MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e
SHA3-384 hash: e7cdaaae7be05aa477c3419af3425369ce10a54c4f97a149fb062c5ab3edca7fba311d1b77639dbeb7fba22ef90d1952
SHA1 hash: 67717735c07ac2f7a1d073220052b29fef69f008
MD5 hash: b1bfb1ff9d8765c31e83f0ee9012cb1d
humanhash: uranus-south-alpha-shade
File name:jack5tr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'093 bytes
First seen:2025-03-03 14:56:35 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vDyd6L6k6Rld6i4M67G6J6M/HZ6f6Th6Q6g6aPe9:veAePrAi07584HMS4brX
TLSH T1384157DA32514FB12C67A96372FA48C4B184E0C555D8BEC8D9ED78F8888DD0975C8AF3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.245.128/x867ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b Miraicensys elf mirai moobot
http://160.191.245.128/mips859bf0ab1e056057e423b613b1bdf557f4c5f55cfd39c770385e3aa978b0b9ca Miraicensys elf mirai moobot
http://160.191.245.128/arcn/an/an/a
http://160.191.245.128/x86_641ebe6d1924ccb4b64931026e44a0425d00ca12a237ac1c3d93e5b7c0937e13c5 Miraicensys elf mirai moobot
http://160.191.245.128/mpslfb3887f0459af8f20a6368853887281b00e507859955105b0acbb16caa7937f5 Miraicensys elf mirai moobot
http://160.191.245.128/arme4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e Miraicensys elf mirai moobot
http://160.191.245.128/arm56fff4613e86ec31a62ac216f4d8165540bf848d12c1c56210943d34d24ba2e98 Miraicensys elf mirai moobot
http://160.191.245.128/arm6bfd77e47ec2a24abef601efe5aabc33c1ce7bb09b2a6c49bc1cc74b2ac487f70 Miraicensys elf mirai moobot
http://160.191.245.128/arm7877e42a47d8eb971c4e4d1a5e336048ed4fc6bc5d448b6c163a34e080a6fc071 Miraicensys elf mirai moobot
http://160.191.245.128/ppc4c69ccc4c590186eb6045441e1a97ecfa3ef83956e8acde302e8fbc29603cee9 Miraicensys elf mirai moobot
http://160.191.245.128/spc4cd16e7f9d1134a83f9526243b533ca37cb3d39373909f3330849164fe129ead Miraicensys elf mirai moobot
http://160.191.245.128/m68kfba19afd35d37cac554b2594a4ccc73a485ec495d6843889a81169ec3b49fee1 Miraicensys elf mirai moobot
http://160.191.245.128/sh4172ac7badb194e01c2c7a62ca934363389031a8e0523c36d6567af9be3b15a8b Miraicensys elf mirai moobot

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67c5c423c8d04e92a4beaeaflinux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67c5c34f3c5f644bd94069fa/reports/7bb65f4b-0c32-46cd-9434-fbb202035da4/overview
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e/
Threat name:
Win32.Trojan.Moobot
Create hunting rule
Status:
Malicious
First seen:
2025-03-03 14:57:19 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xewtwwlbearh2logzsun4s3lxyqdjmmcisrfdfgefdv7peeudyxa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/250303-sbn4ya1say/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (243657) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b92d3b596120227d2dc6cca8de4b6bbe2034b18244a25194c428ebf790941e2e

(this sample)

Mirai

elf 7ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b

  
URLhaus
https://urlhaus.abuse.ch/url/3464400/
  
Delivery method
Distributed via web download
  
Dropping
MD5 37d0feb4ebf9725640b381c9120d868a
  
Dropping
SHA256 7ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b

Comments