MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df
SHA3-384 hash: aa1bc2abeed6e41a82354d8bbbcc1a09534fdf471311144cc378b62329d4b880546514aca35447d444d14cb40b814860
SHA1 hash: 2c7a708bfdc2c51d292d6cff5360a09fd6407632
MD5 hash: a12622c507ea7f875cbbdc44d5d39709
humanhash: three-july-kitten-lion
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:910 bytes
First seen:2025-01-24 21:36:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3YW3K8WNIqxzKxi2PgZ1k1xoTOu14HR:WW3K8+xzSi2PgZ1YoTOI4x
TLSH T15A11CE9E1299D2C22B1DCDC771ADCC0CB252A7D9B5B8D731FC648C32419A3623845BB7
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://46.203.233.54/bot.arm60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4 Miraielf mirai ua-wget
http://46.203.233.54/bot.arm5e4b00b9c3b2ea39757c962be76f2a077bebf69257bd8826b80884663864db508 Miraielf mirai ua-wget
http://46.203.233.54/bot.arm6f1fad1ffc73042775e2fc8f608c5f6a0ffb2495ff4619004ad66c1083aa9cfb4 Mirai32-bit elf mirai
http://46.203.233.54/bot.arm7c2f47dfdb6b1de9f3cc6cee840dcaa037055f5018219dc954b3ce10f46641675 Mirai32-bit elf mirai
http://46.203.233.54/bot.m68kcdd4d3538d5b1b24e362a4d38bbe4a6186f518e8684963c5300e6666652f6be7 Miraielf mirai ua-wget
http://46.203.233.54/bot.mips7d03951f444b46f7462d14d653ebd72819a8bd1597f132620cdc76f084a40143 Miraielf mirai ua-wget
http://46.203.233.54/bot.mpsl49026d339f95feb832ff21c1c6e443922fac17ffb3755cbc26da2f573df5a9ce Miraielf mirai ua-wget
http://46.203.233.54/bot.ppc562f897feaa5066ae61d29c0a528ee43aa48144f66a8305eb18b7b710acd90e8 Miraielf mirai ua-wget
http://46.203.233.54/bot.sh4d3ac5a012bba30aa68258d5aa1bc4b692d84f708d7a993553cc3c2d33ab12258 Miraielf mirai ua-wget
http://46.203.233.54/bot.spcn/an/an/a
http://46.203.233.54/bot.x865c60f217aefb31989c18abf629e09413213045a9b59131128647ae1aafbfb73b Miraielf mirai ua-wget
http://46.203.233.54/bot.x86_6416fef6652f7bfaa99b4c6f363d839c4ff782e4db905a8fdd06ddba3615670c89 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679408b1b5602ee8cdb05946linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/679408032a1b30f5047933f0/reports/d07179d4-f355-4ece-adbc-725f920cdcd9/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-01-24 21:37:06 UTC
File Type:
Text
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3bda6vrio63nf4i2qhfhsh4z5cc3v66qllw4khelffis7rvsdpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250124-1gfzhs1mbq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh aec2307ab143bdb69788d40e53c8fccf442dd7de82d76e28e4594a897e3590df

(this sample)

Mirai

elf 60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4

  
URLhaus
https://urlhaus.abuse.ch/url/3412746/
  
Delivery method
Distributed via web download
  
Dropping
MD5 93851423def03d8829eb0670d1d2e5e6
  
Dropping
SHA256 60d712bc943f1b25405576304dd1e6ecc2d77979d25655a8a2f9b48844cf62f4

Comments