MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151
SHA3-384 hash: da014bf16435a2965499bcc912d26dc6280df2f4388eee265427f0a868980d3490d4dc39fe6d7548fb9a89eabb90087e
SHA1 hash: 7855678b55f9e94ce09d582b56b8c5faed718044
MD5 hash: 67d53c873fb2c5f1e526de4d27b5cc70
humanhash: winter-neptune-wisconsin-eleven
File name:yarn
Download: download sample
Signature Mirai
Create hunting rule
File size:2'594 bytes
First seen:2025-01-25 18:32:26 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vCzIUPCiPzzPC575wsPCn8ByPCIRDlPCX7XwCPCubXPCiPlPCFmoPC5ix+PCoxN/:vKf2dbip4DL2s1XH
TLSH T1C251829A771743301E66A4E3B9E9186CB3D6B5E6D4CCCED64BC8B4AD844DF0CA1805D2
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.66/bins/hold.x86b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6 Mirai32-bit elf mirai x86-32
http://193.143.1.66/bins/hold.mipsec4e12ae7910f54381dd7c325364147b17f96e0d1f5c7cfa8d818c1fc487c3e9 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.mpsl0496421dac7fc4aac7bd6d45ba1b929727804e101c3690dcedd73231aba3af07 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm1577bfddedee491e4f51793662f011edce5e40dd8ba17f2671c4df818aca5c76 Miraielf mirai opendir
http://193.143.1.66/bins/hold.arm51c9b4984eb0598462c2d486d0f34191c0ebe55b6f91e763ed3c0e01624585290 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm64630f8cb2a102cfc5202eef3f49f0073127f6afd07afb07110b5b44bde43a7dc Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm74d71abad98597a404007e8dc9cbec5d749e21230ff503b7574062b04378aaeb6 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.ppc99ceabbc5d279884f3663071e0622a6ae8910b342a9f70f94938a676e900678c Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.m68ka1c846734a90b87cc64ed64f51af377f5082ab719ccc35614a865e4b309025ba Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.spcc4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.i686c4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf opendir
http://193.143.1.66/bins/hold.sh4691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arc691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/67952e5e44c1dd69969da1cb/reports/738e05db-72a9-4f66-a2ba-fd530de5ba33/overview
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-01-25 18:33:03 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nmf4xehybki267plqai6m65bupkr3374habakhcceez3lmbicfiq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250125-w66t1sxlaj/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6b0bcb90f80a91af7deb8011e67ba1a3d51deffc3802051c422133b5b0281151

(this sample)

Mirai

elf 93f1b893774f3a584338e5ae863d3ccb6212521f686b1980a0906265be4124ae

  
URLhaus
https://urlhaus.abuse.ch/url/3405920/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3405940/
  
Dropping
MD5 cfd3b84577f3baef83cbba6bf06b17bc
  
Dropping
SHA256 93f1b893774f3a584338e5ae863d3ccb6212521f686b1980a0906265be4124ae

Comments