MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89
SHA3-384 hash:	dbe6d7d79ac5c3674c90c1ddefb8540cdb9f164798a37b2df15241d2bfe75e26c66710e53e1ac595221fee85cc8bc308
SHA1 hash:	e8eee7aef7adfbe05c04ad0078aa1e2e085960e4
MD5 hash:	14a47ff3ca2226dd1d3460f13d72d07a
humanhash:	foxtrot-salami-nebraska-sweet
File name:	c.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	774 bytes
First seen:	2025-03-26 20:57:14 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3J3VExqxVaRHxVrNIjlTBAxV4iKl2ExVh81xVedKAxVf9qxVuFG10qxVN6ZxV5hy:3J3yxL5NIpOKlm0m1634Rn
TLSH	T1C1010CDC427166261B2CCE5DF76F9108548299D0F7721D09E85804AA9CEC38BF065F97
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.32.162.27/bins/parm	08984a611ad4418504d468a1fe64b509c03a5248d221ceb548a618309cb6dee1	Mirai	elf mirai
http://193.32.162.27/bins/parm5	7086e3187ff903595871f8f2cd65c37275efc5348591c3fa6508ccd665f2abaf	Mirai	elf mirai
http://193.32.162.27/bins/parm6	79e10cafec2223778f3c8e792d64cd4f71fc1328e47cb28a3f377bc2680561d7	Mirai	elf mirai
http://193.32.162.27/bins/parm7	b81bb64eb774619193e55844ab2cedd1df6f7393dadbde64dd3f346c1a0f740a	Mirai	elf mirai
http://193.32.162.27/bins/psm68k	n/a	n/a	n/a
http://193.32.162.27/bins/psh4	3ca4e81d75c1e5676528a887cfdd04a6811f38098d14d2c92abb861aae2eb820	Mirai	elf mirai
http://193.32.162.27/bins/pmips	c90123178eb93e2fa8c843507d8c388b6cc5331c0e130a11e44c5f009d721394	Mirai	elf mirai
http://193.32.162.27/bins/pmpsl	6802100b58427ba2a7551675a48db11f6961452b50081f44ec429aaec9a523b8	Mirai	elf mirai
http://193.32.162.27/bins/pppc	acbcff5c1ed25d46c41a7ddb6412fecc83b7452d4c6641d3a41fc92c97dd8508	Mirai	elf mirai
http://193.32.162.27/bins/px86	a2d91163eeefbc033b7f4aad57635df36c770a8a2f7864e78d8831739c1d9da6	Mirai	elf mirai
http://193.32.162.27/bins/pspc	cd16e244412355b703d39015aae6803d32307f831af3f8ac41155e3c7d97d8f3	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e46a30cb6d38a89f3e7e13linux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67e46a2ef274bf2d8e241c4d/reports/0d700a85-8b42-4115-87f2-de09bfa994a5/overview

Result

Verdict:

UNKNOWN

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89/

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-03-26 20:58:15 UTC

File Type:

Text

AV detection:

9 of 24 (37.50%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xc5eylcmnq2ttcl2v45xz73tfc7lxs7b7zqkzcslr2b5ft42t6eq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250326-zrq2sssygy/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b8ba4c2c4c6c3539897aaf3b7cff7328bebbcbe1fe60ac8a4b8e83d2cf9a9f89

(this sample)

Mirai

elf f4a33ba766bb8ad1b5e07429a771840d2ef1782949b789a352f8110773bb3aac

URLhaus

https://urlhaus.abuse.ch/url/3491009/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3459046/

Dropping

MD5 dac23384f897c5a29ad94da7914fd993

Dropping

SHA256 f4a33ba766bb8ad1b5e07429a771840d2ef1782949b789a352f8110773bb3aac

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample