MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22
SHA3-384 hash: 39bafade7db8e358749ef6ad38c7d053be226e1bbbffa309128c84a8f638d3c44075acc926997515121820957c162ddc
SHA1 hash: 7deedcdf2d791cc0652157914af0069771635c3d
MD5 hash: 2763b1deae2bb02a961af64cb5ef97c6
humanhash: texas-four-cold-black
File name:lkjlkjljljljlaasdlasd.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'346 bytes
First seen:2024-12-25 15:11:02 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:MBfJj7pArrNIOtRK9II88rG3sl+ndPdotmlBNv:qxjFMBRrI1rG3qCdVCi9
TLSH T14821E5C52319DE8563EF8FAB2661C948F110C6B76C6FDBAC8C4D8C6D6691304B06BE58
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.213.190.246/bins/byte.x863c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615 Mirai32-bit elf mirai x86-32
http://154.213.190.246/bins/byte.arm36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm59a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm67f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm75da633f7a8255cbb98c8a7e20275283dfbd32e8caf222d8427ced92340a4fc0c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.m68kddfa8420830bc6c810baea92c293ffd3887f72efa0783df911034a11f382f431 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mipsb3bfa58c4e2b12d2dfa7571a84ca63bd2103e2f022e0f7caa8f02607e9f96d51 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mpslafa7eab80fa5332cb8e1c47751769c5903221c91f96de122a5ac9121d598f197 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.ppc8839604630cffc6f3ee31aaa8c20f65452036349b047978adcf9149a67f50511 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.sh4f748206ffbad9746b208a6f0c0135d9f1f670664f4eab81c9ca311f000401e67 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.spce76f1b70be2277a65f7fe5c758178f224c06cf1c09ec520a1f70df07b3f6b408 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676c208775bf3268d2fe6d47linux22vpnfull_triage
Tags:
mirai agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive lolbin remote
Link:
https://www.filescan.io/uploads/676c208aa561e5a2873a52a6/reports/d67567bd-5ad9-42c3-bc6a-47146cbe7cb9/overview
Result
Verdict:
UNKNOWN
Score:
6%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2024-12-25 15:12:04 UTC
File Type:
Text (Shell)
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxy35hyvqbqjknusbddhrps5xucko3cdxsjlwmgg3ucoqj6zhura._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241225-skmmgawpbp/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6df1be9f15806095369208c678be5dbd04a76c43bc92bb30c6dd04e827d93d22

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  
URLhaus
https://urlhaus.abuse.ch/url/3375876/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3377096/
  
Dropping
MD5 bb9275394716c60d1941432c7085ca13
  
Dropping
SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments