MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10
SHA3-384 hash: b3218b1535a37542d0cc76f4ef5f751cf5e5a2723aadad29a955d532357a481e1e36352898fb94163a91ebd61e5bcf61
SHA1 hash: 53d18d042b001bdfde18f62b4127411ea27ce277
MD5 hash: 2e091a127f98db959d13101ab60f2776
humanhash: high-uniform-magazine-alabama
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:518 bytes
First seen:2025-03-12 01:37:00 UTC
Last seen:2025-03-12 14:01:05 UTC
File type: sh
MIME type:text/plain
ssdeep 12:od8VLLF9faKKdFRLLF9faKKdrLLF9faKKdlI3LLF9faKKdc7LLF9faKKd8LLF9fv:oKVLqKKlLqKKxLqKK7qLqKKO7LqKKqLf
TLSH T1BCF012DA3C0165098D12D9C8253BCA11B111C2CC66808B1AF9AB393AD0B8A58BD22BA8
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.120.253.44/re.bot.mipsac61fe040ab4b5679119b4bb6292fe940170c4511f1da3e780292bbac1a044f6 Miraiddos elf mirai
http://87.120.253.44/re.bot.mpslc08cddb3d6804838132d55afddce2bfdb6d0870977dad7eb99bdd3f73f75ba4e Miraiddos elf mirai
http://87.120.253.44/re.bot.armn/an/addos elf mirai
http://87.120.253.44/re.bot.arm5n/an/addos elf mirai
http://87.120.253.44/re.bot.arm707ef12e0741251ae867210ed7db52419181baefa7981075d41afcbd7567bd3d2 Miraiddos elf mirai
http://87.120.253.44/re.bot.aarch64n/an/addos elf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d0ec16dff6bd92190866bdlinux22vpnfull_triage
Tags:
downloader agent hype
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/67d0e549e95d0f9029e7bff7/reports/ee34a1a7-2d7a-4c34-9b2c-7a3845d38d98/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10/
Threat name:
Linux.Trojan.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-03-12 01:37:15 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxy77axupjdz2gfpkps4olhd5ygxxd3lnioyohpegnsahz5n5mia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250312-b1w3easly6/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 85f1ff82f47a479d18af53e5c72ce3ee0d7b8f6b6a1d871de4336403e7adeb10

(this sample)

Mirai

elf 17ff9a0db36dd48f93b56141b7390842cf7c3f76f15b6d8315eb25a1e569c04a

  
URLhaus
https://urlhaus.abuse.ch/url/3474303/
  
Delivery method
Distributed via web download
  
Dropping
MD5 eab2fdf993df3609270a8ffeb54fa0e4
  
Dropping
SHA256 17ff9a0db36dd48f93b56141b7390842cf7c3f76f15b6d8315eb25a1e569c04a

Comments