MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a
SHA3-384 hash: 80e53cc904c106b741b1675842855a54da9cc7beadca6fcba26e792b962cb7b8cc6175013aa03696c7cc9a8b2ca3a666
SHA1 hash: e031daa5ac284dcd2fd0f34f6918b6957efdd3c3
MD5 hash: 1e8348b42b38787c7c1660f00ece290d
humanhash: papa-maryland-carolina-music
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:809 bytes
First seen:2024-12-19 22:06:00 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:HqXo9ArN2tAPVXXo9+MH8GXo9haIWWXo9MLBgu/AqXo9CELOKNwXo9EJ0FXo9QF5:qr6AWsVWuLBgV96JiSVsWx4
TLSH T1D2018E87073456008AD9C59BF2A62748C358894A36FF27DEEE9409790389CC9F08DBC7
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://cp.eye-network.ru/wkb8655d914046133e8e6d2c292c2b9e6b17af60a41357c951c0804adee196194bab5 Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/kqibeps0544792326ff724698af3c29759a44009df1c7c7c95aa89f31551444ca2ec2ca Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/bojwsln/an/an/a
http://cp.eye-network.ru/njvwa4dd93d63cb75176cc24f90959c9fb0401faadd4e0059e2079404ffa9031190391 Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/ngwa593616b561baa0dbf7946ef615431ed2dbacafb7e14b84df4f47088bf976cfee8 Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/woega62264c9e8d12d365896ff82901215d02c30fceef9f967b2888e2ea6fd3151853b Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/fnkea7d8f8048861b5ea3320c47f44dbbc95037148ed46cba648ce6fdb3fd6f0dd0c4d Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/gnjqwpc8a6abd1dca4ad174c9449a99ee954dbdcce8a4a49c54d05ab9fa597709cf1f80 Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/wlw68k64e7de6c25c51e8cd387e07117d44cb6471fb5d438e50fad34521c1cdcffa218 Miraibotnetdomain elf mirai ua-wget
http://cp.eye-network.ru/wrjkngh4251cd8966aec6f6576dee6948760642c2dfe4f23f570d022ff6846af35ff09ce Miraibotnetdomain elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.4818.25711.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676498cd75bf3268d2fd1bb3linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash evasive lolbin remote
Link:
https://www.filescan.io/uploads/676498cf8c28697d3122699e/reports/d6535f15-49d2-424e-9009-8f961e302ef5/overview
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a/
Threat name:
Win32.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-19 22:07:03 UTC
File Type:
Text (Shell)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kihoj573uy2yz7xuviqwz7qcst6ywtbiww4mb7tn5a5tziqiesna._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:botnet botnet defense_evasion linux
Link:
https://tria.ge/reports/241219-1z2zps1mat/
Behaviour
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
boats.dogmuncher.xyz
89.190.156.145
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 520ee4f7fba6358cfef4aa216cfe0294fd8b4c28b5b8c0fe6de83b3ca208249a

(this sample)

Mirai

elf 55d914046133e8e6d2c292c2b9e6b17af60a41357c951c0804adee196194bab5

  
URLhaus
https://urlhaus.abuse.ch/url/3316283/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1072a5ef3886aab49430017bc729ac42
  
Dropping
SHA256 55d914046133e8e6d2c292c2b9e6b17af60a41357c951c0804adee196194bab5

Comments