MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe
SHA3-384 hash:	c617dfc6abb72f1590a476d836a53a781d44997b767089a80eebfd9c0000f50c823ef96b693a7eece231ebb16ee0b07d
SHA1 hash:	82f97b4dabf92f27b55735be77c37ab837d0869a
MD5 hash:	1ff91bc8656781216cb3f2a03cc9901d
humanhash:	winter-august-bakerloo-oscar
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'064 bytes
First seen:	2025-03-26 09:02:39 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:qgjiNNI62MKcl5xN+gSQCMLSXpCScrIC7v:qgjib2MFxN+gSoLSXpCScrI0
TLSH	T19511D3FF63D0661388BECFE834A58501921481A7E86F2B39E9DCC8AAC4C9F547414B59
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.142.252/bins/morte.arm	28160bf93c530f29debe7ee5823d054fce00c656488484243b3df562522bba4b	Mirai	elf gafgyt mirai
http://176.65.142.252/bins/morte.arm5n	n/a	n/a	n/a
http://176.65.142.252/bins/morte.arm6	4a6433f5f79cd0461c1066d3cf3771dff1e0904437bcb1166e31233112e090ed	Mirai	elf mirai
http://176.65.142.252/bins/morte.arm7	b9562204af537f20775950f97dedfa9f0673b2e96346487b32546321c8c2e6d6	Mirai	elf mirai
http://176.65.142.252/bins/morte.m68k	4c4e314d65e8f7580165b9d30ff9579d7ceb4d64b21ebfc6bc3e538c5626e539	Mirai	elf mirai
http://176.65.142.252/bins/morte.mips	bb1d5fae47f2d0bfc3a90ef929e184a044cf7e79ea9b425235ff5938339cde74	Mirai	elf mirai
http://176.65.142.252/bins/morte.mpsl	824e1994e8c1b10c8b7aed4633c33de2f00232e3c05f41d821308773ebd46d60	Mirai	elf mirai
http://176.65.142.252/bins/morte.ppc	d293d55e8bcca07c8f98dbb61d2160c92895d30789844da6562f3f9edd2d75c6	Mirai	elf mirai
http://176.65.142.252/bins/morte.sh4	37862b510e51a5a578053f62afa314c72f96f8f55001b08642ac38664a0cba11	Mirai	elf mirai
http://176.65.142.252/bins/morte.spc	1a8c567f59499d1616c773a41ec5515f52e59011c2794b5005759a515ae25684	Mirai	elf mirai
http://176.65.142.252/bins/morte.x86	f325107c2f28835ae71d9582579fe8ebac836c45cdac8b74c0fbfaa18b8009d6	Mirai	elf mirai
http://176.65.142.252/bins/morte.x64	8d7d23f84bea58d2217449e21321e6a29adea456b4879c206a213a51bfae5d3b	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e3c2dbcb6d38a89f3e4bf1linux22vpnfull_triage

Tags:

downloader trojan agent

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/67e3c2d7631830704a878a77/reports/bd34c31b-e885-4f94-ad1e-10ada7fb0e19/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe/

Threat name:

Document-HTML.Trojan.Vigorf

Status:

Malicious

First seen:

2025-03-26 06:18:53 UTC

File Type:

Text (Shell)

AV detection:

16 of 36 (44.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rocadxpzqaffpyqwi4oruqecpphidu3odcu2d4ykwv7jstdnn67a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250326-kz6d5azyez/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8b8401ddf9800a57e216471d1a40827bce81d36e18a9a1f30ab57e994c6d6fbe

(this sample)

Mirai

elf ab00be865d90d23f5b838d88f173b16e22c48fe651e31fb24d5a0b1db1398c1c

URLhaus

https://urlhaus.abuse.ch/url/3491011/

Delivery method

Distributed via web download

Dropping

MD5 6ef0bf40e05c85957113b9b87ddfcc42

Dropping

SHA256 ab00be865d90d23f5b838d88f173b16e22c48fe651e31fb24d5a0b1db1398c1c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample