MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394
SHA3-384 hash: a470380e4bce6ef38d1251aff937609cf26e01f278723a3f5f7f5a00d4d01ed0013f0d7cda9e41bff41293a2ecc632fe
SHA1 hash: b4b7ccf14ce1adc46530514569d1bc0bd5cff7b2
MD5 hash: a96ca467e2386072abf9733428ea956d
humanhash: mockingbird-aspen-virginia-sweet
File name:l
Download: download sample
Signature Mirai
Create hunting rule
File size:912 bytes
First seen:2025-02-25 17:17:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ghYbx2zgo2XqqfjGr+iTONI7EuKKct+JKph:ayZoOTfjO+iTXEubzJKL
TLSH T1AB11EBCF94141B020959EECEF26284BDA113E59E91CFCFD4AF9D283D8C9C614B018708
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.123/mips69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe Miraielf mirai ua-wget
http://193.143.1.123/mpsle6d98df7336a2a420ae36cb76a6638a3278eda71a81c4909afc18d2f91ada3b8 Miraielf mirai ua-wget
http://193.143.1.123/x860a621699bcc4da7e8c64dcbdc092ecd135fbdcc15031f39cad595e2f9848c690 Miraielf mirai ua-wget
http://193.143.1.123/armb23b2497626e7817cb706bb46a37e7e7842a7f41196f5177ad75680ecbd8d441 Miraielf mirai ua-wget
http://193.143.1.123/arm5337ba0b5d40387f0e2dc8526e12771822621bd4dd5d16bfe3eaf7c4b842d1fc4 Miraielf mirai ua-wget
http://193.143.1.123/arm6a581f32dddb28b1b55fddf2d2195878e48a0d0000e9960743e2bc8cb1196967a Miraielf mirai ua-wget
http://193.143.1.123/arm7e95fa992e91a105c639ed19bc3c56516ba0f51be21cb3ec93e6fe19af434085e Miraielf mirai ua-wget
http://193.143.1.123/sh4994da7aae723ce6f30247b4004f28e23a5307ab7869b84d49c593c0a5447c2bf Miraielf gafgyt mirai ua-wget
http://193.143.1.123/ppcc7ef0f79aacfa98e4e9630c7f04be4a8847aab5ef41a38fb242e35b7876cc8d1 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bdfc10a0fd713c335cbe9flinux22vpnfull_triage
Tags:
phishing trojan agent overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67bdfb643afc3763bec63024/reports/b9fdabe8-7b35-4b78-be3c-d37c91c9a820/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-02-25 17:20:08 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nzg2w2nvlrs72s4nloctz4unk5rnkj5b4mte6s5mcepp6p7t2oka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250225-vwjfasynt2/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6e4dab69b55c65fd4b8d5b853cf28d5762d527a1e3264f4bac111eff3ff3d394

(this sample)

Mirai

elf 69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe

  
URLhaus
https://urlhaus.abuse.ch/url/3452159/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d2c3a7599927c96d66b88043b7966144
  
Dropping
SHA256 69955124ad9ed026da5d2595b5ede417fc62713e26146f29e9e0e34573bfcbbe

Comments