MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29
SHA3-384 hash:	d832d8edffe6db170c9f37d50d5df7c2a25a00a74f9697992cc9f5175496325de8c0dee8e24d508ef3b5800e030c4bca
SHA1 hash:	04dc46ea91da0668addc235a532c7cfaffa8ef4d
MD5 hash:	3ec2ca3dd74139377a686106992e38e6
humanhash:	lion-idaho-oxygen-music
File name:	w.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	199 bytes
First seen:	2025-03-29 13:56:31 UTC
Last seen:	2025-03-29 21:21:35 UTC
File type:	sh
MIME type:	text/plain
ssdeep	3:CU0TLTeURbXaXRBOSEM6BxKXmqj2U0TLTeURbXaXRHcIOSEM9M3Bc32EwwA:YfYEBxMbYfscBcMwA
TLSH	T174D012FE12D05313887BCEC7306444014094C1CBE64F0B3CAC9C48BD97C8E2CB000B08
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.142.252/bins/morte.x86	f325107c2f28835ae71d9582579fe8ebac836c45cdac8b74c0fbfaa18b8009d6	Mirai	elf mirai
http://176.65.142.252/bins/morte.x64	8d7d23f84bea58d2217449e21321e6a29adea456b4879c206a213a51bfae5d3b	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

2

# of downloads :

66

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e7fd35cfd0a37f830981f0linux22vpnfull_triage

Tags:

downloader backdoor hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67e7fc38f274bf2d8e287a92/reports/43503209-b244-4c04-aa05-8cfbff59bab4/overview

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=irubapsjbxb76zynjku23evao5ps7uajnjxpp4cmmcgdqkfbvyuq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250329-q9am4avtgy/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4468103e490dc3ff670d4aa9ad92a0775f2fd0096a6ef7f04c608c3828a1ae29

(this sample)

elf f59e9b92b70f081a5c48f57d820e96465d7138e8e294a3b20215c6a8be3e631f

URLhaus

https://urlhaus.abuse.ch/url/3491015/

Delivery method

Distributed via web download

Dropping

MD5 fa74577056f02742c3cdcd80221ecbc5

Dropping

SHA256 f59e9b92b70f081a5c48f57d820e96465d7138e8e294a3b20215c6a8be3e631f

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample