MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8
SHA3-384 hash: 47c401d3d779e855e9ab33b0c23ea9bca8d3080cce54fd6aa59082b85856f8067eb470d46cb531c0ffd87cd1d7bb9ae1
SHA1 hash: 9480b4d7711c309dc7b5540b9b6c4bab4357a207
MD5 hash: 092dc709876c5682e5a2f3e03bbbc818
humanhash: orange-twelve-finch-fifteen
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:897 bytes
First seen:2025-02-06 15:51:50 UTC
Last seen:2025-02-07 06:35:28 UTC
File type: sh
MIME type:text/plain
ssdeep 24:hQH7QLuQnNIqBQuKxIQnQYQJJQ4QV1x6QakQt1Q/xn:hQH7QLuQnBQuSIQnQYQJJQ4QN6QakQjs
TLSH T1D611CACD9094E084002DCED6325E9E094355ABE8B4BD9B39EDE40833409A602B068FAF
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://36.50.135.137/bot.arm2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81 Miraielf mirai moobot
http://36.50.135.137/bot.arm53fa6d7197bbec5bb1d96f97f1737645b22cb844c11a3aed930cd2b2b3d659be3 Mirai32-bit elf mirai
http://36.50.135.137/bot.arm61f33e44067287ff5c4104f8bbe22b77ad05d935458a6f5c71462bdff49d0ece1 Miraielf mirai moobot
http://36.50.135.137/bot.arm7a22926e5a56297c9f3f2081362b07caf284b599ac41febb56242fc6d3ef12797 Miraielf mirai moobot
http://36.50.135.137/bot.m68k641b2dc15b24ce75704e00821fd1558f4e6eef1993cdb5d809ead88bcab07ae1 Miraielf mirai moobot
http://36.50.135.137/bot.mipsa7b7a683e1b1607f9565ef324595a683e74d7a6ccb6818797dc4950e799df3b4 Miraielf mirai moobot
http://36.50.135.137/bot.mpsle6098ccc165ae47685de413442c912af1e929360f14f95b4a34f07b0f39cc187 Miraielf mirai moobot
http://36.50.135.137/bot.ppcd8a26bc1b096eb6147dbef58c33722f8f6d71ca64b7249998cb38978f7aabe76 Miraielf mirai moobot
http://36.50.135.137/bot.sh4d20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.spcd20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.x860308459dfb913a3648bc2221a6cb559e6959335f59b40ee5fe67112f59020edc Miraielf mirai moobot
http://36.50.135.137/bot.x86_644721d351f7d60b6f73dd6e749d5d089aa6f55afa52fa84051e10a719229d6434 Miraielf mirai moobot

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67a4dbda51193558eb19a446linux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/67a4dab791c431eb5eb6fcd4/reports/8aa2d658-5768-49c5-82d0-0455781240cf/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-06 15:52:19 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7y3fjdusuidi5slugptwoj33axjoqlwppovoousuf5vikzurdea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250206-ta64ss1nan/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 87f1b2a474951034764ba19f3b393bd82e9741767bdd573a92a17b542b3488c8

(this sample)

Mirai

elf 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81

  
Dropping
MD5 479e94597509942f50dc732b03444166
  
Dropping
SHA256 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81
  
URLhaus
https://urlhaus.abuse.ch/url/3430023/
  
Delivery method
Distributed via web download

Comments