MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47f779b975379252ce0dca6a3b68d5c9819d7d3c3a41fed231cb775afd32890b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 10

Intelligence 10 IOCs YARA 2 File information Comments

SHA256 hash:	47f779b975379252ce0dca6a3b68d5c9819d7d3c3a41fed231cb775afd32890b
SHA3-384 hash:	036aff2629096bbad534f80065f1918d7fe760f46fb6a3fa13ef7b157f372386ab005780a030cadfe49eae34a01100ae
SHA1 hash:	03cf6b214f2dd6d35557572d87d8dcae5ca89bca
MD5 hash:	bec66c58773e1bfe87736ba9d96107b7
humanhash:	west-connecticut-artist-nevada
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'809 bytes
First seen:	2025-02-26 17:17:41 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:v53T5Q056Y6S5/75Sm59tj5Q05iViF5B9BfF55B5Ou5ahO5B2:vBXxBTZjjjxl3wOS
TLSH	T1AA5114D1020E51713EB94AE3B3668D8D62C5C5EAC7CC8F8356D938B9149DF0DF04664B
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.143.1.118/bins/Murcuri.x86	08f8e782c0fd940635f303262cc9f5b73cf58c0c95cb2410114c0332753e3461	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.mips	0d9a3a73467d8a7521936a0e27da435f6499aecec37d35b8e4a4ad62239eac8f	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.mpsl	921ee3bcc588366a2fedea74947d73542b1c897ca62f8677c2b86650b89a0981	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.arm	84f61d9cd2b46aa2805487052050c1eb664cc1390dfd328a62bca8405123f55c	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.arm5	1ec467d7f5f85aab5f3bdc93151d7e37a495782e81fa77aa3e0725a94e4e2f8a	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.arm6	9f9e106628d1aef396b1def7fced7edd21c96f36cf5ee419cf8d150b2112625c	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.arm7	b282bfaa178ab17722ea416a08a9ab05e3ce105b970c2c655285b83f37f39a2e	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.ppc	a8ea1370b99152907954081fa0edf0ec36ab925e7e051b9dd0878891e239bcec	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.m68k	a6b3b4264c460dffa4b09c07d9f0a12957a39d983d3acfa0857fc299bb6fd37d	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.spc	904320bfebafb75c9e2bfbf30cee56cec7d04699cda67b0381669824642b1aa1	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.i686	n/a	n/a	n/a
http://193.143.1.118/bins/Murcuri.sh4	8b2de14c2adeb4ee8eac8242a7c809de1a58f899acb22b790887375576b47422	Mirai	elf mirai ua-wget
http://193.143.1.118/bins/Murcuri.arc	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67bf4d2c28ab76d43a5d7263linux22vpnfull_triage

Tags:

trojandownloader downloader agent

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

bash evasive lolbin mirai remote

Link:

https://www.filescan.io/uploads/67bf4cdf5c6793f0f8c9c2fa/reports/d14ae598-4a2b-4fcc-a681-3cb90b45cd99/overview

Result

Verdict:

MALICIOUS

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/47f779b975379252ce0dca6a3b68d5c9819d7d3c3a41fed231cb775afd32890b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/47f779b975379252ce0dca6a3b68d5c9819d7d3c3a41fed231cb775afd32890b/

Threat name:

Linux.Downloader.Morila

Status:

Malicious

First seen:

2025-02-26 17:18:15 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=i73xtolvg6jfftqnzjvdw2gvzgaz27j4hja75urrzn3vv7jsrefq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:unstable antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/250226-vvcalaxlv9/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

Writes file to system bin folder

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Modifies Watchdog functionality

Mirai

Mirai family

Malware Config

C2 Extraction:

angela.spklove.com

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/47f779b97537/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/47f779b975379252ce0dca6a3b68d5c9819d7d3c3a41fed231cb775afd32890b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.