MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c
SHA3-384 hash: 56eaec2b83d3610d1ff94cb90019c80cb66b424faa3402c606c828b662177f2900a3c43e9565fa1920a47d66b58243d5
SHA1 hash: 26710076ac42d023fc9e3d61056c09ca8467d512
MD5 hash: 4b5e59deb0d6b9562648c3559b172d7c
humanhash: london-whiskey-maryland-river
File name:zbot.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:875 bytes
First seen:2025-04-10 15:08:22 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:lb8brb5HbZmPbdbArdbHrdbcb/cphdbAbH:loHhYB0pbpwrcpDEL
TLSH T1331115D538B5A011DEC9C63B72A1D0E67576CAF33490CB0CE5BF0C709880E0AB58BA89
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://156.253.227.252/zbotmipsel1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotmips1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotsh41cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotx861cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotarmv61cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zboti6861cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotpowerpc1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zboti5861cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotm86k1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf
http://156.253.227.252/zbotsparc1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9 Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f7e2fd1dba888a93cf4774linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f7df1f6258a97207fc4737/reports/c72e14fc-0404-417d-b879-ceadee25bae5/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-04-10 15:09:21 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k4gtuhconkplv34qasjxgzrbf7lu6nrs2xpbqcxajpvc7ivfzqoa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250410-sjk29avwdt/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 570d3a1c4e6a9ebaef9004937366212fd74f3632d5de180ae04bea2fa2a5cc1c

(this sample)

Mirai

elf 1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9

  
URLhaus
https://urlhaus.abuse.ch/url/3506745/
  
Delivery method
Distributed via web download
  
Dropping
MD5 21f9b197f10dd31f9ed8080be78dd9a6
  
Dropping
SHA256 1cc3f8c0d6cfd9205fa90f0026d8a8f7e272bf86a431cb55d8471cf431d570a9

Comments