MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab
SHA3-384 hash: c73d581dbc8d7741502223b9fc13602a88d26e32cadddbc59fb6fe37942c2f6758f9373579bc98a81608d99831641c3a
SHA1 hash: a4228b69c7698b7b0b5325ccbc7248e17b59ae84
MD5 hash: 6771236c26c98bd81b5e8d10180651a1
humanhash: sodium-sierra-wyoming-oven
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'353 bytes
First seen:2024-12-26 09:11:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:Ts1oj6XwarNIfBRKhI88rG31dwwdoHJhjmFCDv:AyjALURZ1rG3jRdYJpdz
TLSH T1CA210EC61322DC0A43FFDF8A75154458F050D5A768AFD7AC9C4D8D7AA5A1304F0B6E58
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.213.190.246/bins/byte.x863c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615 Mirai32-bit elf mirai x86-32
http://154.213.190.246/bins/byte.arm36b5ad3793ba15e920ea49a43467610bfce85149afc12af166a56bb2011a9165 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm59a7e77eff17b6bab95e53989adca31512823cf0c92a342a1b7e2ca445d9bb560 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm67f089801a37f1d9a83a5103c8f9b1c6fc00f9ce699cb812cc23704aea8d46c8c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.arm75da633f7a8255cbb98c8a7e20275283dfbd32e8caf222d8427ced92340a4fc0c Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.m68kddfa8420830bc6c810baea92c293ffd3887f72efa0783df911034a11f382f431 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mipsb3bfa58c4e2b12d2dfa7571a84ca63bd2103e2f022e0f7caa8f02607e9f96d51 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.mpslafa7eab80fa5332cb8e1c47751769c5903221c91f96de122a5ac9121d598f197 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.ppc8839604630cffc6f3ee31aaa8c20f65452036349b047978adcf9149a67f50511 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.sh4f748206ffbad9746b208a6f0c0135d9f1f670664f4eab81c9ca311f000401e67 Miraielf mirai ua-wget
http://154.213.190.246/bins/byte.spce76f1b70be2277a65f7fe5c758178f224c06cf1c09ec520a1f70df07b3f6b408 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676d1df68a4d48ee35ff95a9linux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive lolbin remote
Link:
https://www.filescan.io/uploads/676d1df04ad9baa7beddf3a6/reports/a1f4a1f8-7b43-472c-96f8-49f4d73c84ae/overview
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2024-12-26 09:12:13 UTC
File Type:
Text (Shell)
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnjueko25qigr6xmidojb3luiydp7iptdy4hgbdpcp5na2ciosvq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241226-k56xvaskan/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bb534229daec1068faec40dc90ed744606ffa1f31e3873046f13fad0684874ab

(this sample)

Mirai

elf 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

  
URLhaus
https://urlhaus.abuse.ch/url/3377062/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3377097/
  
Dropping
MD5 bb9275394716c60d1941432c7085ca13
  
Dropping
SHA256 3c0eb5de2946c558159a6b6a656d463febee037c17a1f605330e601cfcd39615

Comments