MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff
SHA3-384 hash: 3055353783bf745c96603b00fd7fe90767a0bb9612672574dfa95c131bed04c62c35b45837f2a879f329f325221d9b57
SHA1 hash: a8030a2926c284f94f01822a8510195e77a7e140
MD5 hash: 833a72a93b1f935025d4b34056ed4c4e
humanhash: undress-timing-march-floor
File name:bins.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:533 bytes
First seen:2025-02-25 18:32:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:lOnFflE0FZgQnQX1/i/gQnQX1/ovyCxSgd9QTz9o7CgnHJ9Q4xCTusC9QBm7CeI8:v0F+7XQ47XHCz77D7p9oi
TLSH T1A3F0A484313DD0A4595758C1BA134491F288C47025962DE1ABFFD5D3C84E985BA1FDDD
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://107.189.31.150/GuruITDDoS3.shae9bc27d53679248d34adfc5e9e601c1f2fe23b7968fa6a29324a8dfbaa3a746 Miraimirai sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67be0d2d28ab76d43a5d16a1linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67be0ce83afc3763bec64ce2/reports/6daf71a7-fc81-4fe7-92e1-6fb02c579728/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-25 18:33:11 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mmpx27dtqevegklgpswsk4cvp3ptnay2jf6owlikoyfomhsgp37q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250225-w68cva1jx7/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 631f7d7c73812a4329667cad2570557edf36831a497ceb2d0a760ae61e467eff

(this sample)

Mirai

elf cc0d2187e8a958986bfe86d30ae30fc3c1fa418e5c8b6ed948adc85174e09c8c

Mirai

sh ae9bc27d53679248d34adfc5e9e601c1f2fe23b7968fa6a29324a8dfbaa3a746

  
URLhaus
https://urlhaus.abuse.ch/url/3452300/
  
Delivery method
Distributed via web download
  
Dropping
MD5 83d2f78700c4f15459b42308e8130c1d
  
Dropping
SHA256 ae9bc27d53679248d34adfc5e9e601c1f2fe23b7968fa6a29324a8dfbaa3a746

Comments