MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a
SHA3-384 hash: 8624be39ad92dbfde485eeb8e3b3c4e1661cf9bc764808bdd01ef0fd2f9fefb57f5205ed049afaa8aa324a3c9e1c43c6
SHA1 hash: 9b01ebfd1a49ad5f573b52b95e5f2e995b16acf5
MD5 hash: 8137eb3a1210a6ac0a5004ebdf12a009
humanhash: seventeen-missouri-nevada-emma
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:512 bytes
First seen:2025-03-14 02:46:21 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:od8VLLF9PdFRLLF9PdrLLF9PdlI3LLF9Pdc7LLF9Pd8LLF9Y:oKVLXlLXxLX7qLXO7LXqLw
TLSH T1A1F01DEA3C4165098D12D9882537CA12B112C2DC66808B1AF9AB393AD0F4B587D29B88
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.120.253.44/re.bot.mipsac61fe040ab4b5679119b4bb6292fe940170c4511f1da3e780292bbac1a044f6 Miraiddos elf mirai
http://87.120.253.44/re.bot.mpslc08cddb3d6804838132d55afddce2bfdb6d0870977dad7eb99bdd3f73f75ba4e Miraiddos elf mirai
http://87.120.253.44/re.bot.armn/an/addos elf mirai
http://87.120.253.44/re.bot.arm5n/an/addos elf mirai
http://87.120.253.44/re.bot.arm707ef12e0741251ae867210ed7db52419181baefa7981075d41afcbd7567bd3d2 Miraiddos elf mirai
http://87.120.253.44/re.bot.aarch64n/an/addos elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
148
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d3ae6a3962f1a6f4711fcdlinux22vpnfull_triage
Tags:
downloader agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expand lolbin packed remote
Link:
https://www.filescan.io/uploads/67d398a80a7899f3579556f2/reports/a54aba1b-7de7-4fd9-b05a-dc120fed60d1/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-03-14 02:47:09 UTC
File Type:
Text (Shell)
AV detection:
11 of 38 (28.95%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ery5d4wasismgtfnz4fbateopc3t6cmxdvewlpnf6h3nyalkeefa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250314-c9w97szxes/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2471d1f2c09224c34cadcf0a104c8e78b73f09971d4965bda5f1f6dc016a210a

(this sample)

Mirai

elf 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

  
URLhaus
https://urlhaus.abuse.ch/url/3474303/
  
Delivery method
Distributed via web download
  
Dropping
MD5 60492f54823aa2e56fdf484f5cb3df42
  
Dropping
SHA256 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

Comments