MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37
SHA3-384 hash:	23a14d9e1c656cccbe6c98fd3617086eb277be30ddc207b673ff44e64cf7ece89e35bb5cd281a3df4e5beb2082203311
SHA1 hash:	c656ceff87b485e1b180422dae411760d6159b60
MD5 hash:	3f37c53695df632a6120098abf3d9211
humanhash:	jersey-carolina-bulldog-zebra
File name:	o.xml
Download:	download sample
Signature	Mirai Create hunting rule
File size:	709 bytes
First seen:	2025-06-18 05:22:21 UTC
Last seen:	2025-06-23 22:37:22 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:FH8ioNJAC7ukxGWi2jU30+0K5+A+fXFVml0lezJkIySTtZhG+E6:FH8j/wWi2jzTVE0wJkgTr
TLSH	T10301F44CA2A8DE600EBCC95AF3B55049E6905047A5F95BD1F38E0A276F60C8E395332D
Magika	xml
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.30.44.120/dwrioej/neon.i586	c5794991f1ceca147265864150f2a8c245ec60ab0462abc0cf2d00543b74b3b8	Mirai	elf mirai opendir ua-wget

Intelligence

File Origin

# of uploads :

2

# of downloads :

51

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan-Downloader.Linux.Sh.16872.1053.UNOFFICIAL

Gathering data

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/1b10f045-59e8-4a6b-a593-26affdb0b912

Behavior Graph:

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37/

Threat name:

Script-JS.Trojan.Heuristic

Status:

Malicious

First seen:

2025-06-17 02:58:59 UTC

File Type:

Text

AV detection:

5 of 38 (13.16%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oq22ywo3wobtmnafqqnq7yknfslleox3zfej5yjnrcrgwagkn43q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250618-hxx9maam61/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 7435ac59dbb383363405841b0fe14d2c96b23afbc9489ee12d88a26b00ca6f37

(this sample)

elf 2877a98a36f77d67b72b8202b855e00e441e3370304b45cb41038669d6153a68

URLhaus

https://urlhaus.abuse.ch/url/3563193/

Delivery method

Distributed via web download

Dropping

MD5 c0808cc74280bbdb3c00ba19a2a020e0

Dropping

SHA256 2877a98a36f77d67b72b8202b855e00e441e3370304b45cb41038669d6153a68

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample