MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98
SHA3-384 hash: f76c3768864946a42431067d38f9179d88391bd37c107cb1ee2c518dd77a6507179b7f2cdfbcf12eb6aa7cfe87d56e5a
SHA1 hash: e3592e3081ad30f3ff442976d6a0c9bcd14fedf0
MD5 hash: 315b491bdc4d950cc8081311c7de36b7
humanhash: double-twenty-east-lemon
File name:l
Download: download sample
Signature Mirai
Create hunting rule
File size:921 bytes
First seen:2025-02-25 23:07:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ghYbx2egoTXqNfjJr+iwONI7NuK/ctjJKpi:ayGoLmfjp+iwXNu8sJKE
TLSH T1CC11C8EF94141F020869EECEF2A784BEE113E59E915F9FC4AEDC283D9C98614B018708
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.123/mips69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe Miraielf mirai ua-wget
http://193.143.1.123/mpsle6d98df7336a2a420ae36cb76a6638a3278eda71a81c4909afc18d2f91ada3b8 Miraielf mirai ua-wget
http://193.143.1.123/x860a621699bcc4da7e8c64dcbdc092ecd135fbdcc15031f39cad595e2f9848c690 Miraielf mirai ua-wget
http://193.143.1.123/armb23b2497626e7817cb706bb46a37e7e7842a7f41196f5177ad75680ecbd8d441 Miraielf mirai ua-wget
http://193.143.1.123/arm5337ba0b5d40387f0e2dc8526e12771822621bd4dd5d16bfe3eaf7c4b842d1fc4 Miraielf mirai ua-wget
http://193.143.1.123/arm6a581f32dddb28b1b55fddf2d2195878e48a0d0000e9960743e2bc8cb1196967a Miraielf mirai ua-wget
http://193.143.1.123/arm7e95fa992e91a105c639ed19bc3c56516ba0f51be21cb3ec93e6fe19af434085e Miraielf mirai ua-wget
http://193.143.1.123/sh4994da7aae723ce6f30247b4004f28e23a5307ab7869b84d49c593c0a5447c2bf Miraielf gafgyt mirai ua-wget
http://193.143.1.123/ppcc7ef0f79aacfa98e4e9630c7f04be4a8847aab5ef41a38fb242e35b7876cc8d1 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67be4e4fa0fd713c335cd233linux22vpnfull_triage
Tags:
phishing trojan agent overt
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-02-25 23:11:12 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jddehl2avasjxtybminyr25bszkbott4maon5255ilthiwuwj2ma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250225-26b8assrs3/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 48c643af40a8249bcf01621b88eba19654174e7c601cdeebbd42e6745a964e98

(this sample)

Mirai

elf 69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe

  
URLhaus
https://urlhaus.abuse.ch/url/3452159/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d2c3a7599927c96d66b88043b7966144
  
Dropping
SHA256 69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe
  
URLhaus
https://urlhaus.abuse.ch/url/3453266/
  
URLhaus
https://urlhaus.abuse.ch/url/3453306/
  
URLhaus
https://urlhaus.abuse.ch/url/3453366/
  
URLhaus
https://urlhaus.abuse.ch/url/3453417/
  
URLhaus
https://urlhaus.abuse.ch/url/3453445/
  
URLhaus
https://urlhaus.abuse.ch/url/3453590/
  
URLhaus
https://urlhaus.abuse.ch/url/3453604/
  
URLhaus
https://urlhaus.abuse.ch/url/3453766/
  
URLhaus
https://urlhaus.abuse.ch/url/3453831/
  
URLhaus
https://urlhaus.abuse.ch/url/3453865/
  
URLhaus
https://urlhaus.abuse.ch/url/3453942/
  
URLhaus
https://urlhaus.abuse.ch/url/3453945/
  
URLhaus
https://urlhaus.abuse.ch/url/3454028/
  
URLhaus
https://urlhaus.abuse.ch/url/3454081/
  
URLhaus
https://urlhaus.abuse.ch/url/3454102/
  
URLhaus
https://urlhaus.abuse.ch/url/3454122/
  
URLhaus
https://urlhaus.abuse.ch/url/3454141/
  
URLhaus
https://urlhaus.abuse.ch/url/3454257/
  
URLhaus
https://urlhaus.abuse.ch/url/3454264/
  
URLhaus
https://urlhaus.abuse.ch/url/3454321/
  
URLhaus
https://urlhaus.abuse.ch/url/3454355/
  
URLhaus
https://urlhaus.abuse.ch/url/3454383/
  
URLhaus
https://urlhaus.abuse.ch/url/3454440/
  
URLhaus
https://urlhaus.abuse.ch/url/3454517/
  
URLhaus
https://urlhaus.abuse.ch/url/3454555/
  
URLhaus
https://urlhaus.abuse.ch/url/3454592/
  
URLhaus
https://urlhaus.abuse.ch/url/3454708/
  
URLhaus
https://urlhaus.abuse.ch/url/3454709/
  
URLhaus
https://urlhaus.abuse.ch/url/3454714/
  
URLhaus
https://urlhaus.abuse.ch/url/3454792/
  
URLhaus
https://urlhaus.abuse.ch/url/3454854/
  
URLhaus
https://urlhaus.abuse.ch/url/3454858/
  
URLhaus
https://urlhaus.abuse.ch/url/3454869/
  
URLhaus
https://urlhaus.abuse.ch/url/3454872/
  
URLhaus
https://urlhaus.abuse.ch/url/3455000/
  
URLhaus
https://urlhaus.abuse.ch/url/3455003/
  
URLhaus
https://urlhaus.abuse.ch/url/3455018/
  
URLhaus
https://urlhaus.abuse.ch/url/3455039/
  
URLhaus
https://urlhaus.abuse.ch/url/3455074/
  
URLhaus
https://urlhaus.abuse.ch/url/3455082/
  
URLhaus
https://urlhaus.abuse.ch/url/3455147/
  
URLhaus
https://urlhaus.abuse.ch/url/3455167/
  
URLhaus
https://urlhaus.abuse.ch/url/3455205/
  
URLhaus
https://urlhaus.abuse.ch/url/3455258/
  
URLhaus
https://urlhaus.abuse.ch/url/3455260/
  
URLhaus
https://urlhaus.abuse.ch/url/3455296/
  
URLhaus
https://urlhaus.abuse.ch/url/3455302/
  
URLhaus
https://urlhaus.abuse.ch/url/3455364/
  
URLhaus
https://urlhaus.abuse.ch/url/3455365/
  
URLhaus
https://urlhaus.abuse.ch/url/3455434/
  
URLhaus
https://urlhaus.abuse.ch/url/3455486/
  
URLhaus
https://urlhaus.abuse.ch/url/3455598/
  
URLhaus
https://urlhaus.abuse.ch/url/3455633/
  
URLhaus
https://urlhaus.abuse.ch/url/3455631/
  
URLhaus
https://urlhaus.abuse.ch/url/3455651/
  
URLhaus
https://urlhaus.abuse.ch/url/3455652/
  
URLhaus
https://urlhaus.abuse.ch/url/3455650/
  
URLhaus
https://urlhaus.abuse.ch/url/3455683/
  
URLhaus
https://urlhaus.abuse.ch/url/3455688/
  
URLhaus
https://urlhaus.abuse.ch/url/3455725/
  
URLhaus
https://urlhaus.abuse.ch/url/3455779/
  
URLhaus
https://urlhaus.abuse.ch/url/3455821/
  
URLhaus
https://urlhaus.abuse.ch/url/3455876/
  
URLhaus
https://urlhaus.abuse.ch/url/3455950/
  
URLhaus
https://urlhaus.abuse.ch/url/3455954/
  
URLhaus
https://urlhaus.abuse.ch/url/3456021/
  
URLhaus
https://urlhaus.abuse.ch/url/3456085/
  
URLhaus
https://urlhaus.abuse.ch/url/3456156/
  
URLhaus
https://urlhaus.abuse.ch/url/3456160/

Comments