MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a
SHA3-384 hash: f6defdddab0d51a7c705e187637321621d49d0817d6d69e3e60ec9198f178ddb1340473571618507051ca783f414475e
SHA1 hash: 7ab751d535b6a5db2c1fa1b37dc42746ea3d6e9c
MD5 hash: 435b552095502a5e482905e2ff30a0c9
humanhash: spring-don-december-mirror
File name:x.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'427 bytes
First seen:2025-01-11 06:57:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:sF+QiiibMTgVkttNwK3gV2E+s/qyqF++iiibMPVIV0ttDiKPgVYEks/ky9:ergYsCRTg4ssC
TLSH T1DD61F40074735C6A7EE2A88FB17AC50977E5344E1CE19FC1B0ED76BA908DD487A82323
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.222.191.90/oops/Kloki.x86_64n/an/an/a
http://83.222.191.90/oops/Kloki.mpsln/an/an/a
http://83.222.191.90/oops/Kloki.mipsn/an/an/a
http://83.222.191.90/oops/Kloki.arm4n/an/an/a
http://83.222.191.90/oops/Kloki.arm5n/an/an/a
http://83.222.191.90/oops/Kloki.arm6n/an/an/a
http://83.222.191.90/oops/Kloki.arm7n/an/an/a
http://83.222.191.90/oops/Kloki.m68kn/an/an/a
http://83.222.191.90/oops/Kloki.x86n/an/an/a
http://83.222.191.90/oops/Kloki.spcn/an/an/a
http://83.222.191.90/oops/Kloki.ppcn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678216462c8240e189bbce71linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/678216451b01484d158e9fea/reports/cefc7bdf-9fd8-4d4f-80dd-9b41285f2662/overview
Result
Verdict:
MALICIOUS
Score:
31%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a/
Threat name:
Script-Shell.Trojan.MiraiA
Create hunting rule
Status:
Malicious
First seen:
2025-01-11 03:07:01 UTC
File Type:
Text (Shell)
AV detection:
11 of 37 (29.73%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vooeldu7q4httrignxz5ic4dgwhcvbebpa2josrtrvsfuzl5r2na._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250111-hqy8casmdn/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ab9c458e9f870f39c5066df3d40b83358e2a84817834974a338d645a657d8e9a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3396822/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3397136/

Comments