MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2
SHA3-384 hash:	4595b79efda7a86ba3fa1c83232121ecd5551389b6f0186e0bb4e6864fc579c6acad5b8225183bc47bc5ada95a42ee38
SHA1 hash:	8c2dac0ab9be37cde3fe00706258b8df50db58ad
MD5 hash:	8d21f1c960db87329aff091b8bbd5548
humanhash:	triple-mike-tango-pip
File name:	cn
Download:	download sample
Signature	Mirai Create hunting rule
File size:	534 bytes
First seen:	2025-01-21 02:17:02 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	6:LwWgrebTNXbYCDwWgrfK12XyXICDwWgr3OvmXZi/DwWgr3LoXZJDwWgr3hNIF+KM:PTNXMm2XhNOeXpLoXehNIbMXvNq7XI
TLSH	T1A2F06288A962BA430A2CEDAE7277199C6453C78C888FDBDD6F8514398C68E44F01CA04
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.143.1.54/mips	4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74	Gafgyt	501 censys elf gafgyt mirai ua-wget
http://193.143.1.54/mpsl	18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95	Gafgyt	501 censys elf gafgyt mirai ua-wget
http://193.143.1.54/arm	c3ec245cdc58d8b25e12470a44404e2a135fbdb77fa3fb6045ac82e830774b32	Mirai	501 censys elf mirai ua-wget
http://193.143.1.54/arm5	1bdfd29df98654dc39b4b47610dbc96a0f5648f60eaa86a376819116e26a3c64	Mirai	501 censys elf mirai ua-wget
http://193.143.1.54/arm6	ac5a14d2642519096868b1354376b89e221a7da37035ff265cb6a60ca8a2295b	Mirai	501 censys elf mirai ua-wget
http://193.143.1.54/arm7	95e6dc726730b384f3076adbf92ec1036bc7c104438a3e5204e6d03e9926143e	Mirai	501 censys elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

94

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=678f4dbab5602ee8cdae3e84linux22vpnfull_triage

Tags:

mirai virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/678f03a7c485acb3170f3522/reports/6ba5b41b-c864-436c-829a-8e219da75be0/overview

Verdict:

Malicious

Labled as:

Downloader/Shell.Generic

Link:

https://www.hybrid-analysis.com/sample/be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2

Result

Verdict:

UNKNOWN

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2/

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2025-01-21 05:27:03 UTC

File Type:

Text (Shell)

AV detection:

17 of 37 (45.95%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xyhlggacgeso3o7zxykeukjpfyhpicnaxvfkfxypee2sgmgorpra._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250121-h931mssqbr/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh be0eb318023124edbbf9be144a292f2e0ef409a0bd4aa2df0f21352330ce8be2

(this sample)

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

URLhaus

https://urlhaus.abuse.ch/url/3407911/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3408119/

URLhaus

https://urlhaus.abuse.ch/url/3407996/

URLhaus

https://urlhaus.abuse.ch/url/3407560/

URLhaus

https://urlhaus.abuse.ch/url/3407705/

URLhaus

https://urlhaus.abuse.ch/url/3407855/

URLhaus

https://urlhaus.abuse.ch/url/3407651/

Dropping

MD5 ebaf6768ac8705e48d2403468bf8df74

Dropping

SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

URLhaus

https://urlhaus.abuse.ch/url/3408128/

URLhaus

https://urlhaus.abuse.ch/url/3407569/

URLhaus

https://urlhaus.abuse.ch/url/3407848/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample