MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357
SHA3-384 hash:	9978943b69ddcf9a1eee38a7eac0072ac954578e4280b52cc4cac629e0b4b21c1fa4213afbf9efb7b6afccaccadd883c
SHA1 hash:	94c65529b644a4e8fa59747d82196ee7f049262a
MD5 hash:	805a8e1e4d36789a6824774224ffead9
humanhash:	jupiter-triple-mountain-low
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'120 bytes
First seen:	2025-01-15 14:47:06 UTC
Last seen:	2025-01-15 19:11:24 UTC
File type:	sh
MIME type:	text/plain
ssdeep	24:op77HtNI7akgJfKEr+gPJtdFIoTf5xrH5YlgJtdmgMg8:op77HYa5JfFfPNFIoTfnrZ1Nmgx8
TLSH	T1B821E2CDA1A152818A09EE2C787BDF84A422D1C26664EE1E5CCC487EC8DBD22F125F4C
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://178.215.238.129/arm4	ef3f31f9e7e7d8b0b3eddb701a63f1075e772764f91781fb1e69ba9ef93489ed	Mirai	elf mirai
http://178.215.238.129/arm5	ed7382c3202bca5f149c0143154468f62cd4b98b43254981f52d7f25a32d563b	Mirai	elf mirai
http://178.215.238.129/arm6	07236e6f9901d8504e7c50885618a5b7cf104d674fe4b6d24dae5a58b73cc5f6	Mirai	elf mirai
http://178.215.238.129/arm7	0f56a6319846ed3662df067c0f6f36c40fc43bb2a86c6c453ba0fe14f745c13b	Mirai	elf mirai
http://178.215.238.129/x86	9bab1dfbc9ea17f57907d97e1b71153bd3aa545c879261ad9ff3045ac89eba40	Mirai	32-bit elf mirai
http://178.215.238.129/x86_64	04112cfea5c0f9bfcebbb0de9b42645b81de8bef4028bfd315d43b3daee49674	Mirai	elf mirai
http://178.215.238.129/sh4	3fad743eac115ff080cf2128b21c0e328fb9b0b3c8846bbf7499c8258b33eb53	Mirai	elf mirai
http://178.215.238.129/m68k	11669a09de13fec7b6f53de66a6eaebe5c9cc59f1ce190ad833cbf76db56ea5f	Mirai	elf mirai
http://178.215.238.129/arc	974bf4c34e8b94e326d2cbecda34b3452735175d0fadbeea68f56c466a84a02b	Mirai	elf mirai
http://178.215.238.129/mips	f9c5e574d35f48e82410328b903213e6e28c582261138859f7423d800eef730f	Mirai	32-bit elf mirai
http://178.215.238.129/mpsl	6d21dc5b432ec8a2868033ebed0a735a73aceb4cab1ddd52b286cb96d81e5f9e	Mirai	elf mirai
http://178.215.238.129/ppc	cfaa63c957265f0012c4dbed4691798157b854bac76decc01b18af0e7e4685b5	Mirai	elf mirai
http://178.215.238.129/spc	8fa620559fba7905746e020803d78664c712a90a759b1482b2b61ab840f3cf3d	Mirai	elf mirai
http://178.215.238.129/i586	n/a	n/a	n/a
http://178.215.238.129/i686	70f31f6043f2c7e25c5cb100aeae3318bc8e2db86efd9b2bddd81d1607aa5a70	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6787caa64487910100df4c2blinux22vpnfull_triage

Tags:

gafgyt mirai ddos

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/6787caa9da9e4ac5339161ae/reports/faacd57c-f30a-4190-80de-5ecc134da027/overview

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2025-01-15 14:48:08 UTC

File Type:

Text (Shell)

AV detection:

20 of 38 (52.63%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ns4e7yba3ag6ati4436ofdqu2jkfxiizetjs76yz2nmvupq5ynlq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250115-r6ey3swjas/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6cb84fe020d80de04d1ce6fce28e14d2545ba11924d32ffb19d3595a3e1dc357

(this sample)

Mirai

elf ef3f31f9e7e7d8b0b3eddb701a63f1075e772764f91781fb1e69ba9ef93489ed

URLhaus

https://urlhaus.abuse.ch/url/3401671/

Delivery method

Distributed via web download

Dropping

MD5 37c785a28205364051fd60f400cdeef5

Dropping

SHA256 ef3f31f9e7e7d8b0b3eddb701a63f1075e772764f91781fb1e69ba9ef93489ed

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample