MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4
SHA3-384 hash:	5d56e3b617c5a604c7597b6a00a9b218688853a157b8c41fdc5f1a7cbc268b6da1bcc1d82cc0003511ae6bff9b1e9201
SHA1 hash:	e4778754ccd0ed16ef936bed5e7f2248cd99613e
MD5 hash:	72ee85f7511b94339889b834b72d60f1
humanhash:	bulldog-football-bacon-purple
File name:	w.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	472 bytes
First seen:	2025-02-20 15:06:48 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	6:SuUQA9EVEWIj+UQAXUEVEWIpUQAEZEVEWIddUQMMUVSEVEtKDaUQMoIpEVEwxK+L:qhXtEkM+DNGbzn
TLSH	T140F0A9AB03E7B1F242B14FA166D648C1E016D3806CF6039BD8DF89E7C2805A6B158E97
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://66.63.187.69/arm6	n/a	n/a	elf mirai ua-wget
http://66.63.187.69/arm5	n/a	n/a	elf mirai ua-wget
http://66.63.187.69/arm7	n/a	n/a	elf mirai ua-wget
http://66.63.187.69/mips	n/a	n/a	32-bit elf mirai
http://66.63.187.69/mpsl	n/a	n/a	elf mirai ua-wget
http://66.63.187.69/x86	n/a	n/a	64-bit elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

82.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67b745ee28ab76d43a5c2c28linux22vpnfull_triage

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67b7484bda7153c5ca29ed34/reports/8b113f09-4388-4e42-9030-3d3364440206/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4/

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-02-19 21:45:22 UTC

File Type:

Text (Shell)

AV detection:

7 of 38 (18.42%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j6vjdteh7hzc7im5zmjo74tc2h52xzgswo5klwwg6bf2ckm7nk2a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250220-shcdqaxnbp/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4faa91cc87f9f22fa19dcb12eff262d1fbabe4d2b3baa5dac6f04ba1299f6ab4

(this sample)

Mirai

elf fb7ba77817ccd23e316b8d1ce6613fa4a5823ec3712d95f3b9055e145e558361

URLhaus

https://urlhaus.abuse.ch/url/3446235/

Delivery method

Distributed via web download

Dropping

MD5 012904e234b0ae6a378fd015ddbcad9f

Dropping

SHA256 fb7ba77817ccd23e316b8d1ce6613fa4a5823ec3712d95f3b9055e145e558361

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample