MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f
SHA3-384 hash: e5cd65c53e933a369aa09b3f5633bd0d198d202965ad63a1c9f074e9b6b761b4826a3c17fcc559d05e6a1886e035105a
SHA1 hash: 364a52cdd9ca013554629ff28ecf31f4d2f51873
MD5 hash: ed7329964f0d6ac3dd5d321737ba2e6f
humanhash: sierra-comet-louisiana-tennessee
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:898 bytes
First seen:2025-01-24 21:36:39 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:8MbiV+xMoxCWE+xMWNI9kxwA+xM7ySKxWH+xMXyF+xMaPC+xMgoeV+xM86+xM8xT:rWVKcWNIqLzKx2qdgjvk1xoTyuv4xv
TLSH T1C611CE9E121491C41119CDC332ADCD04B357ABD9B5BCDB35FC840833419A762B849F9B
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://46.203.233.54/bot.arm60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4 Miraielf mirai ua-wget
http://46.203.233.54/bot.arm5e4b00b9c3b2ea39757c962be76f2a077bebf69257bd8826b80884663864db508 Miraielf mirai ua-wget
http://46.203.233.54/bot.arm6f1fad1ffc73042775e2fc8f608c5f6a0ffb2495ff4619004ad66c1083aa9cfb4 Mirai32-bit elf mirai
http://46.203.233.54/bot.arm7c2f47dfdb6b1de9f3cc6cee840dcaa037055f5018219dc954b3ce10f46641675 Mirai32-bit elf mirai
http://46.203.233.54/bot.m68kcdd4d3538d5b1b24e362a4d38bbe4a6186f518e8684963c5300e6666652f6be7 Miraielf mirai ua-wget
http://46.203.233.54/bot.mips7d03951f444b46f7462d14d653ebd72819a8bd1597f132620cdc76f084a40143 Miraielf mirai ua-wget
http://46.203.233.54/bot.mpsl49026d339f95feb832ff21c1c6e443922fac17ffb3755cbc26da2f573df5a9ce Miraielf mirai ua-wget
http://46.203.233.54/bot.ppc562f897feaa5066ae61d29c0a528ee43aa48144f66a8305eb18b7b710acd90e8 Miraielf mirai ua-wget
http://46.203.233.54/bot.sh4d3ac5a012bba30aa68258d5aa1bc4b692d84f708d7a993553cc3c2d33ab12258 Miraielf mirai ua-wget
http://46.203.233.54/bot.spcn/an/an/a
http://46.203.233.54/bot.x865c60f217aefb31989c18abf629e09413213045a9b59131128647ae1aafbfb73b Miraielf mirai ua-wget
http://46.203.233.54/bot.x86_6416fef6652f7bfaa99b4c6f363d839c4ff782e4db905a8fdd06ddba3615670c89 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
176
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/679408042a1b30f5047933f5/reports/ccdc2aae-7e38-4f9e-ad83-bf9b587f829f/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-24 21:37:07 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mmkmuqvhbnr7ln2y4annejshrwy6meth6trgui33kdti6ai7zbhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250124-1gfzhszlgy/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6314ca42a70b63f5b758e01ad226478db1e61267f4e26a237b50e68f011fc84f

(this sample)

Mirai

elf 60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4

  
URLhaus
https://urlhaus.abuse.ch/url/3412747/
  
Delivery method
Distributed via web download
  
Dropping
MD5 93851423def03d8829eb0670d1d2e5e6
  
Dropping
SHA256 60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4

Comments