MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023
SHA3-384 hash:	b84a9b6e0b721722b3baeba25c6fb9bfd60265e79d03b317a190566de7b1d18edcb22d84a6865e26dd1baff5569ba061
SHA1 hash:	0184718e02d2dfe2ac6d796ff5ab7828c50af279
MD5 hash:	362fac89ee28b82680279eae98f1c25d
humanhash:	emma-earth-jersey-louisiana
File name:	dvr.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	996 bytes
First seen:	2025-02-16 10:41:45 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:8IEMeeIEMyZlIEMONIIMIEMkKSZIEMoyIEMUl9DIEMo9J8IEMGPIEM+a0IEM6EIT:8IYeI8fIuMICxZISyIo9DIu9iIQPIIjZ
TLSH	T11E1134CE0695D63918F8CD4C30E98C28E539A6C670624BDDAD5D0D3751969787E3BF0C
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://31.171.131.21/main_arm	bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef	Mirai	elf mirai
http://31.171.131.21/main_arm5	97744afb839e31ac5bccbd36751e49239bb28f8dc8543e016ad377ee0fd364a7	Mirai	elf mirai ua-wget
http://31.171.131.21/main_arm6	76beab1a2a1362ecb4f09a68480ec83be83b92bb4f325677a75d95f6ab7493ed	Mirai	elf mirai ua-wget
http://31.171.131.21/main_arm7	8583dd8a912a6689b1b6a30662fb9756a4191d3a42dbf73761dcb9b9ef15f04f	Mirai	elf mirai
http://31.171.131.21/main_m68k	765d2fcd868547d56ca65d1a1607dbd716846ade55a21763c1ba27d6095d4c2f	Mirai	elf mirai ua-wget
http://31.171.131.21/main_mips	93c6360339aed0489885e7ffb51f591258b8f1b62b69a063c285197cd4d9b2a9	Mirai	elf mirai ua-wget
http://31.171.131.21/main_mpsl	c91a88f2fae16832f27cdd29511afa98b9bb4097f073a495911e577d2b147122	Mirai	elf mirai ua-wget
http://31.171.131.21/main_ppc	71f26983cea8a321439fdb2413590211a2c0d34e961550f898981e7f3aec1570	Mirai	elf mirai ua-wget
http://31.171.131.21/main_sh4	d844fb6df57d4339e1d970d417b21b422466e64e0ed1c6d586d9d11ad093f151	Mirai	elf mirai ua-wget
http://31.171.131.21/main_spc	8b5ba26f0af7ae78f47f4167fce756a8905ac120193691062c230fdcf86da5bd	Mirai	censys elf mirai
http://31.171.131.21/main_x86	62957dcecfdaa90da9e4d31191222a66efd760119b6b400f70fb34792692d038	Mirai	elf mirai ua-wget
http://31.171.131.21/main_x86_64	a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67b1c1c428ab76d43a5b3266linux22vpnfull_triage

Tags:

bashlite gafgyt mirai

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

bash lolbin mirai remote

Link:

https://www.filescan.io/uploads/67b1c108991985e0a959c6d9/reports/596ebada-45f5-4554-bee9-95699f763bc2/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2025-02-16 10:42:16 UTC

File Type:

Text (Shell)

AV detection:

12 of 37 (32.43%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=asz4yevmg5s2sz7lphrbbafndvk2smctckr67ka67rlh6c4ocarq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/250216-mrrbcasqcr/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 04b3cc12ac3765a967eb79e21080ad1d55a9305312a3efa81efc567f0b8e1023

(this sample)

Mirai

elf bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

URLhaus

https://urlhaus.abuse.ch/url/3441560/

Delivery method

Distributed via web download

Dropping

MD5 c6edcb298e7732b81b54bac412d0bc6c

Dropping

SHA256 bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

URLhaus

https://urlhaus.abuse.ch/url/3441772/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample