MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565
SHA3-384 hash:	1902d39bef1905b57a1f69b0bfb1737ebde5159f974e44d3c008243beb53385bec06f4c2a706413363253a60cec25441
SHA1 hash:	befa26cd82b8fe7a5f2198a1b30c9e86844fd03b
MD5 hash:	276db3fa4ec7ea288466740a2a9c904f
humanhash:	wyoming-xray-three-pluto
File name:	o.xml
Download:	download sample
Signature	Mirai Create hunting rule
File size:	554 bytes
First seen:	2025-03-28 07:57:37 UTC
Last seen:	2025-03-28 18:17:12 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:FE8i9pAC7ykxGWi2jIvKTkkjtx51n5h5n:FE8G/sWi2jIv0kotP15rn
TLSH	T1E1F08BDCB138CB124DDDC68EF2B05604C0C3C0C4F1F067D6D2804820DD0498E326074D
Magika	xml
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.32.162.27/bins/px86	a2d91163eeefbc033b7f4aad57635df36c770a8a2f7864e78d8831739c1d9da6	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e6a9edcfd0a37f83093fb4linux22vpnfull_triage

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade opendir opendir

Link:

https://www.filescan.io/uploads/67e656ac631830704a89fad6/reports/efe59107-07e7-48b2-9902-5356f7404c98/overview

Verdict:

Suspicious

Labled as:

Linux/TrojanDownloader.SH

Link:

https://www.hybrid-analysis.com/sample/885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565/

Threat name:

Script.Trojan.Heuristic

Status:

Malicious

First seen:

2025-03-27 15:18:03 UTC

File Type:

Text

AV detection:

2 of 24 (8.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rbpup2skyq6tgnv57crmvimlzlkmuujfcoy27ofyaytxhgiswvsq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250328-q6hjjawzbx/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 885f47ea4ac43d3336bdf8a2caa18bcad4ca512513b1afb8b80627739912b565

(this sample)

Mirai

elf 48149300436783604a0ba8626ceba9d4060efad73592fcee69fc5cc8eedc6028

URLhaus

https://urlhaus.abuse.ch/url/3493635/

Delivery method

Distributed via web download

Dropping

MD5 4995d05bf5468109373f0a5608ec3793

Dropping

SHA256 48149300436783604a0ba8626ceba9d4060efad73592fcee69fc5cc8eedc6028

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample