MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e
SHA3-384 hash: e35776272c231f10d9770f9a835073f112c5e3d6bdf74483af9cfdcafcf9897862cb4d5ae53952256d39a5192b2c6d66
SHA1 hash: 424965ec8027b8d7316891f054061243ce3b5590
MD5 hash: 452267be11109a40869a2dccc29e61f5
humanhash: charlie-neptune-eight-bulldog
File name:e
Download: download sample
Signature Mirai
Create hunting rule
File size:2'415 bytes
First seen:2025-01-23 02:10:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:4e5Cotk2lZ4k2lCnk2lb6k2lNZjuk2l+Dk2lnGk2ljik2lUpk2lCnk2lnGk2lVEW:lgieiiaKSgkK6ke
TLSH T18741E2CF354C8C9124C569DD37D34AA5A58DC1CC36E98F8FA87F06BA98CDA0DB014E4A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.157.247.12/ee/armv4l01dd2f26dddf04f4446547320b1d10cb2ee4e6eae1456f01f9450031ae790cf4 Miraielf gafgyt mirai
http://185.157.247.12/ee/armv5l19f2b12a00e9fba7b9ddf08b6381204625d2e1dd9981f15d763c46b0077b9cdb Miraielf gafgyt mirai
http://185.157.247.12/ee/armv6l0b81de512aa6eab2e5a45c3f8577cc5d3924232a3bcbdeb77eb27e7e4e21fd25 Miraielf gafgyt mirai
http://185.157.247.12/ee/armv7ldf9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf gafgyt mirai
http://185.157.247.12/ee/mipsdf9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/mipseldf9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/sh4df9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/sparcdf9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/riscv32df9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/powerpcdf9c88f321b95bbf16c81b29fc8a88421087c45ad0415d462bb547134ae91053 Miraielf
http://185.157.247.12/ee/armv4eb3ce0c728d6baf08350daae05de4cadca975c22b1b554db4cd8f47459a0cfc83b Miraielf gafgyt mirai
http://185.157.247.12/ee/arc3ce0c728d6baf08350daae05de4cadca975c22b1b554db4cd8f47459a0cfc83b Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6791a684b5602ee8cdafd0e2linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6791a5366bf8c8cec5f28870/reports/9ff20268-ca15-4fbd-8e17-d855bb3d8837/overview
Result
Verdict:
MALICIOUS
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e/
Threat name:
Script-Shell.Downloader.MiraiA
Create hunting rule
Status:
Malicious
First seen:
2025-01-23 02:16:37 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ga5b3d6d3o5b7s53hioktlpef3jew54xptrbxr4fqqnahnvdlbha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250123-cndwqsxkbw/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 303a1d8fc3dbba1fcbbb3a1ca9ade42ed24b77977ce21bc785841a03b6a3584e

(this sample)

Mirai

elf 01dd2f26dddf04f4446547320b1d10cb2ee4e6eae1456f01f9450031ae790cf4

  
URLhaus
https://urlhaus.abuse.ch/url/3389335/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6230baf6fd8aff6c2588057483cfac1b
  
Dropping
SHA256 01dd2f26dddf04f4446547320b1d10cb2ee4e6eae1456f01f9450031ae790cf4

Comments