MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a
SHA3-384 hash: 7a32efed6a5319c96eff1fbac5f3f2d67c0708021dfba60897549ea274593aea233fc18cccb5cc14511471f23bac8043
SHA1 hash: 88071d3928d4626cdebe95abb7424ed4c5f9a2bc
MD5 hash: 6c88d7a7135186fc593a465a71ddfbbc
humanhash: may-hamper-single-lake
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'699 bytes
First seen:2025-01-18 16:06:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:GLF+xtqCAiFsibqvYLLtqCB6P9p0YLQtqCG0auD4YLlItqCi1+XXYLtxtqCim+UR:sF+oiiibq6o29rtRz8C94msUGg
TLSH T1D931B84572635C663DA3A98BB2778448B6A37D6F54CA8FC070EE3174808DD487292773
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.188.254.21/oops/Kloki.x86_64192dc6e6726aaa9cce13eaaf812b070d7aa9b4824c2b1dee17e680e3d75284f7 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.mpslbebb0ff043cb40ec2fc9f1e6c01bfa53aa8e063c4271986497abb2646708d837 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.mips9ed7c3f041272b98d202b68cecb44e5926947df78d49f844cc40c561cb03f734 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.arm484a616beb7ec6f1461fd1228ba8f629dc2b9c1d45e9cb26395e9ca7338dfc871 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.arm5n/an/abotnet elf LZRD
http://91.188.254.21/oops/Kloki.arm6954b58091fd10e8b40909cf411f1e203fed9f7fce39764facf29c2beb44add30 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.arm776f480bb5d3b4321c07669e00e4d64dbefaa08cb5be971eb42c35add03deabc7 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.m68k98eb4c8c5edf1ea00cbf075b2845b28f8746c93844a03e01f6ba5d9255f932ff Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.x8676f4346fd91acdf7b9c37ba5738afb215fcc793c02ef46df8a22355fedb91e01 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.spc03d0cc1607db3d49d7658c9f00e097a2f03b5d3ba682f0454777acc7f5e189d1 Miraibotnet elf LZRD mirai
http://91.188.254.21/oops/Kloki.ppcdfa0c95348765c1b6347a5cd007cfe59e7208b3787bf779e6ea2e47d407f6fe9 Miraibotnet elf LZRD mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678bd3164487910100e08747linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/678bd1a978dcd7641f55747c/reports/e20c40ad-f0d5-4a77-8d0f-6bb953177de2/overview
Result
Verdict:
UNKNOWN
Score:
28%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-01-13 23:08:00 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptciro3b76mqxolgdn2iekkobxrom6blnrwuvwrnqgy42z4qjana._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250118-tkmg5symbq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7cc488bb61ff990bb9661b7482294e0de2e6782b6c6d4ada2d81b1cd6790481a

(this sample)

Mirai

elf 192dc6e6726aaa9cce13eaaf812b070d7aa9b4824c2b1dee17e680e3d75284f7

  
URLhaus
https://urlhaus.abuse.ch/url/3404669/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3404814/
  
Dropping
MD5 87a674a1cd303c58d819270cddd7fc63
  
Dropping
SHA256 192dc6e6726aaa9cce13eaaf812b070d7aa9b4824c2b1dee17e680e3d75284f7

Comments