MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7185b11e03083282e3808d50e8a2ab13d3a1d3dbf722334367390be28ea60180. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	7185b11e03083282e3808d50e8a2ab13d3a1d3dbf722334367390be28ea60180
SHA3-384 hash:	9e3759779e96fefd688e24032f03ea57fbb73c608c168e39cba339345596505eb066fc33e50a089435685a000db3fefd
SHA1 hash:	9523dc6f38d4b65af39e3196b481b9209d1f0297
MD5 hash:	1e3b9f128929a0e3a266cdc81b8e0d04
humanhash:	timing-four-three-california
File name:	curl.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	613 bytes
First seen:	2025-02-16 03:06:56 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3J3fjdkvpfT1FhfLaA3LK0GGfLaA3LK0GGfDXgSfzoYOf7p:3J3f0FxLLK0GoLK0GoDXgkUPt
TLSH	T15FF0A7BB0C966BF71158CDAEB183930DD04B149F683F4B0CE73805AC41666257D48751
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://185.142.53.41/tarm	n/a	n/a	n/a
http://185.142.53.41/tarm5	79076da109a2b9fbd073e16c09228a32be81a133455576bd58f641670de5a433	Mirai	elf mirai ua-wget
http://185.142.53.41/tarm7	n/a	n/a	n/a
http://185.142.53.41/tmips	01f02c63d1668e5cc0946d9aaba4dffb35a5c4e4f1fa3f7d745746e52892ab3d	Mirai	elf mirai ua-wget
http://185.142.53.41/tmpsl	d82fefa7c75004dbcbbfdb49bbbf2d47d70f13ea6df326dbacd3ec7bcd52323c	Mirai	elf mirai ua-wget
http://185.142.53.41/tsh4	564c243b1f553f14bc3b7bb40299a554e40d02eaedd7c7f17da7259221685fb7	Gafgyt	elf gafgyt ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

103

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67b1579aa0fd713c335b14b3linux22vpnfull_triage

Tags:

mirai agent virus hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/67b156680f344d3bea9ba2fc/reports/14b532b1-5b71-46a1-bdd0-5b6852e80e1e/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/7185b11e03083282e3808d50e8a2ab13d3a1d3dbf722334367390be28ea60180

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7185b11e03083282e3808d50e8a2ab13d3a1d3dbf722334367390be28ea60180/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2025-02-16 03:07:14 UTC

File Type:

Text

AV detection:

4 of 37 (10.81%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ogc3chqdbazify4arviorivlcpj2du6364rdgq3hhef6fdvgagaa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/250216-dmdp1sypej/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7185b11e03083282e3808d50e8a2ab13d3a1d3dbf722334367390be28ea60180

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.