MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1
SHA3-384 hash: 64173af43a201b1b9633101402a2dd0f4c9fab8e0044b0a5a36b902b2c081a559258215328e305400081f094224b948a
SHA1 hash: 5bb19a71ca5e7285c4e95bef8a980d2dd9b0c6b4
MD5 hash: 2013afa9e3e755e7c5fce03196dac9da
humanhash: wisconsin-beer-green-happy
File name:rj1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:925 bytes
First seen:2025-02-07 22:06:17 UTC
Last seen:2025-02-08 09:15:45 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:UR7IHoNPNRk0NvCYN46pN2N9RVKNwNBAS/L:47IHoNPNRdNvCYN46pN2N9RANwNBzz
TLSH T1FB11C48BB2225BB02CBC447B73B820C4F0D0A25466E79905A6A93DB7118DD94F5A5E73
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.152.112.110/5679b4b41e9f0111bd983cbf5ce5cae53bed91ec32be768ef5792c09817e4d2d0 Miraielf mirai ua-wget
http://45.152.112.110/nan7dfaffe377adc81b5339a998b7b980299acdd14cf6353eb30839bcdee611a3ea Miraielf mirai ua-wget
http://45.152.112.110/che356f610117184b98247666e77d5d1dbcb415ce4150b650d85edaed42548235d0 Miraielf mirai ua-wget
http://45.152.112.110/4bee5188c68f9f61be370fc5fc437c5328967a4d3dd861c8f89aa40f73d819cd0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
154
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67a684c8dbfc8aaee8cd93d4linux22vpnfull_triage
Tags:
medusa mirai agent virus
Result
Verdict:
MALICIOUS
Score:
57%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1/
Threat name:
Win32.Trojan.Moobot
Create hunting rule
Status:
Malicious
First seen:
2025-02-07 22:07:15 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfov7d67gc7elzn6x5o3hb6okats6ejuc7mliabvgrtsuygqitqq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250207-11pqrszqbz/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads CPU attributes
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
frank.pastebin.blog
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 615d5f8fdf30be45e5bebf5db387ce50272f113417d8b4003534672a60d044e1

(this sample)

Mirai

elf 679b4b41e9f0111bd983cbf5ce5cae53bed91ec32be768ef5792c09817e4d2d0

  
URLhaus
https://urlhaus.abuse.ch/url/3431304/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5b5a489cf32871ee211beb85abf8d13f
  
Dropping
SHA256 679b4b41e9f0111bd983cbf5ce5cae53bed91ec32be768ef5792c09817e4d2d0

Comments