MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13
SHA3-384 hash: a4015f802491b628ab0b03bcc811e69e9a1fc796047a8c2166da1d5b2a0a25fec88d5e11a4f0a1142c810260ad2edcf0
SHA1 hash: f523a037d1cb6f1333e082a4e702b565ddf6f8e7
MD5 hash: 3c80f90e2189bbcb7dfaa459d3a98882
humanhash: romeo-sierra-fix-violet
File name:real.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'844 bytes
First seen:2024-12-27 09:46:22 UTC
Last seen:2024-12-27 11:06:22 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:98zizboZjoW+oNC6o1S8oK2BzmKoWhrUojfloaAo2/soHNTx8zizbLjk+HC6DS8Z:98zizboZjoW+oNC6o1S8oPVoWhrUoTl6
TLSH T1E151824EA7927099CF56CF07BF6328CA8105A1EA948B5FD5B5D4CC2C6074AD8F2E050E
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://79.124.60.186/bins/telnet.x86e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8 Mirai32-bit elf mirai x86-32
http://79.124.60.186/bins/telnet.arm78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a Miraimirai
http://79.124.60.186/bins/telnet.arm59fb807fda0cd97a310abe874e17dd481aeb13455c307331f46c20da65fce6367 Miraimirai
http://79.124.60.186/bins/telnet.arm62957962f6f7db455ef6f6172b85ef157862b41ef8a2236796c2669055dee915e Miraimirai
http://79.124.60.186/bins/telnet.arm78ad5ccff643191b3111166d99224d702c0c06e4629edbb953b060aa133c0f0fa Miraimirai
http://79.124.60.186/bins/telnet.m68k8ad5ccff643191b3111166d99224d702c0c06e4629edbb953b060aa133c0f0fa Miraiopendir sh
http://79.124.60.186/bins/telnet.mips0282a7e9745d35ad0d4c59ba8e1d321db5b9cc2c0d4c3558ce5232a2809fb18c Miraimirai
http://79.124.60.186/bins/telnet.mpsl4f47e52d92aab4f7620ec086f055251c0df84dc2029118f565b1f73ff73e9f32 Miraimirai
http://79.124.60.186/bins/telnet.ppcd1fcea5085dd722e81a3bcbf228db140dff2fab14c38b61760f030ccd2a58d80 Miraimirai
http://79.124.60.186/bins/telnet.sh41f25187fbf13c3cd01c90eedd66a791cf5c8eb5b13ac0f49cff1a3b220d2627b Miraimirai
http://79.124.60.186/bins/telnet.spc1f25187fbf13c3cd01c90eedd66a791cf5c8eb5b13ac0f49cff1a3b220d2627b Miraiopendir sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.Shell.DeleteHistory-2.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676e77978a4d48ee35fffdfalinux22vpnfull_triage
Tags:
ransomware downloader mirai agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive lolbin remote
Link:
https://www.filescan.io/uploads/676e7799a561e5a2873ae854/reports/2c309999-b9d4-4755-a999-00dd6a0aafa9/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13/
Threat name:
Script-Shell.Trojan.Geninst
Create hunting rule
Status:
Malicious
First seen:
2024-12-27 09:47:04 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jd2zkj5hadz6owqbx2pqz6kpawhjukffjgdeqvqrmmapldgjhyjq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/241227-lr7gwstpbv/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (229203) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 48f59527a700f3e75a01be9f0cf94f058e9a28a549864856116300f58cc93e13

(this sample)

Mirai

elf e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8

  
URLhaus
https://urlhaus.abuse.ch/url/3378230/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9ced588aec0ba67ad8f01ce3ea50cbfa
  
Dropping
SHA256 e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8

Comments