MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688
SHA3-384 hash:	f5b719c9bcea175c3d580afb565ec9a10cae348bc0d3d8c013ea206e40460ed81f0111ea60a3c8fe4ef65934c6575201
SHA1 hash:	ad39946b95b677b8c16b22ddea22462632a0c2a6
MD5 hash:	45c2fc5185d0fdff35ceab9ab601350f
humanhash:	saturn-tango-shade-may
File name:	c.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	716 bytes
First seen:	2025-02-24 09:02:36 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3J3CCiaNIl5wn0LKJ2OY66EMeNSwgtiOzKU:3J3nRNI7bKIGnvatnz
TLSH	T1EA01DA9C38A157B31E0A9E1BA0E788C99005ECC12264AF9DE51D5DB84CDD105BA5C2BE
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.191.245.128/arm	e4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e	Mirai	censys elf mirai moobot
http://160.191.245.128/arm5	6fff4613e86ec31a62ac216f4d8165540bf848d12c1c56210943d34d24ba2e98	Mirai	censys elf mirai moobot
http://160.191.245.128/arm6	bfd77e47ec2a24abef601efe5aabc33c1ce7bb09b2a6c49bc1cc74b2ac487f70	Mirai	censys elf mirai moobot
http://160.191.245.128/arm7	877e42a47d8eb971c4e4d1a5e336048ed4fc6bc5d448b6c163a34e080a6fc071	Mirai	censys elf mirai moobot
http://160.191.245.128/m68k	fba19afd35d37cac554b2594a4ccc73a485ec495d6843889a81169ec3b49fee1	Mirai	censys elf mirai moobot
http://160.191.245.128/mips	859bf0ab1e056057e423b613b1bdf557f4c5f55cfd39c770385e3aa978b0b9ca	Mirai	censys elf mirai moobot
http://160.191.245.128/mpsl	fb3887f0459af8f20a6368853887281b00e507859955105b0acbb16caa7937f5	Mirai	censys elf mirai moobot
http://160.191.245.128/ppc	4c69ccc4c590186eb6045441e1a97ecfa3ef83956e8acde302e8fbc29603cee9	Mirai	censys elf mirai moobot
http://160.191.245.128/sh4	172ac7badb194e01c2c7a62ca934363389031a8e0523c36d6567af9be3b15a8b	Mirai	censys elf mirai moobot
http://160.191.245.128/x86	7ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b	Mirai	censys elf mirai moobot
http://160.191.245.128/x86_64	1ebe6d1924ccb4b64931026e44a0425d00ca12a237ac1c3d93e5b7c0937e13c5	Mirai	censys elf mirai moobot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67bc35cf28ab76d43a5cd2falinux22vpnfull_triage

Tags:

trojan agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/67bc35d46222db7f23d9c390/reports/d3908e4b-e089-4efb-bec7-22d18faebfd4/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688/

Threat name:

Linux.Trojan.Vigorf

Status:

Malicious

First seen:

2025-02-24 09:03:12 UTC

File Type:

Text (Makefile)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qp74hgcobbf6uvg6e3xhldq2plq2ielt2dutxyifj5fgrwcz42ea._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250224-kz3y1atmal/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 83ffc3984e084bea54de26ee758e1a7ae1a41173d0e93be1054f4a68d859e688

(this sample)

Mirai

elf 1f929a2ee645f3c277e38a6423828e3c8890f99aef05c8ae3623653ec5c77957

URLhaus

https://urlhaus.abuse.ch/url/3433728/

Delivery method

Distributed via web download

Dropping

MD5 206caf1e3453151985f8f2238c4fac4c

Dropping

SHA256 1f929a2ee645f3c277e38a6423828e3c8890f99aef05c8ae3623653ec5c77957

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample