MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67b12d420ff953bab23ff546efb743cea22b444a2212fb361023512c5b211853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67b12d420ff953bab23ff546efb743cea22b444a2212fb361023512c5b211853
SHA3-384 hash: f42c7178e5787e0ff9bd0b8d64351660b6beee07f35b3d99cd852cd9eecfd539566f36f79a34537f4c07dc826d1c8e87
SHA1 hash: 0a46ccd4c128416478d94e80bdee513bc6214bfe
MD5 hash: 8d1c73ed5af74326a7c2549c8150c22c
humanhash: oranges-venus-lion-magazine
File name:n3881.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:564 bytes
First seen:2025-02-26 19:48:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:RE8bflQGkEd8Jl7EkKyEXMKEqX3AWezgNIxEnXSHk2+EkX/5:RE8rlQGkEGJl7EkScKEqntezgNIxEniA
TLSH T108F062CC01B33706049CAC63F1F75AE53850928D562B4FCBFC8560388ACE925F975B99
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://46.19.143.10/nabmips71c4c735861f35ed4b7ed9c75b5c4f89bd4c71f2d70f287f5f9d0b113ad5a667 Miraimirai opendir
http://46.19.143.10/nabmpsla693118b9c7edf9051a7d0228c47b4f5d1a2ae06eb5ac3351f89da857c9f55a7 Miraimirai opendir
http://46.19.143.10/nabarm564d5fa08f78803c4f99e2df3e46a9bf65f4006b814e6bcaaac8f502d0f19847 Miraimirai opendir
http://46.19.143.10/nabarm5a698d787649fe2a7dfc49250d92232c9f4b96d15076809f33cf532ca1aa513fc Miraimirai opendir
http://46.19.143.10/nabarm64140f9ab23973bd0e0f658271372d0499e4f8b7598390fe1038da5f4526e7754 Miraimirai opendir
http://46.19.143.10/nabarm7fb531b9c8d62d2e4fefe7e86921942555154d85d70648af680cb71118885ecc3 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bf70baa0fd713c335d0d16linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67bf70663e7c969dcac5c0d8/reports/680011bc-6b43-41c8-aa05-00561df1e85e/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/67b12d420ff953bab23ff546efb743cea22b444a2212fb361023512c5b211853
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67b12d420ff953bab23ff546efb743cea22b444a2212fb361023512c5b211853/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-26 19:49:23 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6ys2qqp7fj3vmr76vdo7n2dz2rcwrckeijpwnqqenisywzbdbjq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250226-yjrgxsz1dz/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 67b12d420ff953bab23ff546efb743cea22b444a2212fb361023512c5b211853

(this sample)

Mirai

elf 594c6df7cab52e4c92376ab3134b143537d9dc122af5d99824aa6bd6c44af922

  
URLhaus
https://urlhaus.abuse.ch/url/3458399/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3458811/
  
URLhaus
https://urlhaus.abuse.ch/url/3458880/
  
URLhaus
https://urlhaus.abuse.ch/url/3458900/
  
URLhaus
https://urlhaus.abuse.ch/url/3458910/
  
URLhaus
https://urlhaus.abuse.ch/url/3458683/
  
Dropping
MD5 5a993cc5704b89850188af54377e9e03
  
Dropping
SHA256 594c6df7cab52e4c92376ab3134b143537d9dc122af5d99824aa6bd6c44af922

Comments