MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c
SHA3-384 hash:	bb34eef88cd15a5f030f21e0cfafa0d4d30c987af7e425bddb82c6e89f7c73a36da21b3996706b730b6a39bb87b82a80
SHA1 hash:	6cfb53f7269a3427cea70599d729ce6dad39a950
MD5 hash:	2c30926c2165f95e37ec4cc2cce16984
humanhash:	aspen-gee-white-happy
File name:	ztest
Download:	download sample
Signature	Mirai Create hunting rule
File size:	680 bytes
First seen:	2025-02-10 16:41:23 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:ua8VOnzOKyj7Zgqy+CFq27TOqKyzuzqUlHD8r6MiISGGoy9n:uzA7G78+CX74GuTljmiLG3y9n
TLSH	T1810121FF832366814EBA8E2E739389445455E3D9B46EE399FD460B3996C09417014F8B
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.202.35.91/x86	3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615	Mirai	elf mirai
http://45.202.35.91/mips	fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d	Mirai	elf mirai
http://45.202.35.91/mpsl	b1e8713db49c15b272baa11e5569ecb4f22fd6064f5aa59ed236d0af58f159a1	Mirai	elf mirai
http://45.202.35.91/arm	36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165	Mirai	elf mirai
http://45.202.35.91/arm5	9a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560	Mirai	elf mirai
http://45.202.35.91/arm6	7f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c	Mirai	elf mirai
http://45.202.35.91/arm7	1b0846e58fbb6a0e72d25edb81ec94961c0c7048a4e6f26876660f5a26675c77	Mirai	elf mirai
http://45.202.35.91/ppc	4e114c1111ecdaf0a7622a347c025cd3f9584be170b129113d836a2a5a7c169f	Mirai	elf mirai
http://45.202.35.91/m68k	14dbc2a4fb0c401f55a23af4b5e1963d51b93e8c16d1c9bdb176714e1c0ffa63	Mirai	elf mirai
http://45.202.35.91/sh4	fdd3b64ea312687b106ed54542d165ea3115850f0336b9d2f068c8ecdad00348	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

94.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67aa4260f667f46cd182ddd6linux22vpnfull_triage

Tags:

mirai agent virus shell

Verdict:

Malicious

Labled as:

Downloader/Shell.Generic

Link:

https://www.hybrid-analysis.com/sample/6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-02-10 17:29:34 UTC

File Type:

Text (Shell)

AV detection:

9 of 24 (37.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nlegaziwrtuntmo3i6zndfugbsah7mfxrqjelv54awmopibgivoa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250210-wv2qxs1nes/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6ac86065168ce8d9b1db47b2d196860c807fb0b78c1245d7bc0598e7a026455c

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

URLhaus

https://urlhaus.abuse.ch/url/3434973/

Delivery method

Distributed via web download

Dropping

MD5 bb9275394716c60d1941432c7085ca13

Dropping

SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample