MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e
SHA3-384 hash: 66c05d95634f32ef7e2abe629d3a541a8d462e03f6e773dc4d3c5ade24ed75bdc3f31b0b9053642768aa82760a44ab3d
SHA1 hash: e3cea4dbb4aafe7271849f494239512468f7495c
MD5 hash: fc58d48c1d2adaef82a6f905cc454881
humanhash: north-angel-jupiter-robin
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:4'632 bytes
First seen:2025-03-12 06:17:03 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:1bZEMpmqcenDNCrF40d+WgGruXldNFEAB6TFv:ZIrm0d+dGrEh1YTFv
TLSH T13EA145AC3A501FB68E16DF2AE231C59A705294BB06B10F1464DD70F8FBBED84F210967
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.36/nimips5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e Miraimirai
http://42.112.26.36/mpsl994cd87c6f0f7edd7efcc88aa5d5ee7b21f2c273cbe8c887363e28f7727a1166 Gafgytddos elf gafgyt mirai
http://42.112.26.36/i6865f44e47e6ed228ac92fcedc659d8ec02c542a363651d55942a2b355f06fbcb7d Miraiddos elf gafgyt mirai
http://42.112.26.36/arm153a8a2ddd3d18b9a864a7360b8514ceac65ae64ee4e0f058e9ec361ae91d732 Miraielf mirai
http://42.112.26.36/arm572eb6026c66c96d050f30a3da54cb3c85fad70f9f5b805ea8cf543835ab38dcd Gafgytelf gafgyt mirai
http://42.112.26.36/arm6ebfbcbe0c33d53b3f5b5f5e4ac1ec5a8f858ed2aef69c141437e202e3cac75ae Gafgytelf gafgyt mirai
http://42.112.26.36/arm75c0cefe3a02543464efb9a60941a8c28b9359b8d715dcf0c3a9c9094b27d3764 Miraielf mirai
ftp://2.112.26.36:8021/nimipsn/an/an/a
ftp://2.112.26.36:8021/mpsln/an/an/a
ftp://2.112.26.36:8021/i686n/an/an/a
ftp://2.112.26.36:8021/armn/an/an/a
ftp://2.112.26.36:8021/arm5n/an/an/a
ftp://2.112.26.36:8021/arm7n/an/an/a
ftp://2.112.26.36:8021/arm6n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d12f9c4fd7d3fd0e087353linux22vpnfull_triage
Tags:
botnet trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/67d126e63c5f644bd94ea1a1/reports/9d62907b-961e-40cf-97cb-98899394418c/overview
Result
Verdict:
MALICIOUS
Score:
29%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2025-03-12 06:17:11 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pxe266tjohralpsrk2jhomgtxl6z5al65crzckcvbpsvcovilwpa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250312-g14p5szpy5/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7dc9af7a6971e205be5156927730d3bafd9e817ee8a39128550be5513aa85d9e

(this sample)

Mirai

elf 9035e13661a599cc829264146be0bc962454d0db765f8d682b01d22da5e12611

  
URLhaus
https://urlhaus.abuse.ch/url/3469388/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3469386/
  
URLhaus
https://urlhaus.abuse.ch/url/3469425/
  
URLhaus
https://urlhaus.abuse.ch/url/3469445/
  
URLhaus
https://urlhaus.abuse.ch/url/3469384/
  
URLhaus
https://urlhaus.abuse.ch/url/3469409/
  
URLhaus
https://urlhaus.abuse.ch/url/3473791/
  
URLhaus
https://urlhaus.abuse.ch/url/3469045/
  
URLhaus
https://urlhaus.abuse.ch/url/3469046/
  
URLhaus
https://urlhaus.abuse.ch/url/3469382/
  
URLhaus
https://urlhaus.abuse.ch/url/3469379/
  
URLhaus
https://urlhaus.abuse.ch/url/3473792/
  
URLhaus
https://urlhaus.abuse.ch/url/3469440/
  
URLhaus
https://urlhaus.abuse.ch/url/3469047/
  
URLhaus
https://urlhaus.abuse.ch/url/3469374/
  
URLhaus
https://urlhaus.abuse.ch/url/3469398/
  
URLhaus
https://urlhaus.abuse.ch/url/3469414/
  
URLhaus
https://urlhaus.abuse.ch/url/3469375/
  
URLhaus
https://urlhaus.abuse.ch/url/3469427/
  
URLhaus
https://urlhaus.abuse.ch/url/3469373/
  
URLhaus
https://urlhaus.abuse.ch/url/3469408/
  
URLhaus
https://urlhaus.abuse.ch/url/3469400/
  
URLhaus
https://urlhaus.abuse.ch/url/3469419/
  
URLhaus
https://urlhaus.abuse.ch/url/3469450/
  
URLhaus
https://urlhaus.abuse.ch/url/3469395/
  
URLhaus
https://urlhaus.abuse.ch/url/3469443/
  
URLhaus
https://urlhaus.abuse.ch/url/3469432/
  
URLhaus
https://urlhaus.abuse.ch/url/3469385/
  
URLhaus
https://urlhaus.abuse.ch/url/3469371/
  
URLhaus
https://urlhaus.abuse.ch/url/3469369/
  
URLhaus
https://urlhaus.abuse.ch/url/3469402/
  
URLhaus
https://urlhaus.abuse.ch/url/3473794/
  
URLhaus
https://urlhaus.abuse.ch/url/3469399/
  
URLhaus
https://urlhaus.abuse.ch/url/3469449/
  
URLhaus
https://urlhaus.abuse.ch/url/3469396/
  
URLhaus
https://urlhaus.abuse.ch/url/3469378/
  
URLhaus
https://urlhaus.abuse.ch/url/3473793/
  
URLhaus
https://urlhaus.abuse.ch/url/3469387/
  
URLhaus
https://urlhaus.abuse.ch/url/3469437/
  
URLhaus
https://urlhaus.abuse.ch/url/3469370/
  
URLhaus
https://urlhaus.abuse.ch/url/3469420/
  
URLhaus
https://urlhaus.abuse.ch/url/3469441/
  
URLhaus
https://urlhaus.abuse.ch/url/3469390/
  
URLhaus
https://urlhaus.abuse.ch/url/3469410/
  
URLhaus
https://urlhaus.abuse.ch/url/3469439/
  
Dropping
MD5 b280b9e661d4f637070925b80eb05eea
  
Dropping
SHA256 9035e13661a599cc829264146be0bc962454d0db765f8d682b01d22da5e12611
  
URLhaus
https://urlhaus.abuse.ch/url/3469391/
  
URLhaus
https://urlhaus.abuse.ch/url/3469411/
  
URLhaus
https://urlhaus.abuse.ch/url/3469430/
  
URLhaus
https://urlhaus.abuse.ch/url/3469405/
  
URLhaus
https://urlhaus.abuse.ch/url/3469418/
  
URLhaus
https://urlhaus.abuse.ch/url/3473795/
  
URLhaus
https://urlhaus.abuse.ch/url/3469393/
  
URLhaus
https://urlhaus.abuse.ch/url/3469383/
  
URLhaus
https://urlhaus.abuse.ch/url/3469438/
  
URLhaus
https://urlhaus.abuse.ch/url/3469451/
  
URLhaus
https://urlhaus.abuse.ch/url/3469421/
  
URLhaus
https://urlhaus.abuse.ch/url/3469417/
  
URLhaus
https://urlhaus.abuse.ch/url/3469434/
  
URLhaus
https://urlhaus.abuse.ch/url/3469376/
  
URLhaus
https://urlhaus.abuse.ch/url/3469380/
  
URLhaus
https://urlhaus.abuse.ch/url/3469422/
  
URLhaus
https://urlhaus.abuse.ch/url/3469415/
  
URLhaus
https://urlhaus.abuse.ch/url/3469407/
  
URLhaus
https://urlhaus.abuse.ch/url/3469442/
  
URLhaus
https://urlhaus.abuse.ch/url/3469435/

Comments