MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064
SHA3-384 hash: 8651c78d64e8432c82dc5a53de1648a1a2ffb153f9a0d4226c2c48aa8efa443d20e5496687718af76a437406e27584f1
SHA1 hash: b5778a3ccabf0a1096931b5df7fee5787a80d287
MD5 hash: 0552282ec92c8d2602afa1096e0c313d
humanhash: nebraska-bakerloo-east-moon
File name:buf
Download: download sample
Signature Mirai
Create hunting rule
File size:214 bytes
First seen:2025-02-11 18:26:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LWwhRFXWgrzWVGPNBzSa+TSJa6ZXwK8oezgWwhRFXWgrzWVGYNBzSa5T696wTO8Q:LWmWgrzSA2mw2ezgWmWgrzSxjvwTyn
TLSH T12AD0A7AD04397DC2C0083F673456767AF702839950D78F809FCE2064B84F500E214E40
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.32/splmips46894ab0365d99a0bb377497478ebabe75c295d6119ab5dce7c7c1ea90086efa Miraielf gafgyt mirai ua-wget
http://193.143.1.32/splmpslf135cf3046be829d6f1b7ef020c5dd9eca385aed561d782f8b4d03220a2a833d Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ab96c73f78927cc2ccdd63linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67ab96caa116e377e79bd276/reports/a91cb636-812a-4dc9-ad51-8b71824b5a4d/overview
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-11 18:28:29 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwqt6ealdmtrhvfxutvkxpm4w2qfm6j2qm64d4qvxh5pr7leybsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250211-w4g3wawlcr/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3da13f100b1b2713d4b7a4eaabbd9cb6a056793a833dc1f215b9faf8fd64c064

(this sample)

Mirai

elf 0069a2a4334223b75fe2d415e8075db49f885134d0fd0c92f01e63f6340b55cf

  
URLhaus
https://urlhaus.abuse.ch/url/3436386/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3436390/
  
URLhaus
https://urlhaus.abuse.ch/url/3436405/
  
URLhaus
https://urlhaus.abuse.ch/url/3436418/
  
Dropping
MD5 607bfd5425eb7248a95a63f4e9ac866e
  
Dropping
SHA256 0069a2a4334223b75fe2d415e8075db49f885134d0fd0c92f01e63f6340b55cf

Comments