MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a
SHA3-384 hash:	89a94a2b39828b1bdd4f31b2bfb982232cb20775686e410d81bdaed9f737dd069a0937d6236e4ce9a93d357598b7b4d7
SHA1 hash:	733d1486e41391a72c2d3068a30bec2153a491dd
MD5 hash:	feaad8edd09793c468feaf54a6dc5f1a
humanhash:	steak-india-six-neptune
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	934 bytes
First seen:	2025-02-27 19:02:34 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:r6Bj+oE3Xw+oSNIBSkA+ofoKSu+ovMF+ogl9E+oM9oE+o+F6Z+ogxH0KA+oWXj+2:+BGnNIIQKS1al9F9spTNus/xv
TLSH	T168118C8F0271681D49ECEC0D32EE2700AA7EC2C67075CF68DD55062B68976A0AC59F0F
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://154.62.226.41/main_arm	e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm5	734d18288048e79e81ef5d34f26de0063b6cafe42a5f6dbdd945bfe8fb8e5b96	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm6	b6514b170d91b411c13ba070e8e7cfd2e9ad98e4d77874b64821d3b7a8c74906	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm7	5b138834bf6b729b1281c962bfdb4c2dbef3b5478c2b200c18f39a77c1bf433c	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_m68k	82f996a815055be678e562fb3a72a09bc30f187f17c417a64520e749c497c9f1	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_mips	e3b530b95f981b23945378bf562089e2acb21ae08d82a5dc7b2bb5495d27e72a	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_mpsl	63484602a19f0428e4fdd88591b119f37519e2e11eee1d041017f065daf036d2	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_ppc	64c88b73c5c8cbfab69eac6ee84b700338240cc3485bd9a22c50144b0591626f	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_sh4	435ab8ef0256940b9f2e181d8bc97ee2077583a5e8ee5cc974e9fe138f740f6e	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_spc	0b4c1a8d856eb38d093b610be105c39c6bfc55701f0d68d485a20e1c434b8d8a	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_x86	39c9a49a85178c7cd1d23266464e804fb415980540207e432276a7439cf4c2a3	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_x86_64	729a9b975d43fab9c2e504624d1d9f9dde5ea27e20ed8ea5f19cfc5a8946b06a	Mirai	elf fbi.gov mirai moobot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67c0b7264e50050b2e6edbf6linux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

bash lolbin mirai remote

Link:

https://www.filescan.io/uploads/67c0b6fff8726576332b7f22/reports/8866f85b-564a-4074-b4c4-68d032cdf629/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a/

Threat name:

Win32.Trojan.Vigorf

Status:

Malicious

First seen:

2025-02-27 19:03:20 UTC

File Type:

Text (Shell)

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=iwf7r7mqmxeshuzgzewbphdht5o3a6k6y3nxi255jgxxjcobowfa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250227-xqew2awqt2/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 458bf8fd9065c923d326c92c179c679f5db0795ec6db746bbd49af7489c1758a

(this sample)

Mirai

elf e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022

URLhaus

https://urlhaus.abuse.ch/url/3460027/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3460063/

Dropping

MD5 3713947ffc337850baa678147cf66e26

Dropping

SHA256 e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample