MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650
SHA3-384 hash:	3e32c24eb8b5bdc1a9d54b7f4435e1521fbf8cef6876da002ef481527b4018bdf42b88805e837410800b43ccfe68feea
SHA1 hash:	d51cef7a92c96adf72ea0e6d8d6e7c12e79ce0e8
MD5 hash:	7dd73b2a1bc9cbb87963f240bcff9276
humanhash:	helium-beer-fix-south
File name:	dvr.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'135 bytes
First seen:	2024-11-01 00:16:29 UTC
Last seen:	2024-11-09 01:55:40 UTC
File type:	sh
MIME type:	text/plain
ssdeep	48:WSwNSoQuJhiY0hogAD7j7ohw8SwNSoQuJhiY0hogAD7uwBomJxYloYA1Gd1f/NQK:W7GuroSgy7L87GuroSgy7PV9++99I
TLSH	T16381F4AD3A2213B34D92DE19F3A2CC261053E0F0451DEF1AF599B874B9B7D52B311A0A
Magika	txt
Reporter	abuse_ch
Tags:	Hailbot HailCock HailCockBotnet mirai sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67241ecb49e92a05dde22aa8linux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67241e052734cb737d90c080/reports/b6518ec4-3137-4885-8549-957f4c1023b2/overview

Result

Verdict:

UNKNOWN

Score:

13%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2024-11-01 00:17:06 UTC

File Type:

Text (Shell)

AV detection:

5 of 38 (13.16%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=japh52mkpjsata2e4hzewtdmvtf5zmf7wsehog6xmyptlkk36zia._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241101-awerwsvdpd/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 481e7ee98a7a64098344e1f24b4c6caccbdcb0bfb488771bd7661f35a95bf650

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3268662/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample