MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832
SHA3-384 hash: b231a48ecf137038d4d1c6be2cea539dfe161e33040f4c0d436cafa5fddc14a9b8cc762ca7de00a265daf9fb95865a8e
SHA1 hash: adcd2c73c28e068a22f5f5fd7dcbfcdbf53f7bf0
MD5 hash: 7b9ded4ec908664dfce7825c60bd35f3
humanhash: lion-yankee-green-august
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'456 bytes
First seen:2024-12-26 09:11:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:A7vc2A+j3cWAPwjpMxceb9AAFyNI9cAlAKXcYN/yc+KuAyIwpUacW3vARwecEcq6:A3cKUQNIgxKcIwSG36XS7T6ThQGTK
TLSH T1933122C60366DC2A02FFCF8A3522484CF054C9E768AFD7DC984D8D7AB661614F4B6D58
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.213.190.246/bins/byte.x863c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615 Mirai32-bit elf mirai x86-32
http://154.213.190.246/bins/byte.arm36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm59a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm67f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm75da633f7a8255cbb98c8a7e20275283dfbd32e8caf222d8427ced92340a4fc0c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.m68kddfa8420830bc6c810baea92c293ffd3887f72efa0783df911034a11f382f431 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mipsb3bfa58c4e2b12d2dfa7571a84ca63bd2103e2f022e0f7caa8f02607e9f96d51 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mpslafa7eab80fa5332cb8e1c47751769c5903221c91f96de122a5ac9121d598f197 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.ppc8839604630cffc6f3ee31aaa8c20f65452036349b047978adcf9149a67f50511 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.sh4f748206ffbad9746b208a6f0c0135d9f1f670664f4eab81c9ca311f000401e67 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.spce76f1b70be2277a65f7fe5c758178f224c06cf1c09ec520a1f70df07b3f6b408 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676d1df475bf3268d2fe92calinux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/676d1defb227d2dfb410586d/reports/7eee39c2-7878-4de7-b0d4-496d1fd27205/overview
Result
Verdict:
MALICIOUS
Score:
7%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-12-26 09:12:12 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbmkmx2pup7ksuooakqbnrr6f7s6v2gfuzc2upj7ipa4xhe5jaza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241226-k56xva1qbt/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6058a65f4fa3fea951ce02a016c63e2fe5eae8c5a645aa3d3f43c1cb9c9d4832

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  
URLhaus
https://urlhaus.abuse.ch/url/3377060/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3377093/
  
Dropping
MD5 bb9275394716c60d1941432c7085ca13
  
Dropping
SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments