MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4
SHA3-384 hash: 9788f3821b03e554bc894263ee037cbf6f9919e72c5653891611face4cd3804866ef880012ccd75d5bdd1b722dc28524
SHA1 hash: 917c3612b21ed58dec64bd3cfe96971668b86e58
MD5 hash: 9891d1597cf4ebe11d017b3a5d69a818
humanhash: lamp-maryland-arkansas-moon
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:805 bytes
First seen:2025-01-25 17:02:24 UTC
Last seen:2025-01-26 04:11:06 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3GmcyGmcrLTGmcBNIl5tGmcK0LKYGmc1tJlGmclsQGmckxGmc7BqQGmctTpGm7:3J3yoNI7+Ktt8sBWVB
TLSH T1EE01DBCE21B2565F6A65DE1EF4A6870C5021F0C030E68B59FF18AC39A5D5220383967F
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.139.104.177/main_arm2a92fe52020b3df191fdb3b17e06b4dcb06c12b217ef3549a7f91e3fb9bea804 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_arm511046bae8ca88f22e87db47e3e1dbb238bcbb97d430da790f7b1b792a289bcac Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_arm6f8bb0345f9e44c089a17799f2e7782fff20a79e85f3c7be759ed4f6d5d404a74 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_arm7c21d0702402aeef273852d53e128596db82875a6655f522daaf185e182452f85 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_sh4f8f973f883498d8df77131d155563de643d56a62de54dd9da8cc291521fc4975 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_mips548cd4c3e6d0b344d823deb850206bba6792122f70a7bf75c5aa5fc89a33a18a Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_mipseln/an/an/a
http://45.139.104.177/main_sparcn/an/an/a
http://45.139.104.177/main_x86_64876103ba544ca2f32d9b71bc4b482f335985d77113d4f6a68c8dde85588b0f13 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_x867961302bd9721c91ed65f8fb6eb77a2cf953daa9654c9516f03bfb379558541f Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_ppcd09fd890e4b076ee1af801729fb2b2f4bfdc86560efe90d270f53c34ea8098a9 Miraicensys elf fbi.gov mirai moobot
http://45.139.104.177/main_m68kb67e5afa3e1cab4ce8d1287947c5a2c9c7676d8a89bb2b8afe019a516ce1d24b Miraicensys elf fbi.gov mirai moobot

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67951a1f752ec6ca6800f7e0linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/6795194844c1dd69969d9f47/reports/ce3a021b-b1a6-4adb-9d36-6218a708ed34/overview
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-25 17:03:05 UTC
File Type:
Text (Makefile)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ddg3rplpahkbzvmgbvzslqxsxvfc67tyvwxheg4u4ut7ljzznlca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250125-vknwmstnfn/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 18cdb8bd6f01d41cd5860d7325c2f2bd4a2f7e78adae721b94e527f5a7396ac4

(this sample)

Mirai

elf 2a92fe52020b3df191fdb3b17e06b4dcb06c12b217ef3549a7f91e3fb9bea804

  
Dropping
MD5 5c2c120cfd2f7c67bb8b1d0587c016a9
  
Dropping
SHA256 2a92fe52020b3df191fdb3b17e06b4dcb06c12b217ef3549a7f91e3fb9bea804
  
URLhaus
https://urlhaus.abuse.ch/url/3413811/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3413837/

Comments