MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de
SHA3-384 hash:	6cd973242afb9aece8753427fdf7c95eab60fa3432660a49b50a8d2a3b5322ab23688b228b848af176ac661ffb711663
SHA1 hash:	5527884ce5e595c50875a913872f25466f488b60
MD5 hash:	e5af93ea3215bc131408799f2f499857
humanhash:	solar-ink-uncle-california
File name:	t
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'470 bytes
First seen:	2024-12-25 06:56:05 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:4k5CEA0hZ2k1ck1/I7k1kk1gk1Uk10k10k1mk1A0gk10k1/Jak16k1bj:tCEA0FN5lpVd1rvdtvZ
TLSH	T19B51C6CF05D988A1988889DD77D34AE474CED5C925CDCE8FE4AF1532AC8CA2EF014E59
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://154.216.17.112/tt/mips	d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d	Mirai	elf mirai
http://154.216.17.112/tt/mipsel	97a24b4b731f4e99adc64b52b2c8f282c0d81837d24f151417d10119fd5f5de0	Mirai	elf mirai
http://154.216.17.112/tt/armv4l	16665f3472a973adddc341e684d708066d35d89d6454f92235111ff4d205096e	Gafgyt	elf gafgyt mirai
http://154.216.17.112/tt/armv5l	f163e77db013b6c781026dfd9e155b6676b048091c457dde5bf88da709750d26	Gafgyt	elf gafgyt mirai
http://154.216.17.112/tt/armv6l	fb4215132aee270148aabc85c0d6272b828cb5cf035c6b8823638c03a99c3e16	Gafgyt	elf gafgyt mirai
http://154.216.17.112/tt/armv7l	2ea8ef781900b5a3048e1f7f9d15893c5f366a9b1724de29cc5702d40c1a176a	Gafgyt	elf gafgyt mirai
http://154.216.17.112/tt/sh4	2c0a317af8c8ad9255f20d6d7bda5effd8012886dd64f62484e33ca25995de8f	Gafgyt	elf gafgyt
http://154.216.17.112/tt/sparc	c7d4204efff17cf1a07c62af9aa1d24ab87cf006437bde9128bc909cd1fbb81e	Mirai	elf mirai
http://154.216.17.112/tt/riscv32	b6e0036281a36ce295405c8edf3e65e24b11adcd4a7a5d77b43f9c14a624162d	Mirai	elf mirai
http://154.216.17.112/tt/powerpc	ac2921f97af63ea1e2ef94d53ec118b9b8f82964c9eac536f96eabe90a18f64f	Mirai	elf mirai
http://154.216.17.112/tt/armv4eb	d4264092f6981bbcfaa1455bb1da08cb85860bbccc4c8601e30d80ec7f6c1e06	Gafgyt	elf gafgyt mirai
http://154.216.17.112/tt/arc	90b4e907a8ed7c4ca292aa54504d5277ac5c079b009966290a0a0d754030e0c9	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=676bbcf18a4d48ee35ff2f6clinux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug busybox evasive

Link:

https://www.filescan.io/uploads/676bacccd986a2005f8c24c7/reports/cd7450c6-b8cd-4699-be07-6d99f6a720f9/overview

Verdict:

Malicious

Labled as:

Bash.MiraiA.Generic

Link:

https://www.hybrid-analysis.com/sample/8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de/

Threat name:

Script-Shell.Trojan.Multiverze

Status:

Malicious

First seen:

2024-12-25 07:04:28 UTC

File Type:

Text (Shell)

AV detection:

8 of 23 (34.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ru5d772v5pbml7i47va5hobeo6lyrqlajacbmamx3ieg4khfe3pa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241225-jzd47s1mbw/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8d3a3fff55ebc2c5fd1cfd41d3b824779788c1604804160197da086e28e526de

(this sample)

Mirai

elf d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d

URLhaus

https://urlhaus.abuse.ch/url/3375822/

Delivery method

Distributed via web download

Dropping

MD5 6eae27ecf1e2d9153b6f1552ab3fc8a3

Dropping

SHA256 d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample