MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f
SHA3-384 hash: 3fa785ce4452e8a4b0c9d440674150d0956695aa6ef54abfd82b4d3cebaff480312e31b97597a12928e589a290e6632c
SHA1 hash: af235795f99199ca6e48e7eb5784670231940e38
MD5 hash: 6933acc31ba2f5051819ddacbe2d5168
humanhash: july-fourteen-king-jig
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:934 bytes
First seen:2025-02-16 10:41:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:OIEMeByIEMyPIEMONIIqIEMkKSJIEMoAIEMUl9zIEMo9wIEMG/IEM+T/IEM6CIEa:OIYByI8PIuqICxJISAIo9zIu9wIQ/IIp
TLSH T11011188D0755D63D2CE4CD0C30EE4A08AB7AA3C670754BA9ED54086354A65687C7FF4F
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.171.131.21/main_armbd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef Miraielf mirai
http://31.171.131.21/main_arm597744afb839e31ac5bccbd36751e49239bb28f8dc8543e016ad377ee0fd364a7 Miraielf mirai ua-wget
http://31.171.131.21/main_arm676beab1a2a1362ecb4f09a68480ec83be83b92bb4f325677a75d95f6ab7493ed Miraielf mirai ua-wget
http://31.171.131.21/main_arm78583dd8a912a6689b1b6a30662fb9756a4191d3a42dbf73761dcb9b9ef15f04f Miraielf mirai
http://31.171.131.21/main_m68k765d2fcd868547d56ca65d1a1607dbd716846ade55a21763c1ba27d6095d4c2f Miraielf mirai ua-wget
http://31.171.131.21/main_mips93c6360339aed0489885e7ffb51f591258b8f1b62b69a063c285197cd4d9b2a9 Miraielf mirai ua-wget
http://31.171.131.21/main_mpslc91a88f2fae16832f27cdd29511afa98b9bb4097f073a495911e577d2b147122 Miraielf mirai ua-wget
http://31.171.131.21/main_ppc71f26983cea8a321439fdb2413590211a2c0d34e961550f898981e7f3aec1570 Miraielf mirai ua-wget
http://31.171.131.21/main_sh4d844fb6df57d4339e1d970d417b21b422466e64e0ed1c6d586d9d11ad093f151 Miraielf mirai ua-wget
http://31.171.131.21/main_spc8b5ba26f0af7ae78f47f4167fce756a8905ac120193691062c230fdcf86da5bd Miraicensys elf mirai
http://31.171.131.21/main_x8662957dcecfdaa90da9e4d31191222a66efd760119b6b400f70fb34792692d038 Miraielf mirai ua-wget
http://31.171.131.21/main_x86_64a853b33870af369731f0a26bc1cf2fa2268e4e6e6a0ae21cbc112239f59a1c25 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b1c1c2a0fd713c335b2b1blinux22vpnfull_triage
Tags:
shellcode agent hype
Gathering data
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f/
Threat name:
Win32.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 10:42:16 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmniwo3o2ozlhgrfahimzp545tfdwhxdwypbnqbqbsqlk3ci5chq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250216-mrrbcasqcq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7b1a8b3b6ed3b2b39a2501d0ccbfbcecca3b1ee3b61e16c0300ca0b56c48e88f

(this sample)

Mirai

elf bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef

  
URLhaus
https://urlhaus.abuse.ch/url/3441559/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6edcb298e7732b81b54bac412d0bc6c
  
Dropping
SHA256 bd56b0e28161a81b7ecb48c9173e3923ae33b12fcfbdcb7444f3816c18c8c1ef
  
URLhaus
https://urlhaus.abuse.ch/url/3441769/

Comments