MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc
SHA3-384 hash: eb7a155d6cd6fe69dbee5e8e9b2f2a2cbec12f5f283348a8b24f0ff160ede18ad26afd32a51ace1446d8e8eb33bbe2ae
SHA1 hash: e73d1fb1c7c733e07475f38da1d311d1bfa6fd51
MD5 hash: c39b7ebc0291e96ab5e82679c317bab8
humanhash: utah-alanine-salami-purple
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:280 bytes
First seen:2025-05-07 14:08:01 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:htIIXFEsv84MvywFJXFEs9F/F884MvywFJXFEs/FW84Mvyv:bIkSsvDMvywFSs9X8DMvywFSsNWDMvyv
TLSH T199D012EA111000E9400C786CE2EFC91490D4C54916C3AF847DCD0D358BCE981BC63BC8
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.240/lol.arma5f373d08117f2649b6e5eb1cdd2594fdddc2a2000c19a98718de3b924f0fce1 Miraielf mirai
http://103.188.82.240/lol.arm5n/an/aelf
http://103.188.82.240/lol.arm7f166e9e934173288ebc53565bccda8e8677c5ec32db06e4f8dd8dc1c691826fc Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681b69b391991ead82b5d84elinux22vpnfull_triage
Tags:
downloader hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/681b695bc7418694c8a6d2ef/reports/73679d4a-8ce4-49e8-83a6-cf97300c8729/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-05-07 14:01:32 UTC
File Type:
Text (Shell)
AV detection:
10 of 37 (27.03%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kl5am33lrivog5uimb5qvet6agl3i7b6hqf2wqs77feqbrbgmxoa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250507-rfqmwsbp9w/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
File and Directory Permissions Modification
Executes dropped EXE
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 52fa066f6b8a2ae37688607b0a927e0197b47c3e3c0bab425ff94900c42665dc

(this sample)

Mirai

elf a7b9e084a84254b429cebc597e724bf3823aa2859a485ef46a5b4e52c6c0ba17

  
URLhaus
https://urlhaus.abuse.ch/url/3537807/
  
Delivery method
Distributed via web download
  
Dropping
MD5 93b53b624e589267e922f7ed3d127d56
  
Dropping
SHA256 a7b9e084a84254b429cebc597e724bf3823aa2859a485ef46a5b4e52c6c0ba17

Comments