MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d
SHA3-384 hash: 654a95a5a70c1be5a9e00d0bd65429eb3f6dc486a43b082147b89b16b1b5f69e387eee753d9641b93620a95e0c2ead82
SHA1 hash: 23b16a0038c7ee67df3a97f71cab043349f2967d
MD5 hash: 634f86d2c2f1d7d810f49e07d7ea1b9d
humanhash: zebra-berlin-charlie-delaware
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'008 bytes
First seen:2025-02-02 07:11:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:fiVUkxCWEU6NI9kxwAUHySKxWHUryFUmPCUkoeVUo6UYxRI4qKAUVJeUhx7+cAUZ:Kmu56NIqcnKxzDSkU0I1xlPvagMHA
TLSH T1F01190CE1069D1800D1FCDC3325DC909764C8BE0B8BDAF3DA98EC8F26796A25B145F88
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.224.0.242/bot.armef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c Miraielf mirai
http://185.224.0.242/bot.arm57c4169afb95dbf9379c0230e1360f6ec398b6e05c62c1f650581b3af3de55a93 Mirai32-bit elf mirai
http://185.224.0.242/bot.arm60bff380e3afc00cae803e1539ed95192a5668d9bfdc528990fff0404eaa421f3 Miraielf mirai
http://185.224.0.242/bot.arm727f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259 Mirai32-bit elf mirai
http://185.224.0.242/bot.m68k9d95dea116305758f492500920e1a7347e355319bc0b7eeedd1ae941dc28e559 Miraielf mirai
http://185.224.0.242/bot.mipsc27fcbc9c81b90d4eda69cf14370aa082d6bec5deeb067efa13413aa186d2d21 Miraielf mirai
http://185.224.0.242/bot.mpsl94e99db7f85183422eeca5d053f275c04d70a27ce1022a6574477f11a65d440b Miraielf mirai
http://185.224.0.242/bot.ppc0b9fbd958f934c6e37bdac3d05edbffcd7b66539846b5cc5cd7967586ee301cb Miraielf mirai
http://185.224.0.242/bot.sh42105dea0c1426ff27495bc26ff4b0a07d7c6b5459fd0e6c330d9d3db5ccb5b62 Mirai32-bit elf mirai
http://185.224.0.242/bot.spc2105dea0c1426ff27495bc26ff4b0a07d7c6b5459fd0e6c330d9d3db5ccb5b62 Miraielf
http://185.224.0.242/bot.x86fa738a5a3abcc40bb979d0b71135f14b1041ff773f6c93f500ec07e4edaf8fdd Miraielf mirai
http://185.224.0.242/bot.x86_6433c2ed520416d7b003f9727d717b55be33ea9d83e33fa294b3775892998af2f4 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679f1ad3a9881a7a01c5140blinux22vpnfull_triage
Tags:
downloader backdoor trojan
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/679f1ad02681e793d8aadb85/reports/e9895532-3a00-4859-9c18-0383bbb92821/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-02 06:44:51 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=peurxipd46x364uyo5b2eo5j7js4ohkqf6ev6m4wzu6h3yutc5gq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250202-h1jweasrej/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 79291ba1e3e7afbf72987743a23ba9fa65c71d502f895f3396cd3c7de293174d

(this sample)

Mirai

elf ef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c

  
URLhaus
https://urlhaus.abuse.ch/url/3423936/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3423953/
  
Dropping
MD5 ac2f659cb5cb063e09e0eed62191a7d6
  
Dropping
SHA256 ef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c

Comments