MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae
SHA3-384 hash:	ba4487f37ddd2979e3674ea073a88d34f5b606214fb11dc4515e514cf6d2add65058d2006de3c8e7ad16edbd5f50972b
SHA1 hash:	f93d970d983d1f3601bf8f10c56cb56191e484d4
MD5 hash:	11568b290d63145e67b642ed75c71962
humanhash:	yankee-december-seven-fifteen
File name:	pdvr
Download:	download sample
Signature	Mirai Create hunting rule
File size:	759 bytes
First seen:	2025-03-07 02:31:47 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:+fWtYRfWjOT3H8BpfWUOE3HPzfWO6PYd7fWYNdNGlfW2Om3dT7fWe3dafWgr6Y0J:qWOWj238B5WUx37Wa7WGNGtW23NT7WeB
TLSH	T1DF01C8C90991784EC4ADAD2BB3A1C45E51848B49B47F2B4DFCC62D39E9C4940B434FCB
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.134.5/jklx86	fb1458decd00d0895af791f8fe6a8cbb5cc2a89e99e8c1aa7e4d5bda4cb87d0b	Mirai	elf mirai
http://176.65.134.5/jklmips	ef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklmpsl	9cf41e60807702cd85a42ffcabb10f2798193200a381b47f3adbebe65f8360aa	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm	c4fd68b20997f3c8a60dbadf177b3309d465f0a8bb0ad9b33b4c70ee74dc3a90	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm5	7568e9e64ac1105cdcae20095154214ee943b2edc6c01e6d4b4eb0b7e06255a3	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm6	41342a887d2be09cf0165913b43a5916492e677d20429068d4829a090453ccbb	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm7	fe4e8d464b7849a5483782d0c47e53deaf199e284badad12ed98ca79e47a79d9	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklppc	5573fc70c149f6676e1bae8e8a07d916b1690aeb06320689e17a54651c2c7133	Mirai	elf mirai
http://176.65.134.5/jklm68k	2866188e4567599fab76b51f822d9a402bc85af7f74dd1927f6ea1af1632a3f2	Mirai	elf mirai
http://176.65.134.5/jklsh4	b31d22cb1050faa0328fe4f05f03f450bbaccdc4a983d85f058cee4296890280	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

121

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67ca8977c8d04e92a4bf9687linux22vpnfull_triage

Tags:

phishing mirai

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67ca5ab53c5f644bd9474240/reports/504347e3-2f15-416d-8811-2f6204430fb2/overview

Verdict:

Malicious

Labled as:

HTML/ExpKit.Gen2

Link:

https://www.hybrid-analysis.com/sample/8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae/

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-03-07 05:48:24 UTC

File Type:

Text (Shell)

AV detection:

11 of 24 (45.83%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rfbmjaiuzzvmf6zg25g5iwxwb7s5ayubm37snkytle2erqxp62xa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250307-ghlrlswkw8/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8942c48114ce6ac2fb26d74dd45af60fe5d0628166ff26ab13593448c2eff6ae

(this sample)

Mirai

elf 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

URLhaus

https://urlhaus.abuse.ch/url/3458441/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3458342/

Dropping

MD5 da5f082847104367fefde63653084863

Dropping

SHA256 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample