MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6
SHA3-384 hash:	6736d6b7867a71433f042d167e77f4940543ba220a4fcd974f811954d51c2025603b7c7a98d11d640a5b2644c276a022
SHA1 hash:	8d542b7296f56661e93c95e4eaf4cf95a93daa61
MD5 hash:	b4d9976270a3441de7bb1978843b2c66
humanhash:	lithium-fanta-sink-salami
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'123 bytes
First seen:	2025-02-01 18:21:21 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:ixKBHefUbcerBH9ePfRkwBHmUkcjBH93v8RvPYBHa7zPSgqBHVIBHZj6FBH+31qq:9hMN5367x6OI7VIX6yuGTz9
TLSH	T1384166C161904FB2CDE885047597A07D102C89DFEF1E9FD8D8998EE4A2C4BE2B544DCE
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://156.229.232.99/rep.i486	e5812cc27e48cfe31396e42dad2d6ede24fcfdc57c8a0bf3011d5b93d69e26ee	Gafgyt	elf
http://156.229.232.99/rep.x86	40ee0fb5be941b3e77a45b6d91269dd867f15340ed16f2541b2fc69d91b855e7	Mirai	elf mirai
http://156.229.232.99/rep.i686	49bbaae7c442e77e851e382c88fffb3d47a8432b240b926672b87a50af760314	Mirai	elf mirai
http://156.229.232.99/rep.x86_64	2e82e8d271a19c6c2429c420b6a8d5d5c25bebf27e29d82c94ef0e85c9e904fe	Mirai	elf mirai
http://156.229.232.99/rep.mips	04f9e80e39f493c44d7e5b3d22b8e6a6bf9a08f5cabeaad51fa82e7ac73a1b0c	Gafgyt	elf gafgyt
http://156.229.232.99/rep.mpsl	d8d998a41227fe6f36d9c73684fa880b7453121f45865956c8278bbce180c71a	Gafgyt	elf gafgyt
http://156.229.232.99/rep.arm4	2fe8d2419755907475cdab1c251a5e3eecc035b6b3b5a91f4b75e56c67ffee1f	Mirai	elf mirai
http://156.229.232.99/rep.arm5	d6acfa3d75837e01da10d98fe7426cb89c5f84777e25feb9caa69b71463de3f3	Mirai	elf mirai
http://156.229.232.99/rep.arm6	52fe6146f8659b891e501332198dc5ec9b814f74ca2660403b6dc3371548e7ec	Mirai	elf mirai
http://156.229.232.99/rep.arm7	6ae92555f8f228ef49e201a9d0dccecb518d3afcf513389a48237aff088e0003	Mirai	elf mirai
http://156.229.232.99/rep.ppc	96ad6fe152b3c1d9b6f98e829a78bab96e68a05467bfc00f7975f9c870cf34e1	Gafgyt	elf gafgyt
http://156.229.232.99/rep.spc	7247191c10aedc150f1a1b5d38bc2c4a6c71660249a76a24ff38544c211aad4f	Gafgyt	elf gafgyt
http://156.229.232.99/rep.m68k	1e7f027aa483de8184b722732f070b41cae0382ce551580727251e502e7457ea	Gafgyt	elf gafgyt
http://156.229.232.99/rep.sh4	a6b5bb5fe2271429a812ace0fe26fe00b0b88b4e8aab3410b3ce4ec8e7ca3717	Gafgyt	elf gafgyt
http://156.229.232.99/rep.arc	e3a3d61079ca8cefddcf5904c11b01752b5617b95fa14bc1045b420d94e9fce2	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=679e663b416a81ccc3c4e9b8linux22vpnfull_triage

Tags:

phishing spam

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive expand lolbin remote

Link:

https://www.filescan.io/uploads/679e662b5dee189200750b32/reports/aa952b3c-56c0-4be9-a6c3-17e63ad2f655/overview

Result

Verdict:

UNKNOWN

Score:

79%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6/

Threat name:

Win32.Trojan.Vigorf

Status:

Malicious

First seen:

2025-02-01 18:21:40 UTC

File Type:

Text (Shell)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oqclpotryyrjg67w6mn6a5d4z5i3ny7qnjpqka54raruwqq4dota._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion discovery linux

Link:

https://tria.ge/reports/250201-wznd4avjew/

Behaviour

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

File and Directory Permissions Modification

Renames itself

Unexpected DNS network traffic destination

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7404b7ba71c622937bf6f31be0747ccf51b6e3f06a5f0503bc88234b421c1ba6

(this sample)

Mirai

elf 40ee0fb5be941b3e77a45b6d91269dd867f15340ed16f2541b2fc69d91b855e7

URLhaus

https://urlhaus.abuse.ch/url/3379697/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3379683/

Dropping

MD5 91c9e744178c7dcc4a78b805895ab3a1

Dropping

SHA256 40ee0fb5be941b3e77a45b6d91269dd867f15340ed16f2541b2fc69d91b855e7

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample