MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f
SHA3-384 hash: e3d9da1e82bfab49565c36e6cf81af8277e2ffa2892a8742eccea2ca8b062bee1a35c3fbc7fdd92f93e1db94c09ce563
SHA1 hash: 6abe26eb12cbb5f51bdd42c3eba91b1d3ed5fd45
MD5 hash: 82e91a07ab5973e0b248e7195c76936c
humanhash: echo-april-nineteen-twelve
File name:lkjlkjljljljlaasdlasd.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'357 bytes
First seen:2024-12-25 07:51:09 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:MB6jJjOjp/jrrNIJjtRKsjII88rG3DjlZjndKjdnjtmUjBIPv:q6FjO9/PWhRjUI1rG3D5Z7dKBnRDFIX
TLSH T13421A0852311DD8663FF8FCA36218849F010C7B7789FD7ACCC4E8C6D5A91204F4AAE58
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.213.190.246/bins/byte.x863c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615 Mirai32-bit elf mirai x86-32
http://154.213.190.246/bins/byte.arm36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm59a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm67f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm75da633f7a8255cbb98c8a7e20275283dfbd32e8caf222d8427ced92340a4fc0c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.m68kddfa8420830bc6c810baea92c293ffd3887f72efa0783df911034a11f382f431 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mipsb3bfa58c4e2b12d2dfa7571a84ca63bd2103e2f022e0f7caa8f02607e9f96d51 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mpslafa7eab80fa5332cb8e1c47751769c5903221c91f96de122a5ac9121d598f197 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.ppc8839604630cffc6f3ee31aaa8c20f65452036349b047978adcf9149a67f50511 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.sh4f748206ffbad9746b208a6f0c0135d9f1f670664f4eab81c9ca311f000401e67 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.spce76f1b70be2277a65f7fe5c758178f224c06cf1c09ec520a1f70df07b3f6b408 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
133
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676bb9a68a4d48ee35ff2edflinux22vpnfull_triage
Tags:
downloader mirai virus html
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive lolbin remote
Link:
https://www.filescan.io/uploads/676bb9b04ad9baa7beddc4dd/reports/d2302245-ec90-4467-bb77-e4192a34df39/overview
Result
Verdict:
UNKNOWN
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f/
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2024-12-24 15:06:41 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wjyjmpngecsxhdnghjs6l6ouxnvjaevcw5dr6ooewl2jkuilwapq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241225-jqdr3s1lf1/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b270963da620a5738da63a65e5f9d4bb6a9012a2b7471f39c4b2f495510bb01f

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  
URLhaus
https://urlhaus.abuse.ch/url/3375876/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bb9275394716c60d1941432c7085ca13
  
Dropping
SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments