MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7
SHA3-384 hash:	29b7dededb678914e85a7d96cb39ad45964be3cb6a540f55c918321c0decbfbabc1f4bd231b5a1e4479fc9d0ebd5c395
SHA1 hash:	24f3330801859ec3aa3117fd61256da1a296766f
MD5 hash:	8d1c7910b1a5099576ff43b0ea34c6be
humanhash:	alanine-iowa-four-dakota
File name:	weed
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'621 bytes
First seen:	2024-12-22 16:46:05 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	96:1xWWRaIL+McXoZXt566dmEz+ggDkdXPHS9rxXLBGUq/gJfu1tVIv2fTFv:+W/Xt5668Ez+jQdXPyHXLBGUq/gJfu1b
TLSH	T1199125D8B9725B720C95DF1BF3298967A043E18514A0CF9C6EAD31FCA8BEC94E11458F
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://195.133.10.39/mips	fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d	Mirai	ddos elf mirai
http://195.133.10.39/mpsl	2bdb887d626677df60ad486eadf067ee85e0c1c424c63060fb723125d4d06968	Mirai	ddos elf mirai
http://195.133.10.39/x86	3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615	Mirai	ddos elf mirai
http://195.133.10.39/arm4	c2f5e2a887802ae5f00a40032f50887529abeb9dc85ea47c0782a424bd9a3927	Mirai	ddos elf mirai
http://195.133.10.39/arm5	c766b7b8886480ece1fbda3f14ed803a54b14ac6be2e81d7864c74673b03116d	Mirai	ddos elf mirai
http://195.133.10.39/arm6	08b81e4c2eb113d6d20c6d17a41d3186bc5d5fdefeb84a4189bbb938e9154768	Mirai	ddos elf mirai
http://195.133.10.39/arm7	2a295126cb98cd6cd45762c11b2f99cd80bdcb6992be63ad6d293ad21f412415	Mirai	ddos elf mirai

Intelligence

File Origin

# of uploads :

1

# of downloads :

144

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6769006a8a4d48ee35fe628blinux22vpnfull_triage

Tags:

mirai

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7

Result

Verdict:

MALICIOUS

Score:

32%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2024-12-22 17:01:17 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oexw5tyru4vgdaqgdqpmpz3yxafgyqz5dh4bpirprc5opa45ps3q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 712f6ecf11a72a6182061c1ec7e778b80a6c433d19f817a22f88bae7839d7cb7

(this sample)

elf fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d

URLhaus

https://urlhaus.abuse.ch/url/3372721/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3372722/

URLhaus

https://urlhaus.abuse.ch/url/3372739/

URLhaus

https://urlhaus.abuse.ch/url/3372746/

URLhaus

https://urlhaus.abuse.ch/url/3372760/

URLhaus

https://urlhaus.abuse.ch/url/3372737/

URLhaus

https://urlhaus.abuse.ch/url/3372730/

URLhaus

https://urlhaus.abuse.ch/url/3372755/

URLhaus

https://urlhaus.abuse.ch/url/3372740/

URLhaus

https://urlhaus.abuse.ch/url/3372762/

URLhaus

https://urlhaus.abuse.ch/url/3372742/

URLhaus

https://urlhaus.abuse.ch/url/3372748/

URLhaus

https://urlhaus.abuse.ch/url/3372751/

URLhaus

https://urlhaus.abuse.ch/url/3372745/

URLhaus

https://urlhaus.abuse.ch/url/3372735/

URLhaus

https://urlhaus.abuse.ch/url/3372759/

URLhaus

https://urlhaus.abuse.ch/url/3372729/

URLhaus

https://urlhaus.abuse.ch/url/3372736/

URLhaus

https://urlhaus.abuse.ch/url/3372749/

URLhaus

https://urlhaus.abuse.ch/url/3372752/

URLhaus

https://urlhaus.abuse.ch/url/3372743/

URLhaus

https://urlhaus.abuse.ch/url/3372754/

URLhaus

https://urlhaus.abuse.ch/url/3372738/

URLhaus

https://urlhaus.abuse.ch/url/3372741/

URLhaus

https://urlhaus.abuse.ch/url/3372744/

URLhaus

https://urlhaus.abuse.ch/url/3372732/

URLhaus

https://urlhaus.abuse.ch/url/3372756/

URLhaus

https://urlhaus.abuse.ch/url/3372763/

URLhaus

https://urlhaus.abuse.ch/url/3372764/

URLhaus

https://urlhaus.abuse.ch/url/3372765/

URLhaus

https://urlhaus.abuse.ch/url/3372767/

URLhaus

https://urlhaus.abuse.ch/url/3372770/

URLhaus

https://urlhaus.abuse.ch/url/3372771/

URLhaus

https://urlhaus.abuse.ch/url/3372772/

URLhaus

https://urlhaus.abuse.ch/url/3372773/

URLhaus

https://urlhaus.abuse.ch/url/3372783/

URLhaus

https://urlhaus.abuse.ch/url/3372782/

URLhaus

https://urlhaus.abuse.ch/url/3372784/

URLhaus

https://urlhaus.abuse.ch/url/3372785/

URLhaus

https://urlhaus.abuse.ch/url/3372788/

URLhaus

https://urlhaus.abuse.ch/url/3372787/

URLhaus

https://urlhaus.abuse.ch/url/3372789/

URLhaus

https://urlhaus.abuse.ch/url/3372792/

URLhaus

https://urlhaus.abuse.ch/url/3372793/

URLhaus

https://urlhaus.abuse.ch/url/3372797/

URLhaus

https://urlhaus.abuse.ch/url/3372796/

URLhaus

https://urlhaus.abuse.ch/url/3372795/

URLhaus

https://urlhaus.abuse.ch/url/3372800/

URLhaus

https://urlhaus.abuse.ch/url/3372798/

URLhaus

https://urlhaus.abuse.ch/url/3372805/

URLhaus

https://urlhaus.abuse.ch/url/3372809/

URLhaus

https://urlhaus.abuse.ch/url/3372804/

URLhaus

https://urlhaus.abuse.ch/url/3372810/

URLhaus

https://urlhaus.abuse.ch/url/3372806/

URLhaus

https://urlhaus.abuse.ch/url/3372812/

URLhaus

https://urlhaus.abuse.ch/url/3372813/

URLhaus

https://urlhaus.abuse.ch/url/3372815/

URLhaus

https://urlhaus.abuse.ch/url/3372818/

URLhaus

https://urlhaus.abuse.ch/url/3372817/

URLhaus

https://urlhaus.abuse.ch/url/3372820/

URLhaus

https://urlhaus.abuse.ch/url/3372821/

URLhaus

https://urlhaus.abuse.ch/url/3372822/

URLhaus

https://urlhaus.abuse.ch/url/3372823/

URLhaus

https://urlhaus.abuse.ch/url/3372824/

URLhaus

https://urlhaus.abuse.ch/url/3372827/

URLhaus

https://urlhaus.abuse.ch/url/3372828/

URLhaus

https://urlhaus.abuse.ch/url/3372830/

URLhaus

https://urlhaus.abuse.ch/url/3372829/

URLhaus

https://urlhaus.abuse.ch/url/3372831/

URLhaus

https://urlhaus.abuse.ch/url/3372832/

Dropping

MD5 559f129d380ad1cfb60792c6b2dc3d32

Dropping

SHA256 fbdbd0392519e49a09e647d8c83046fb15d6dcbb8246ee2f813d10018ba8ac3d

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample