f73dd6e749d5d089aa6f55afa52fa84051e10a719229d6434 Miraielf mirai moobot

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67a4db6251193558eb19a434linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/67a4dab86f3db6cc3aaa880c/reports/d4c29820-d5f5-4bce-909c-821be3f869f5/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-06 15:52:19 UTC
File Type:
Text
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=alouyhuaniyhpf6jn6uhw7z7gb42pm3h7nl66665dlcxx2av2e5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250206-ta7eka1nap/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 02dd4c1e806a307797c96fa87b7f3f3079a7b367fb57ef7bdd1ac57be815d13b

(this sample)

Mirai

elf 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81

  
Dropping
MD5 479e94597509942f50dc732b03444166
  
Dropping
SHA256 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81
  
URLhaus
https://urlhaus.abuse.ch/url/3430024/
  
Delivery method
Distributed via web download

Comments