MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246
SHA3-384 hash: 91e828384cb8a3ea305bfb51678066117c5a390f692aa30272e89c6e0a2629879a45a8c84be4f9492ead2baaf01ee49d
SHA1 hash: 05e1aaed682669eccde55f471caa149bfbb06338
MD5 hash: 1e7a84117a2acd8efb7faab723ace49b
humanhash: mike-chicken-echo-summer
File name:huh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'040 bytes
First seen:2024-12-30 10:32:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:sCk0Ik5XIHCkykWHHCkTYkERHCk2kdcEkHCknkD+HCkwkIlHCk4YkHbmHCkcksQi:sMQ4UR9sxUBSTXytrLAF
TLSH T1E75192C427EC12342C96C41FB76CCAD971DA9083A5D32D2495AC78F9C16EE4E7882E93
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://92.118.56.203/bins/vcimanagement.armv4lefd2f23a5daa24d925987ae5645cac9963757bc0ccc1c383a9c652634e2aa559 Gafgytelf gafgyt mirai opendir
http://92.118.56.203/bins/vcimanagement.i68631c47fa7daca0812b6c1b4706c02ea41123a830b07b25bacc73b5c4e6b8583c7 Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.sh47ddd640ad18766525101fd7d7ac5a0d429eb18a3b400c95f82d3109a2d52a6a4 Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.armv5l959c319a9e229efab77eba8cd10fea63cbfbf6fde045785a6eeeb7a6007a4393 Gafgytelf gafgyt mirai opendir
http://92.118.56.203/bins/vcimanagement.m68k65d5de1588622161778067a4a00bcf03b5bbfb908b1c65eafd8efe8b19b15ab4 Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.sparcc6bc2ba1ba7a102dc5b390d287cac92aa59a01afc8857a8200392320df04971f Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.armv6lc217c90e664d88795b6f43be7abce452aec5c1294453aeb0b8403c0e3ed3f85e Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.mips153f6c799071e51090c0bf34137a14fe9b1df5a6e0ffc7d3d1d9923ba303de3c Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.x8644c45d6b511582fa946786726aef772d7f0596116d836a7dfa1d98531c467369 Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.armv7l62520cfd3234028d0b5d824b73c9db271843424e4cfa78e9931f06fd290f747e Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.mipseld61b9d0ad1315a14e02a1f43215eea25d42f796a38c3b6b791a71a3333a247b7 Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.i586b66cb602de230f940ec42ae228e3c8a6729223352c477f8d57b2c2a3ef865b7f Miraielf mirai opendir
http://92.118.56.203/bins/vcimanagement.powerpc4556cf6573a958677c01e8a0c32a3c1f276bf599c6663629a834f6e5c6c3a78e Miraielf mirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6772772075fb913a147941f6linux22vpnfull_triage
Tags:
malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/677276df4ad9baa7bedeaf2b/reports/e60859fb-798b-4905-b011-e51dbb1a6757/overview
Result
Verdict:
MALICIOUS
Score:
89%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246/
Threat name:
Script-Shell.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2024-12-30 10:34:07 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=djl5gvlq6477tp4r4onstlu7ndfixkedlqtxewqsdmoj33cgwjda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241230-ml4dqaxmgy/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1a57d35570f73ff9bf91e39b29ae9f68ca8ba8835c27725a121b1c9dec46b246

(this sample)

Mirai

elf 31c47fa7daca0812b6c1b4706c02ea41123a830b07b25bacc73b5c4e6b8583c7

  
URLhaus
https://urlhaus.abuse.ch/url/3382834/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ec1f746b8b2ff6df3f4541d37c0c99ad
  
Dropping
SHA256 31c47fa7daca0812b6c1b4706c02ea41123a830b07b25bacc73b5c4e6b8583c7

Comments