MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80
SHA3-384 hash:	8524871e315059f4f0cae8eb9124b109e07b6d1af1abfc5537aa1b100c08ff3407a1f81d6d18f01426b7050b4ace7cbf
SHA1 hash:	1ae6ccc4925e19f5efead03c9815a86e4cd14606
MD5 hash:	91d0f4d0cb755e3bc45db4f622e69472
humanhash:	october-spring-nevada-massachusetts
File name:	w.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'272 bytes
First seen:	2025-03-26 09:02:43 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:8ffnNNI6hMKcmfLxN+gdQCbLFto0Lr3ClA:8fvbhMAfLxN+gdXLFto0Lr3P
TLSH	T17D21F2FE53D0622788BECFD834A58514911485E3E81F1B39A9ECC8BAD5C8F28B105B58
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.142.252/bins/morte.arm	28160bf93c530f29debe7ee5823d054fce00c656488484243b3df562522bba4b	Mirai	elf gafgyt mirai
http://176.65.142.252/bins/morte.arm5	5b0ab59e2effcdf5d4b207e26c06750e7842aff21f9acf2194f37e3861616de9	Mirai	elf mirai
http://176.65.142.252/bins/morte.arm6	4a6433f5f79cd0461c1066d3cf3771dff1e0904437bcb1166e31233112e090ed	Mirai	elf mirai
http://176.65.142.252/bins/morte.arm7	b9562204af537f20775950f97dedfa9f0673b2e96346487b32546321c8c2e6d6	Mirai	elf mirai
http://176.65.142.252/bins/morte.i686	n/a	n/a	n/a
http://176.65.142.252/bins/morte.m68k	4c4e314d65e8f7580165b9d30ff9579d7ceb4d64b21ebfc6bc3e538c5626e539	Mirai	elf mirai
http://176.65.142.252/bins/morte.mips	bb1d5fae47f2d0bfc3a90ef929e184a044cf7e79ea9b425235ff5938339cde74	Mirai	elf mirai
http://176.65.142.252/bins/morte.mpsl	824e1994e8c1b10c8b7aed4633c33de2f00232e3c05f41d821308773ebd46d60	Mirai	elf mirai
http://176.65.142.252/bins/morte.ppc	d293d55e8bcca07c8f98dbb61d2160c92895d30789844da6562f3f9edd2d75c6	Mirai	elf mirai
http://176.65.142.252/bins/morte.sh4	37862b510e51a5a578053f62afa314c72f96f8f55001b08642ac38664a0cba11	Mirai	elf mirai
http://176.65.142.252/bins/morte.spc	1a8c567f59499d1616c773a41ec5515f52e59011c2794b5005759a515ae25684	Mirai	elf mirai
http://176.65.142.252/bins/morte.x86	f325107c2f28835ae71d9582579fe8ebac836c45cdac8b74c0fbfaa18b8009d6	Mirai	elf mirai
http://176.65.142.252/bins/morte.x64	8d7d23f84bea58d2217449e21321e6a29adea456b4879c206a213a51bfae5d3b	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e3c2e6cb6d38a89f3e4c03linux22vpnfull_triage

Tags:

downloader trojan hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67e3c2db631830704a878a7f/reports/4a16524b-6c1d-4172-ab8f-1e664b1c4657/overview

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80/

Threat name:

Linux.Trojan.Alevaul

Status:

Malicious

First seen:

2025-03-26 06:18:53 UTC

File Type:

Text (Shell)

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uhgkcwkepnvwapsi7dd32mfquylv57pdlxhtszt2lfazd6ccj6aa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250326-kz6pwszyft/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a1cca159447b6b603e48f8c7bd30b0a6175efde35dcf39667a594191f8424f80

(this sample)

Mirai

elf ab00be865d90d23f5b838d88f173b16e22c48fe651e31fb24d5a0b1db1398c1c

URLhaus

https://urlhaus.abuse.ch/url/3491015/

Delivery method

Distributed via web download

Dropping

MD5 6ef0bf40e05c85957113b9b87ddfcc42

Dropping

SHA256 ab00be865d90d23f5b838d88f173b16e22c48fe651e31fb24d5a0b1db1398c1c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample