MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43
SHA3-384 hash: b522f9577db018d4ecc55cb16826d7cd92439b25a1ff7f61bfecc0ed1eeed819d23625b285e5f77de17a132b0dd6f312
SHA1 hash: 8e9e0c9cb4506f1eb586830bdb7c3bafb5fde15e
MD5 hash: c7fe38ae597ea8b5329bedb0f5787050
humanhash: undress-shade-social-zulu
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:874 bytes
First seen:2025-02-16 20:22:02 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:hQHoQL9QnNIqiQuKxjQ8QTQJ6QzQV1oiQaHQgQP:hQHoQL9QniQuSjQ8QTQJ6QzQHQaHQgQP
TLSH T1BC1130CEB096E086043ADDDE2159DC0A6014ABD874BD5B39FDE54D3740E95123424BAA
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://36.50.135.137/bot.arm2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81 Miraielf mirai moobot
http://36.50.135.137/bot.arm53fa6d7197bbec5bb1d96f97f1737645b22cb844c11a3aed930cd2b2b3d659be3 Mirai32-bit elf mirai
http://36.50.135.137/bot.arm61f33e44067287ff5c4104f8bbe22b77ad05d935458a6f5c71462bdff49d0ece1 Miraielf mirai moobot
http://36.50.135.137/bot.arm7a22926e5a56297c9f3f2081362b07caf284b599ac41febb56242fc6d3ef12797 Miraielf mirai moobot
http://36.50.135.137/bot.m68k641b2dc15b24ce75704e00821fd1558f4e6eef1993cdb5d809ead88bcab07ae1 Miraielf mirai moobot
http://36.50.135.137/bot.mipsa7b7a683e1b1607f9565ef324595a683e74d7a6ccb6818797dc4950e799df3b4 Miraielf mirai moobot
http://36.50.135.137/bot.mpsle6098ccc165ae47685de413442c912af1e929360f14f95b4a34f07b0f39cc187 Miraielf mirai moobot
http://36.50.135.137/bot.ppcd8a26bc1b096eb6147dbef58c33722f8f6d71ca64b7249998cb38978f7aabe76 Miraielf mirai moobot
http://36.50.135.137/bot.sh4d20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.spcd20191393a69e18e27b6aec10bbe5357232b7f1175beae18ffd743f511cb0ca1 Miraielf mirai moobot
http://36.50.135.137/bot.x860308459dfb913a3648bc2221a6cb559e6959335f59b40ee5fe67112f59020edc Miraielf mirai moobot
http://36.50.135.137/bot.x86_644721d351f7d60b6f73dd6e749d5d089aa6f55afa52fa84051e10a719229d6434 Miraielf mirai moobot

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b24a7828ab76d43a5b4dedlinux22vpnfull_triage
Tags:
downloader trojan agent
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-16 20:22:39 UTC
File Type:
Text (Shell)
AV detection:
14 of 37 (37.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycshyk3rgmwlwp35gi32dpntfqne7uu56wabzp7etghecwlnhjbq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250216-y5x7laxpdp/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c0a47c2b71332cbb3f7d3237a1bdb32c1a4fd29df5801cbfe4998e41596d3a43

(this sample)

Mirai

elf 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81

  
URLhaus
https://urlhaus.abuse.ch/url/3441565/
  
Delivery method
Distributed via web download
  
Dropping
MD5 479e94597509942f50dc732b03444166
  
Dropping
SHA256 2158bd12bf7b7edd41b04e2b7571e9fabd62ab35c3168296973b1c1e74cd6e81

Comments