MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198
SHA3-384 hash:	77d6b76e3a52bbb4e686f0143f8334e13e28c79d9f0f3067cf351854f52709a5aad78145fc495d6b825a84c36ba87c69
SHA1 hash:	f95aaf171eb790ad90fc9da3dbd6a113237784dd
MD5 hash:	3b170b39e719ed18e597041891578daf
humanhash:	eleven-arkansas-queen-fruit
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	778 bytes
First seen:	2025-02-09 19:41:08 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:Jj+Uq+QNIl5zA+50LKj+gOs+EC+2/+DSE+2taKA+Ej+siA+0fAUv:JfQNI7GKxrOIBtBS7xv
TLSH	T19A01CC9D311157950C0E9D0370AA0AC4964EE3C07278AF9DE94C487B5CD9605749CFBF
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.191.245.128/arm	e4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e	Mirai	censys elf mirai moobot
http://160.191.245.128/arm5	6fff4613e86ec31a62ac216f4d8165540bf848d12c1c56210943d34d24ba2e98	Mirai	censys elf mirai moobot
http://160.191.245.128/arm6	bfd77e47ec2a24abef601efe5aabc33c1ce7bb09b2a6c49bc1cc74b2ac487f70	Mirai	censys elf mirai moobot
http://160.191.245.128/arm7	877e42a47d8eb971c4e4d1a5e336048ed4fc6bc5d448b6c163a34e080a6fc071	Mirai	censys elf mirai moobot
http://160.191.245.128/m68k	fba19afd35d37cac554b2594a4ccc73a485ec495d6843889a81169ec3b49fee1	Mirai	censys elf mirai moobot
http://160.191.245.128/mips	859bf0ab1e056057e423b613b1bdf557f4c5f55cfd39c770385e3aa978b0b9ca	Mirai	censys elf mirai moobot
http://160.191.245.128/mpsl	fb3887f0459af8f20a6368853887281b00e507859955105b0acbb16caa7937f5	Mirai	censys elf mirai moobot
http://160.191.245.128/ppc	4c69ccc4c590186eb6045441e1a97ecfa3ef83956e8acde302e8fbc29603cee9	Mirai	censys elf mirai moobot
http://160.191.245.128/sh4	172ac7badb194e01c2c7a62ca934363389031a8e0523c36d6567af9be3b15a8b	Mirai	censys elf mirai moobot
http://160.191.245.128/spc	4cd16e7f9d1134a83f9526243b533ca37cb3d39373909f3330849164fe129ead	Mirai	censys elf mirai moobot
http://160.191.245.128/x86	7ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b	Mirai	censys elf mirai moobot
http://160.191.245.128/x86_64	1ebe6d1924ccb4b64931026e44a0425d00ca12a237ac1c3d93e5b7c0937e13c5	Mirai	censys elf mirai moobot

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67a905b6f667f46cd182ba1blinux22vpnfull_triage

Tags:

trojan agent miner

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198/

Threat name:

Script-Shell.Downloader.Mirai

Status:

Malicious

First seen:

2025-02-09 19:42:21 UTC

File Type:

Text (Shell)

AV detection:

16 of 24 (66.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xnvhl2wgbrjowmq2hua3hcrxcmlpuf6qpn2og4nnpdaynltesgma._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery

Link:

https://tria.ge/reports/250209-yd8h9a1jdy/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bb6a75eac60c52eb321a3d01b38a371316fa17d07b74e371ad78c186ae649198

(this sample)

Mirai

elf 930ada811e8b3711ed6b90a1b23972ba06205c0ae24748295f77cde0f6abada2

URLhaus

https://urlhaus.abuse.ch/url/3433730/

Delivery method

Distributed via web download

Dropping

MD5 fb21ec1102b906fd5e36fa2329d7c8fc

Dropping

SHA256 930ada811e8b3711ed6b90a1b23972ba06205c0ae24748295f77cde0f6abada2

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample