MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705
SHA3-384 hash: 92b449fc72528ee894ebec679cea94a8beaea1e9c6214f4c58c9bcf84bf9b33bfdadb60e5d5875cfb8e69edb3243a49b
SHA1 hash: 98af7417d18cf6bf49a61104a4aebbaac59a0f39
MD5 hash: f610810764eec4dd2eed9f4e0e66121b
humanhash: emma-kentucky-item-iowa
File name:sensi.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'673 bytes
First seen:2024-12-26 04:06:25 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vtLOUtcZiUtuQhiKWUtj7NRAUtSStUtYQzcbUt0MbUte4Ut/gUt2Lgn:v8UZU4XKWU5XAU/UYU5UHUaUjn
TLSH T17E31A5D90025C6393D5E6953F9FD0B063580DCD6BADA2E08D9EA3CE648AFE147EC0642
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://107.150.62.186/d/xd.x86ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185 Miraimirai
http://107.150.62.186/d/xd.mipsa003fe86d3d280d11f802ee453fa1f807c7a6670197dd6ad901776072fdc3bc7 Miraimirai
http://107.150.62.186/d/xd.mpsla7a63f861864ca132089d86bd050bd692f0f2c1d204ce12f7622f74ff133521a Miraimirai
http://107.150.62.186/d/xd.arm4n/an/an/a
http://107.150.62.186/d/xd.arm53df735a6d46483ccb2cb3c1b8e0630baa3221dd038da1047267d08c6f7d00b37 Miraimirai
http://107.150.62.186/d/xd.arm6202a3205d0b9965e89fd62467165b82fca3e1932eec1b85b10bf9e2959098b23 Miraimirai
http://107.150.62.186/d/xd.arm78f53c8bfbbd14897015e3f613bda1e2c52d1e7607480f5c075ac36d7c3d72a16 Miraimirai
http://107.150.62.186/d/xd.ppc607eb277457e34645b43e6f45432c08c393a312f4fe7c0c582ff657b413a1557 Miraimirai
http://107.150.62.186/d/xd.m68k98a515f44ffd1cbd214afee650bdf25beb0ab9dfa8a417c6ac814a5c5a82fa2b Miraimirai
http://107.150.62.186/d/xd.sh49a4691b7a04f76f55cf4b698d4ca3c5a025b0067eb49116e9e17a3b17d666474 Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676cd6738a4d48ee35ff85dblinux22vpnfull_triage
Tags:
trojandownloader virus agent
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/676cd670d986a2005f8c7b02/reports/2edd17f1-a931-46a4-8ff4-4ca043a4469e/overview
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705/
Threat name:
Win32.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-26 04:07:09 UTC
File Type:
Text (Shell)
AV detection:
16 of 23 (69.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pzx7db6s6f2a5eczn4m4fpmegskyjgr4hdn5vzuwlc6ki27ze4cq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/241226-epmw5swqfk/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads system network configuration
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (196691) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7e6ff187d2f1740e90596f19c2bd843495849a3c38dbdae69658bca46bf92705

(this sample)

Mirai

elf ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185

  
URLhaus
https://urlhaus.abuse.ch/url/3376694/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9c04ed95992e4b7589d2cfaf2b6b6afb
  
Dropping
SHA256 ca0dad92996c7ba5fbb49e82fc119e6b7a4ef91e060f8aff17b92e93f8bf5185

Comments