MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316
SHA3-384 hash:	f17270c9477afe374c36f41173fe2085f518fae2b6a477aabcf22f628b28620d024a6aed0314241a7283b707765e7ac4
SHA1 hash:	dbd1a27aa4d9efe503c3be3bfa967ebeb51b1b20
MD5 hash:	4281a79bd42bfa5380bd5f07409ef3f0
humanhash:	oxygen-indigo-juliet-butter
File name:	dvr.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	639 bytes
First seen:	2025-07-08 17:25:52 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:+XOp3dKU2hCUKAMk8QdqxoXPD3pJvVPDN+/I/PN7IPDEeQ:ohBh9Mk8QoWLptV5+/I/V7ITQ
TLSH	T117F07D5DD681DBC09866691CB1C7C219F46BC3EC27D24E58BC1F6A75B84C59CB0325BC
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://154.205.133.58/skid.arm	4c72b3a3e372704eb64e1f0e9ebd021902928fa8c6df47e15a347fa682d48916	Mirai	elf mirai ua-wget
http://154.205.133.58/skid.arm5	495ce809e735ffcdf61aee835d0dc9201ef56aa045252cfa3e7029aac8a0b891	Mirai	elf mirai ua-wget
http://154.205.133.58/skid.arm7	cac1f84aafd6f3b5d144e2bdad81f759d12515d73fac77cb8ac09678f2c28f52	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

26

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=686d54cec9eb97473767a562linux22vpnfull_triage

Tags:

downloader mirai agent hype

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/8c315198-0cef-4858-851c-0d585898231e

Behavior Graph:

Score:

88%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316/

Threat name:

Script.Trojan.Multiverze

Status:

Malicious

First seen:

2025-07-08 17:26:28 UTC

File Type:

Text (Shell)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rj4ayrtw6rpm4pue5yfsk5mw7x4mfkizt3h2mej7vqxjbele2mla._file

Result

Malware family:

n/a

Score:

7/10

Tags:

credential_access defense_evasion discovery linux

Link:

https://tria.ge/reports/250708-vz15hsvya1/

Behaviour

Reads runtime system information

Writes file to tmp directory

Changes its process name

Reads process memory

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Renames itself

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8a780c4676f45ece3e84ee0b257596fdf8c2a9199ecfa6113fac2e909164d316

(this sample)

elf b92ca4e7bb3fb794d9e56d85eff80e609230f7a71f3607b76d6789fff1cfd4ca

URLhaus

https://urlhaus.abuse.ch/url/3574806/

Delivery method

Distributed via web download

Dropping

MD5 deb5854f0e44c1dc51069960a71993aa

Dropping

SHA256 b92ca4e7bb3fb794d9e56d85eff80e609230f7a71f3607b76d6789fff1cfd4ca

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample