MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc
SHA3-384 hash: 04d84610732febc112ccc327d18b258a7ade815abe1e53439a8a96a9f0f8467d542d79ed678a1aa7537f7b34f8eb500b
SHA1 hash: 032059fcf14e01bb9637e4b198bc50c817c8a414
MD5 hash: 2c28b2bd48046c540029015da0e1fa4f
humanhash: summer-jersey-grey-seventeen
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:799 bytes
First seen:2025-01-09 06:11:36 UTC
Last seen:2025-01-09 10:06:24 UTC
File type: sh
MIME type:text/plain
ssdeep 24:Wr/tQIn0RNIyxNt2OKUi+DzZlBluV/NZdZX1y:q6UircOzZzgBNrp1y
TLSH T1E001ADCF2D6565450C80DD8935614C409C06FEEBD496CB4FF5C88E395AD8B14B125F9B
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://79.124.60.186/bins/res.arm368d9c9d203dc9e6047e7f00c6c92cfdbb845348bc7516dfd0569ed3cda16f1c Miraielf mirai opendir
http://79.124.60.186/bins/res.arm5b893ec14f82f0111a82adb81c4ff326af075a594f9ed4443eb0de2346ef03aaf Miraielf mirai opendir
http://79.124.60.186/bins/res.arm6eff81e483d964da558eb9214e743b85ea4b4cd8f0c24f4c0c1638f8f6bb557bc Miraielf mirai opendir
http://79.124.60.186/bins/res.arm7c74dde32c0a93bb5ec5cc8457d88e9d3d4d4eeb83343c573e7d6b3669d695621 Miraielf mirai opendir
http://79.124.60.186/bins/res.sh483f662eb487b31559891eeaea6dd0c1ffa41cb0aa95aef6c202cc64c7e4ee7d8 Miraielf mirai opendir
http://79.124.60.186/bins/res.arcbf99d3657d63527df883f84094abd43f1b1e86583df631b06a3b47ba920066e8 Miraielf mirai opendir
http://79.124.60.186/bins/res.mips35a176fd312afaacdf56f8f53a2a4e4ecc83d737278744d0d0a9c057ddd602bc Miraielf mirai opendir
http://79.124.60.186/bins/res.mpslee2fa2c8dd0670fca4e137cbb60675dcdc6148f799644667377273bb1e7d1ab4 Miraielf mirai opendir
http://79.124.60.186/bins/res.spc6d28dc487c2cee5e779f0bfd8430b96f282ec1473eac0dcc529fbbb7b43ba6bf Miraielf mirai opendir
http://79.124.60.186/bins/res.x862d8fea0d43cdd0c083cf4d94267390fb91e82fc95af76865051f6d1d1214424e Mirai32-bit elf mirai x86-32

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677f6977c029bd73f287c92clinux22vpnfull_triage
Tags:
downloader agent overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug packed
Link:
https://www.filescan.io/uploads/677f68b5c2f29c0c6d88903c/reports/884f9345-192c-4810-9aa2-3b37df348600/overview
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-09 06:12:05 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b3zojbxrxvnv6jxvk3fhvlohgya4lg2fhvetmd7dzhql7wdjzpga._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250109-gx7ydstman/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0ef2e486f1bd5b5f26f556ca7aadc73601c59b453d49360fe3c9e0bfd869cbcc

(this sample)

Mirai

elf 368d9c9d203dc9e6047e7f00c6c92cfdbb845348bc7516dfd0569ed3cda16f1c

  
URLhaus
https://urlhaus.abuse.ch/url/3394101/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9bf90a89138a9fb7f3e05d732366b081
  
Dropping
SHA256 368d9c9d203dc9e6047e7f00c6c92cfdbb845348bc7516dfd0569ed3cda16f1c
  
URLhaus
https://urlhaus.abuse.ch/url/3394087/

Comments