MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3
SHA3-384 hash: cfca05ebc637d76bf4010d809a6d9f7922bd64451ec7d8f7b7a2cb5998289e0c3db0a8278c82a1de561ece9f9b1babb0
SHA1 hash: 5ec341f3c3d809e7ed77e1f902f1a9aab5693f13
MD5 hash: 9d04ecb2127399856652eb1602ec0f3a
humanhash: stream-johnny-seven-black
File name:wert
Download: download sample
Signature Mirai
Create hunting rule
File size:799 bytes
First seen:2025-01-21 02:21:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:DSRrnmLwLcn8j6u2erXYwVrX3I0qrXJDrXR/i0wnTg0b+Qp:hmJOE3nIJFMswp
TLSH T15C018AC909117BF2042D5CB6F2B158349242D74CA1FF5FCAEF5B8A344E816507518A86
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.54/nabx86f98d4e91255704c682357e6f154b46d2d304a125dc37e05dacbbe9a54acf6fe5 Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabmips464b767532880910ad5a615225792238f340f8c020f31599b39bc1e3fc97209d Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabmpsl5a188fb57cf62e7accc4eca0e37b7ccdec300c6c966dec2531b4e5bd745f369d Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabarmffe4b4ff099a31da367a0360163f2bde0d1efbdd6743fc7bf17f327c75f9a723 Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabarm588894ed9b6f7cc1c27ad76365efb8bdcabdc2a3010a79a9d3a740ffa275123c1 Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabarm62b7e7f9f0f86bbf70b01a526c11e745350d20675e6766bb9e0dfc4b5350f7408 Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabarm7d08bbb8bdf7ad6597616cef31af12c1c73b0cb138b60bd084b8e89bbee0cfc3a Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabppc7f2cd5c62a93df35daca4ab57e03a4f0fa0508618a12276a7645c5d1c9afd24a Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabm68k590e09f8ce567df67f57bbb06b8feb9abe9d77d97216dc7e4aaa279bd2e21f4a Mirai501 censys elf mirai ua-wget
http://193.143.1.54/nabsh48e80bfda3e781b174d629a490fb13ed523ef95ac1008597a4fc8c9f91ba2eabf Gafgyt501 censys elf gafgyt ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678f4e4fb5602ee8cdae3efflinux22vpnfull_triage
Tags:
shellcode mirai virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/678f04d263891a0ce953362e/reports/f2bb2cd4-5a7d-4bac-8b32-691249f9e9d9/overview
Verdict:
Malicious
Labled as:
HTML/ExpKit.Gen2
Link:
https://www.hybrid-analysis.com/sample/333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-21 03:42:29 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gmytk4ynncchagjtdopsovj7ra3t47ew6bjbdevdrx5fz7t2xgrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250121-h53t3ssndr/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 333135730d68847019331b9f27553f88373e7c96f0521192a38dfa5cfe7ab9a3

(this sample)

Mirai

elf f98d4e91255704c682357e6f154b46d2d304a125dc37e05dacbbe9a54acf6fe5

  
URLhaus
https://urlhaus.abuse.ch/url/3407703/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3407998/
  
URLhaus
https://urlhaus.abuse.ch/url/3407898/
  
URLhaus
https://urlhaus.abuse.ch/url/3408132/
  
URLhaus
https://urlhaus.abuse.ch/url/3407603/
  
URLhaus
https://urlhaus.abuse.ch/url/3408126/
  
URLhaus
https://urlhaus.abuse.ch/url/3407858/
  
URLhaus
https://urlhaus.abuse.ch/url/3407861/
  
Dropping
MD5 34e8d23d10066f1c96cabd921dc8dcac
  
Dropping
SHA256 f98d4e91255704c682357e6f154b46d2d304a125dc37e05dacbbe9a54acf6fe5

Comments