MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7
SHA3-384 hash: 7c6518488f1463feaff1d8337b755bb2b6ea5e14ced2b49b463bcdceab2785e486331ee66dd29e90032d2f3245208bf4
SHA1 hash: 2dc18cffb0f600dc6556c3019f9cf9440036f6b3
MD5 hash: c5029d3983cb69cb4ea3de77129d0d6b
humanhash: fish-vermont-tennessee-vermont
File name:a
Download: download sample
Signature Mirai
Create hunting rule
File size:912 bytes
First seen:2025-01-18 16:01:16 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:kigpiisi3vGiWyGDTTrvGhXG8fGL/n3GTepmefGIdG1hxn:m3+5f+wriTTeuNjx
TLSH T16811128DB36D144784496AC4F05BC444E756BFE6A0E5DB8577EB0B33C48EA0438E4AB6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.188.254.21/oops/loki.x86_641473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.mpsl1473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.mips1473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.arm41473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.arm51473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.arm61473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.arm71473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.m68k1473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.x861473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.spc1473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf
http://91.188.254.21/oops/loki.ppc1473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678bfa3d4487910100e0ab89linux22vpnfull_triage
Tags:
downloader agent hype
Verdict:
Malicious
Labled as:
Downloader/Shell.Generic
Link:
https://www.hybrid-analysis.com/sample/238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-18 16:41:02 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eohcxmkqznk36et4ufzzffmj33gofn2h76l5rnl2r7zszxzt3x3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250118-xlxahs1la1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 238e2bb150cb55bf127ca173929589decce2b747ff97d8b57a8ff32cdf33ddf7

(this sample)

Mirai

elf afc0627242198ccd0e9fc1ae99c8298d83269b5e4e98b30854168c7737f31cee

  
URLhaus
https://urlhaus.abuse.ch/url/3404647/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3404660/
  
URLhaus
https://urlhaus.abuse.ch/url/3404668/
  
URLhaus
https://urlhaus.abuse.ch/url/3404696/
  
URLhaus
https://urlhaus.abuse.ch/url/3404697/
  
URLhaus
https://urlhaus.abuse.ch/url/3404864/
  
Dropping
MD5 ad9bd12015b80f1bd118e04e5daa3f3f
  
Dropping
SHA256 afc0627242198ccd0e9fc1ae99c8298d83269b5e4e98b30854168c7737f31cee

Comments