MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5
SHA3-384 hash: 170fe7df8e7dfde5d28ef20ba2ed1629c33ccca171a3eda6e70869316687bf006d8e8c539be5f93bb3912106028a9b09
SHA1 hash: 82f860f26cbe98657533fbc39255a88375467cd7
MD5 hash: dd2027546e4a723f07ae2de62dbdbf07
humanhash: princess-wisconsin-massachusetts-jig
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:627 bytes
First seen:2025-02-28 21:58:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J36xdkvp6B1Fh61aA3LK0GG61aA3LK0GG6U8tXgS6EJyoYO61p:3J36GcXGdK0G1dK0G1UGXghE/qX
TLSH T149F08496382A6FB315E89D9AB293534DD09F60DC387FCB0CEB33050C8526525B104A51
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.157.247.126/tarm01401c31c9768b24329e94d1961fb9933d8e1ed4642148e012210bd22706b3d9 Miraielf mirai ua-wget
http://185.157.247.126/tarm5ee5f0f6724abdf85f8814fb515d2b427aba0a9a2a3a71ae3c684625c64a98de7 Miraielf mirai ua-wget
http://185.157.247.126/tarm70343cd4da3214cb98df604d40e5422b4e4d93197ffca7aca74da98cc56902ae2 Miraielf mirai ua-wget
http://185.157.247.126/tmipsb835ea1518783cd906bc0c3c978c948bce83027fec4db4c482cd84c2374d01c7 Miraielf mirai ua-wget
http://185.157.247.126/tmpsl04f153396823c359abb972cba4487f57d58f09c7788e30834307945550302090 Miraielf mirai ua-wget
http://185.157.247.126/tsh4796b727c2e1e3159fe182b10917159d73578378cf2c156cb5fa2c85de459f00d Gafgytelf gafgyt ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c232724e50050b2e6f289elinux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67c231b53c5f644bd93d318e/reports/de3ba496-98b4-41d0-a51f-94c6207ecf6e/overview
Result
Verdict:
UNKNOWN
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-28 21:59:10 UTC
File Type:
Text
AV detection:
4 of 38 (10.53%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pref4ctylqdpclohxlrpf537gdqeamabew2py6qmnhneyevj67kq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250228-1v4mqszpx2/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7c485e0a785c06f12dc7bae2f2f77f30e040300125b4fc7a0c69da4c12a9f7d5

(this sample)

Mirai

elf 01401c31c9768b24329e94d1961fb9933d8e1ed4642148e012210bd22706b3d9

  
URLhaus
https://urlhaus.abuse.ch/url/3352166/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3461935/
  
Dropping
MD5 3a322392a45724c170212dcecd45128e
  
Dropping
SHA256 01401c31c9768b24329e94d1961fb9933d8e1ed4642148e012210bd22706b3d9

Comments