MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984
SHA3-384 hash: 70bcefcab956be7f4f20bde6014c4f06a76f5331d219e824d8fb53615b95df5c3589e41028d38f68ec27432cb45c7c08
SHA1 hash: db8735837258b7e78e64163cea557f5eb43c2d94
MD5 hash: 41de0463e22eabb06861aaf3b28a5e50
humanhash: pluto-uranus-echo-one
File name:hidden.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'575 bytes
First seen:2025-01-25 15:21:47 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vCzITCiPz13C575wtCn8B5LCIRD1CX7Xw8sCubpCiPFCFmRC5ixbCox9C5UTcaCb:vj52dCnx5F7ZbVKa0
TLSH T14C51939A371743302E66F4E3B9E90858B3D6E4E6D4CC9ED687D878AD844DF0CA0C09D2
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.66/bins/hold.x86b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6 Mirai32-bit elf mirai x86-32
http://193.143.1.66/bins/hold.mipsec4e12ae7910f54381dd7c325364147b17f96e0d1f5c7cfa8d818c1fc487c3e9 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.mpsl0496421dac7fc4aac7bd6d45ba1b929727804e101c3690dcedd73231aba3af07 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm1577bfddedee491e4f51793662f011edce5e40dd8ba17f2671c4df818aca5c76 Miraielf mirai opendir
http://193.143.1.66/bins/hold.arm51c9b4984eb0598462c2d486d0f34191c0ebe55b6f91e763ed3c0e01624585290 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm64630f8cb2a102cfc5202eef3f49f0073127f6afd07afb07110b5b44bde43a7dc Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm74d71abad98597a404007e8dc9cbec5d749e21230ff503b7574062b04378aaeb6 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.ppc99ceabbc5d279884f3663071e0622a6ae8910b342a9f70f94938a676e900678c Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.m68ka1c846734a90b87cc64ed64f51af377f5082ab719ccc35614a865e4b309025ba Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.spcc4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.i686c4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf opendir
http://193.143.1.66/bins/hold.sh4691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arc691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/6795019cff3580ba7f0c49b2/reports/9f58489e-f3eb-43cc-bd38-2f41727e01f3/overview
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-01-25 15:22:04 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=omenqwvbvt6ltaappaqam5hywvex2oby2ulqvrpdofyrr4ldjgca._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250125-srwhysykh1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7308d85aa1acfcb9800f78200674f8b5497d3838d5170ac5e3717118f1634984

(this sample)

Mirai

elf 93f1b893774f3a584338e5ae863d3ccb6212521f686b1980a0906265be4124ae

  
URLhaus
https://urlhaus.abuse.ch/url/3402722/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cfd3b84577f3baef83cbba6bf06b17bc
  
Dropping
SHA256 93f1b893774f3a584338e5ae863d3ccb6212521f686b1980a0906265be4124ae

Comments