MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31
SHA3-384 hash: 6b8ec944c625a7e24e424412ae02045fc1213a6fbad7429216fc2a9d86e28164908aa4e763f349456b45657ff5012136
SHA1 hash: 70ef5359d729ea2835b5b02d534394b2623c94f9
MD5 hash: 6661f6e5aa1596671869e9ac41d3c134
humanhash: emma-april-king-eighteen
File name:xbot.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:5'138 bytes
First seen:2025-04-11 14:33:33 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:v4vMk4E0M4ugI4U804mUM42k2pCF41Xqbe4G4Q4n664Ysk4kU84zes04t++4QMX:wvMtE0lugRU89mUl2k2pCC16vG4Jn6fA
TLSH T158B18FC7138604342CE2F97774A8D770FAD8AC6958C1EF9BA5FA79AC808EE0411435E7
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.83.207.17/cbot/Pitbull.x8688d87a2c6aaaba949a5aa85c1f5512cde3719b7f404da7fa243dfcd30f2ef127 Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.mips8d1f7338f476d53f7731fd7e5e7495e8a7f9616d72fb2871c5d2fd6019da097e Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.x86_64edbc8b595a686f1398d72c97eff376a896697f3348a717c67ee28b47a20b0800 Mirai64-bit elf mirai x86-64
http://45.83.207.17/cbot/Pitbull.i468n/an/an/a
http://45.83.207.17/cbot/Pitbull.i686n/an/an/a
http://45.83.207.17/cbot/Pitbull.mpslba5b0680d6f712ba1139ebbaae36ab7023a1c857b55da5343ac135bc0bace4bc Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.arm4n/an/an/a
http://45.83.207.17/cbot/Pitbull.arm5f95a661b4075a1f12d7e965947418108383ba736dd407cc4913c4a52c1d93da4 Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.arm6ee46aeeaf8afa94a50a5fd7d3a7a76fb262b0ef1ac4099184634625d29c424a5 Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.arm7244864a1df9db751d4ee5fed224cc8d21162892a8a04dbc4f957819122af2138 Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.ppce83eb3591253d872e3eb754d12d1921d5f20ddf31ae4b3242c1c9f8b216ce8aa Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.ppc440fpn/an/an/a
http://45.83.207.17/cbot/Pitbull.m68k23f365d3f0c43956c84577c2d2b6af63d6701da3f12f0eed5f6c878f51294a07 Miraimirai opendir
http://45.83.207.17/cbot/Pitbull.sh4arcn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-7.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f93119d6e7c3effad01a46linux22vpnfull_triage
Tags:
shellcode agent shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f9286840adfb5162bfed27/reports/e43a1816-1228-40be-b75f-a0239790b23b/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-04-11 14:34:17 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmogdbiweufylp7hpbtp2twphvcjttcfgij27kculdxpbjgvnyyq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250411-rxhzdaslx2/
Behaviour
Process Discovery
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads CPU attributes
Reads system network configuration
Reads process memory
Security Software Discovery
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7b1c618516250b85bfe77866fd4ecf3d4499cc453213afa85458eef0a4d56e31

(this sample)

Mirai

elf 88d87a2c6aaaba949a5aa85c1f5512cde3719b7f404da7fa243dfcd30f2ef127

  
URLhaus
https://urlhaus.abuse.ch/url/3507780/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6e17d095fef098050324cecf6079669b
  
Dropping
SHA256 88d87a2c6aaaba949a5aa85c1f5512cde3719b7f404da7fa243dfcd30f2ef127

Comments