MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132
SHA3-384 hash: ab6e92c33e1026cc301dd4e5976236c55d2315a49963b9557065ba1923ba802c14e3a0deb80ffe789e485b50252d17d3
SHA1 hash: 22b57ee14547ff204d67240fc09a01cbf4c0b496
MD5 hash: 02b22f8cd217a68b65b8a6eb258efa1c
humanhash: white-delta-johnny-indigo
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:780 bytes
First seen:2025-03-01 21:42:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3KcjQK6qQKiNIl5zAQKP0LKjQKuOsQKiCQKc/QKVSEQKN+taKAQKN8jQKWiAQw:3J3rgdNI7zKUmz72tBiQHA
TLSH T1710121CD315DD7E21E0E9E0DB4AAD4BD664882C07270AE99F9154870DCD820534DCFB6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.244.78/arm27f706d14a8d323096add90d4fb3dae18b2d9f70206ad71e4c4aa07289b53643 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/arm5a58a65b9fed2964e6901c8deee1b2909a4edf230c1ae1abdd4ca63dfcc7ea8c4 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/arm6b34e0cc576f9b56c0f00d11ba7d7b0074bc04cefedb944305db880c089390493 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/arm7b15c8d8509bdb156f4742e769d34e0b6ede8a55c4d7ab782f8dc1d08523a30a0 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/m68k2c9e9630589c0186fed8c49755bd4038c7c3e9bf7f8ce0d22f54e4de23dd0b05 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/mipsd8874bf7853421605f4c21568ef8aa8fd9154fd0bc47c62d1c422291d1845115 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/mpsl7940f811f5d64ab61def19d6885e669d27a804a7c614604576a7ce41c89f5989 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/ppce2cab3f404da217d9a0d4f2a42a5e08de20b25b868847bb258d53a51bb86a04a Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/sh4772d0c777b305d54c710557ca73614103c03738568f3bb8c49efc3c1edfc7cf3 Miraicensys elf fbi.gov mirai moobot
http://160.191.244.78/spcn/an/an/a
http://160.191.244.78/x86n/an/an/a
http://160.191.244.78/x86_64n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c38003a08f47cf14a3c913linux22vpnfull_triage
Tags:
trojan agent hype
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-03-01 21:42:20 UTC
File Type:
Text (Makefile)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=flkpovycs4ddtpagqyo5fkaupxn4w7o4ng6c4ioyo5gjccenueza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250301-1kgefstsf1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2ad4f75702970639bc06861dd2a8147ddbcb7ddc69bc2e21d8774c91088da132

(this sample)

Mirai

elf 27f706d14a8d323096add90d4fb3dae18b2d9f70206ad71e4c4aa07289b53643

  
URLhaus
https://urlhaus.abuse.ch/url/3462080/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3462062/
  
Dropping
MD5 f649a4a5946c53d9012b144a984d3f08
  
Dropping
SHA256 27f706d14a8d323096add90d4fb3dae18b2d9f70206ad71e4c4aa07289b53643

Comments