MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275
SHA3-384 hash:	6637e111746ff00cb4b7830fa0f1b3f477353525aac9c9827b16ffbbc62d4c74dbdb265cf765026f42c2a22d53f1b40c
SHA1 hash:	052856910ce2a053a94f6fd3fe22a1decf88f138
MD5 hash:	229944c75b6d20cc68f4126075f9f126
humanhash:	leopard-south-november-coffee
File name:	x
Download:	download sample
Signature	Mirai Create hunting rule
File size:	168 bytes
First seen:	2025-03-15 00:18:42 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:LMFUkLwnzFbFjBDKzSHX7F0QlvwVMFUkLwYhFjBDKzSHX7F0QlO:LMFd8pbRB9LF9lviMFd8YhRB9LF9lO
TLSH	T1BEC012EA3822050A8D02D9882432C9A1B001C2EC20808B0A2AAA2A3AC0B4618BD21B88
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://87.120.253.44/re.bot.mips	ac61fe040ab4b5679119b4bb6292fe940170c4511f1da3e780292bbac1a044f6	Mirai	ddos elf mirai
http://87.120.253.44/re.bot.mpsl	c08cddb3d6804838132d55afddce2bfdb6d0870977dad7eb99bdd3f73f75ba4e	Mirai	ddos elf mirai

Intelligence

File Origin

# of uploads :

1

# of downloads :

132

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67d54b093962f1a6f4718cddlinux22vpnfull_triage

Tags:

downloader agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67d4c7c85663b080596e2471/reports/adfee6a8-a9e0-47c8-9205-bd3e83e42737/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275

Result

Verdict:

UNKNOWN

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275/

Threat name:

Text.Browser.Generic

Status:

Suspicious

First seen:

2025-03-15 08:36:12 UTC

File Type:

Text (Python)

AV detection:

2 of 24 (8.33%)

Threat level:

4/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uemgsswz25nlmbtuvaunch6dgaey6xyz47atottk5s4ctxk2yj2q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a118694ad9d75ab60674a828d11fc330098f5f19e7c1374e6aecb829dd5ac275

(this sample)

elf 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

URLhaus

https://urlhaus.abuse.ch/url/3477734/

Delivery method

Distributed via web download

Dropping

MD5 60492f54823aa2e56fdf484f5cb3df42

Dropping

SHA256 7c4da6ca887c3bb2a03c11a90e21057c1f2ef48f6f9e760ffe7c5401592bf201

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample