MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc
SHA3-384 hash: 9a9b574e3a620b79cd8c3407129f346e372a7a5692bf980e530be524c70b43f86aa80fecdb0f3abbb36f17db4ebbcc33
SHA1 hash: fcaf39233c31515fdc4cc52f4295c67be230263f
MD5 hash: df4bd58894420442e1c3e27003eb20a3
humanhash: johnny-mike-mexico-kentucky
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'027 bytes
First seen:2024-12-30 13:37:59 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3aBjQk3XwQyNIBSkAQ/oKSuQAxH0KAQeuQlaqQAl9EQs9oEQwF3lqjQWTxyMAB:3J3aBDyNIIFKSETuuqaOl9w9pqj/aYIR
TLSH T16B118BEDC2D8549E3EE8CC0C707E5A09FA78D9C4F0718715ED26A43685AA2787C21F2D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://205.185.113.47/bins/main_arm0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a Miraielf mirai ua-wget
http://205.185.113.47/bins/main_arm55d94992dac0b6d592f86b0d59af84c52168f05d7aa1713a0c4fd62820be71630 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_arm65b1cf87888710837c0007fd20877644abec191d7fed82763a15b959d591444d4 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_arm7cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_sh4fd893a3ee002cd623137b4f65fda5624232eb22e53f5fec40601bc26e7eed29a Miraielf mirai ua-wget
http://205.185.113.47/bins/main_arcn/an/an/a
http://205.185.113.47/bins/main_mips261cbea15e9c316a7a13d6ee7c496feb4364d264355821dc03664c17f398bcd1 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_mpsl2322a5098627d113e939e6ac7ddb5c80ed5e253a650c6b6e1737baa4617db415 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_sparcn/an/an/a
http://205.185.113.47/bins/main_x86_646c22bec08f6ce62b43664b22028e033d496990b06a053c4aee5168b3af787c55 Miraielf mirai ua-wget
http://205.185.113.47/bins/main_i686n/an/an/a
http://205.185.113.47/bins/main_i586n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6772a23b1bb06b8884798bf1linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug bash lolbin remote
Link:
https://www.filescan.io/uploads/6772a23c0dd45a148a413d4f/reports/5b8c3627-9617-40f0-9f42-0e13d2254b72/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-12-30 13:38:03 UTC
File Type:
Text (Makefile)
AV detection:
11 of 23 (47.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dodjco3mxe2l35sr4wj47n33lbkxf7nj2ws5gwe6ju6vhxnbbw6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241230-qxc8fswmcr/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1b86913b6cb934bdf651e593cfb77b585572fda9d5a5d3589e4d3d53dda10dbc

(this sample)

Mirai

elf 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

  
URLhaus
https://urlhaus.abuse.ch/url/3383179/
  
Delivery method
Distributed via web download
  
Dropping
MD5 994af88b29ff2e3d59e6f45a01cd710b
  
Dropping
SHA256 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

Comments