MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b
SHA3-384 hash: 6b7ab0042d5e06768a41d4073641c1e55ee045ff39f381b020368e26413563fdc217992889e3cbeeab692b2e421a5eaa
SHA1 hash: 34a663d376c3456afd01853c891344aea627bf83
MD5 hash: 64b153fe985f235179761a8cda004223
humanhash: artist-crazy-utah-pizza
File name:wert
Download: download sample
Signature Mirai
Create hunting rule
File size:789 bytes
First seen:2025-02-11 18:26:28 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:OAXnfTCcn8Jvu9rXMyCrX3AW5BrXSZrX/y5lrnTQKBUNLQp:vvTCJJvkcFnt5liNPCl4KBk8p
TLSH T1BB01ADCD4A20A781042C7CE7B1F282252646CBDCB1BFCBEAEE46063C41C66507570BD6
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.32/nabx86049941c6c5af46bf841f6c74df053d9863f1e9b3f1badf93c7e5c1ff390dd834 Miraielf mirai ua-wget
http://193.143.1.32/nabmipsf7f287e17934124f22a9f78ff4deccfa29d780cbbadb51c1448f1bf1d2e4e886 Miraielf mirai ua-wget
http://193.143.1.32/nabmpsl43e9eb915b547d4ff40678020a90e406176697f0a0f06982adf572896f8bb440 Miraielf mirai ua-wget
http://193.143.1.32/nabarm0ec219b2e192aff5aad4f2c61d1757f88e5720808cd676605e39cc32d7185963 Miraielf mirai ua-wget
http://193.143.1.32/nabarm5b97d3b2d55c0a8fc873da4accd60f26d45031d4a1f45d9cefdac7350bba9dc35 Miraielf mirai ua-wget
http://193.143.1.32/nabarm6d1f7091e65e3cea53e527847feda6ef42072389f77b87c9d1b8b8057fce9c14b Miraielf mirai ua-wget
http://193.143.1.32/nabarm7cac6898b9cb1e97496358cc433e8f2bbc028d06612cd8d4e2014e7c67f974e03 Miraielf mirai ua-wget
http://193.143.1.32/nabppca1222fd6169eb1e814f87b8f3bc9be7213d8ed30ed489ae5febb6c2892cf9d3f Miraielf mirai ua-wget
http://193.143.1.32/nabm68k98f675b3faa7f68a98229903775d6a1e91d482e648513a331d32c986bc8d57b1 Miraielf mirai ua-wget
http://193.143.1.32/nabsh451358e843933f194e5f198800e5fa97ffb3096fa976f41b8573a5ad77feb454c Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ab96cc6ddd91410accdc23linux22vpnfull_triage
Tags:
phishing spam
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67ab96cdcda1fa3c249f5a2f/reports/da72e482-a9c4-42ab-9bff-ca29e9d52a8f/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b/
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-02-11 18:22:50 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7snvkvmrs4iddghydsd4vcom3aroob5f5uzb3ge54wplfv4mmfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250211-w4g3wawldk/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 87e4daaaac8cb8818cc7c0e43e544e66c117383d2f6990ecc4ef2cf596bc630b

(this sample)

Mirai

elf 40357bbc1beef844aeefefa3185816ef3e151b72656d50adc651190f8a8ff676

  
URLhaus
https://urlhaus.abuse.ch/url/3436391/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3436394/
  
URLhaus
https://urlhaus.abuse.ch/url/3436409/
  
URLhaus
https://urlhaus.abuse.ch/url/3436412/
  
Dropping
MD5 f0ce054324312f1008589ed012ba75b1
  
Dropping
SHA256 40357bbc1beef844aeefefa3185816ef3e151b72656d50adc651190f8a8ff676

Comments