MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c
SHA3-384 hash:	acb437190f5b13622b0828ed08a275ed69b6aab88e45db157fa48fb02cdff1e4601796fbea0ac1abb6335819e7348bef
SHA1 hash:	40e8827e387bab2de60d98321d6b54764231c71a
MD5 hash:	1773828f0711adbaa223ba13e5bf5989
humanhash:	lima-nitrogen-indigo-social
File name:	irn
Download:	download sample
Signature	Mirai Create hunting rule
File size:	654 bytes
First seen:	2025-03-07 01:56:44 UTC
Last seen:	2025-03-07 12:53:29 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:afWjSHTvxZ82nVfWUNgQSjz1YnVfWPM6p2nVfWc5MaDFnVfW2NNI1MTUtZT1YnV9:eWjmTvr8EWUN3Sjz1CW0qEWcKaD/W2Nx
TLSH	T18AF0E8991852350EC86DFE3A72F1989EB260CB8A155F1F6EFCC6183DD994D40B434AD8
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.134.5/jklmips	ef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklmpsl	9cf41e60807702cd85a42ffcabb10f2798193200a381b47f3adbebe65f8360aa	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm	c4fd68b20997f3c8a60dbadf177b3309d465f0a8bb0ad9b33b4c70ee74dc3a90	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm5	7568e9e64ac1105cdcae20095154214ee943b2edc6c01e6d4b4eb0b7e06255a3	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm6	41342a887d2be09cf0165913b43a5916492e677d20429068d4829a090453ccbb	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/jklarm7	fe4e8d464b7849a5483782d0c47e53deaf199e284badad12ed98ca79e47a79d9	Mirai	403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

128

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Score:

94.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67ca8711c8d04e92a4bf95eflinux22vpnfull_triage

Tags:

mirai agent virus hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

bash evasive lolbin

Link:

https://www.filescan.io/uploads/67ca52763c5f644bd9473884/reports/e8ab175b-3e1b-48ce-930c-2657003df5ec/overview

Verdict:

Malicious

Labled as:

Linux/Downloader.p

Link:

https://www.hybrid-analysis.com/sample/935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-03-07 05:37:23 UTC

File Type:

Text (Shell)

AV detection:

12 of 24 (50.00%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=snoemwaq2p2z5qrhvyw6nt3cwbjvrsv5rkhm5ur7b5wgcbfwp46a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250307-gbbm3awjy9/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 935c465810d3f59ec227ae2de6cf62b05358cabd8a8eced23f0f6c6104b67f3c

(this sample)

Mirai

elf 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

URLhaus

https://urlhaus.abuse.ch/url/3458197/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3458217/

Dropping

MD5 da5f082847104367fefde63653084863

Dropping

SHA256 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample