MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90
SHA3-384 hash: 05b6bb76f3c5f796c66fef110dd2fa721f594ca22dacde84261c1d4923ca94d20acc606291681d833990e52dfb27243b
SHA1 hash: 1f60d8ee572ced153d315f7c031b123fbd90632b
MD5 hash: ea64a9e885ad98de952708ecb41d7c52
humanhash: kilo-finch-single-bakerloo
File name:s
Download: download sample
Signature Mirai
Create hunting rule
File size:860 bytes
First seen:2025-01-03 22:11:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3rWKIw+u5ZMoOF7+MB05rJ05JfDNkwjJWyT5JWygDNkw3GKwKx6iGKwKx6ArTvn:yRk5zOt+MB0JJYJZkwjJBJ2kwf/Hrjn
TLSH T1881125CE11E4CDF178D048EE73620515B9CBC4CD45CB4E84608B22B9E88CD0DFA22EA6
Magika txt
Reporter abuse_ch
Tags:gafgyt mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.227.135/ss/armv4l5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac Miraielf mirai ua-wget
http://94.156.227.135/ss/armv7lcc022c57fe74fbb9cc58ea57a4e1debe70fbc5f589b4f2f1987f36989eb4cc85 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.SH.Mirai.C.gen.Camelot.14087.5378.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6778ee2f1ada70779826c3f5linux22vpnfull_triage
Tags:
gafgyt agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/677860b277ce8aa8aed6d0e0/reports/dab43832-931b-4e86-b28c-c3dcf128ca2f/overview
Verdict:
Suspicious
Labled as:
SH/Mirai.C.gen
Link:
https://www.hybrid-analysis.com/sample/73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90
Result
Verdict:
UNKNOWN
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-01-03 23:02:32 UTC
File Type:
Text (Shell)
AV detection:
5 of 23 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=opqogp7ixfptb63q23p7dfrwszx2zma3cw75rxbgpudf6smxlwia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BASHLITE
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 73e0e33fe8b95f30fb70d6dff19636966facb01b15bfd8dc267d065f49975d90

(this sample)

Mirai

elf 5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac

  
URLhaus
https://urlhaus.abuse.ch/url/3387421/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ae4dbc2886c3b1e8426fcee0ae79ecfe
  
Dropping
SHA256 5c33d55d1c67e3d6475754ce42b1a448eb5284046b77cde3bdf3f1656d745dac

Comments