MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f
SHA3-384 hash:	499455abbd575a92843b1170051b9d790783cce9fed55990abfed977cd4bc4f1645e3b52bbbccf2fac166d9db95d011f
SHA1 hash:	934bf7bd3c75f16e5e9dc831a7aa13549eadcc27
MD5 hash:	8e715514ea0b306d684b8c67157d9a6f
humanhash:	shade-coffee-vermont-jig
File name:	gig.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	220 bytes
First seen:	2025-02-10 03:16:26 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:L2UiMwWcqR6WgrzIyGBzSEyLTUWaXw8Ui9WFKV2UiMwWcqR6WgrzI8TBzSE8eU6V:LFwBWgrzeIyw7FgFwBWgrzLTL1wC
TLSH	T1BFD0C7C90853794045486CC73567837FA582C7DC515B4BDE5DCC1539A58D754F490B41
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.143.1.32/mips	6cb427e528d9d6e68e43e97ff0f81ddd5768458159561d0fafdb5dffd0b6f7b2	Mirai	32-bit elf gafgyt mirai
http://193.143.1.32/mpsl	86c056be36634614be66908d7f0972d73bb765bad533391385adf9656ac0151e	Mirai	elf gafgyt mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

90

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67a97073f667f46cd182c3bflinux22vpnfull_triage

Tags:

trojan hype sage

Result

Verdict:

UNKNOWN

Score:

1%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f/

Threat name:

Script-Shell.Browser.Tsunami

Status:

Malicious

First seen:

2025-02-10 03:17:14 UTC

File Type:

Text (Shell)

AV detection:

5 of 24 (20.83%)

Threat level:

4/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=urvncenl37rfy7xxpy5owxuwzhuyuuf754wicirsjpk6lali2upq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/250210-ds446azrav/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a46ad111abdfe25c7ef77e3aeb5e96c9e98a50bfef2c8122324bd5e58168d51f

(this sample)

elf 834b00373b7c589d9032bc8b06c66adab67ada1e1ae700356f05d252d94c04eb

URLhaus

https://urlhaus.abuse.ch/url/3424087/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3424028/

Dropping

MD5 3e97bfe89f2f60387a15d19dcecc3fbc

Dropping

SHA256 834b00373b7c589d9032bc8b06c66adab67ada1e1ae700356f05d252d94c04eb

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample