MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb
SHA3-384 hash: bea39aa3877b750d00d34d841f2b853fae7fe4e4433577f1239b920b4898b0eb2cf500a8db1b2493f9abf2a64ab3fa59
SHA1 hash: c283ed040f70c8d89cdac719734aca7fb38648cf
MD5 hash: 9b16a98c8d9ab714a1f65843f2d74cd6
humanhash: diet-eight-six-delaware
File name:l
Download: download sample
Signature Mirai
Create hunting rule
File size:921 bytes
First seen:2025-02-02 09:01:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ghYbxeMzgeO2Xe0qfjewresiTe4NI7Ee4KKeet+JKerh:aysxOAfj7piTeEnbQJKo
TLSH T15B1194DF9C541A220A58DECEF762DC99B093E58A3147CFE4ADDD287D8D9C914B014708
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.17.183.233/mipsd0ae0c3d3e7a9c23311fecdc381938d9342b735cd92b757f95545b50be4e5176 Mirai32-bit elf mirai
http://193.17.183.233/mpsl631b5f9a168f6681ab7d7392e03c207a1f5fd61f8ecc26b888783c273c2dc3e5 Miraielf mirai
http://193.17.183.233/x86ce5797cd8b13c2f33236d3a9a3bc06cd8812b418b8b52d8bc48de1d851c5bd4b Miraielf mirai
http://193.17.183.233/armd61588f19991b7c9b60acd508ff38bbbfa4224a818db357afbd67d6109dcd4ac Miraielf mirai
http://193.17.183.233/arm5bdda53da099bc4a8ceaa1ef191dba0bbe027dc5882b81b28ce9a8372f33863bc Miraielf mirai
http://193.17.183.233/arm67789cc1cbd2719df2061b3189a2daef7dc87c0beeb40d54b6857a8e24d991c28 Miraielf mirai
http://193.17.183.233/arm73f31d0b03c56cf6524a7915cb9aa46cd0144cc045b493d7f14a074a1b29a7353 Miraielf mirai
http://193.17.183.233/sh480a3b78713620dd089b97069a8e4bbf0df474591c70b890ef18575b51850e511 Gafgytelf gafgyt
http://193.17.183.233/ppc2d500e9554e607298261161db2886c30b28f558101fecfbfe72e9b34107eeade Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679f354a416a81ccc3c4f9d6linux22vpnfull_triage
Tags:
trojan agent hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive lolbin remote
Link:
https://www.filescan.io/uploads/679f34a1630a0c89dddfd47e/reports/2b425e48-b2ca-4175-a5fe-858d71e74273/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-02-02 07:41:58 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tvco4u62z4dej5xuvnjnrhgbiugecia6mcn6hizksdnrxe7y5pfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250202-k19g6swrdq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9d44ee53dacf0644f6f4ab52d89cc1450c41201e609be3a32a90db1b93f8ebcb

(this sample)

Mirai

elf d0ae0c3d3e7a9c23311fecdc381938d9342b735cd92b757f95545b50be4e5176

  
URLhaus
https://urlhaus.abuse.ch/url/3424167/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d60c08e59050905f462ae9b68e846536
  
Dropping
SHA256 d0ae0c3d3e7a9c23311fecdc381938d9342b735cd92b757f95545b50be4e5176

Comments