MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e
SHA3-384 hash: 99060e8635f47c3fb84a2410a053ff98dab3c5a9cab3f14ed17ceccdf7b9b144fc4bff9b3ecaee89bdcd01535c1ac9fa
SHA1 hash: b55f81de6645178bd311a0cc229f16d4b0f1bd67
MD5 hash: 8959bd51dc5167cc2d366f000f40182a
humanhash: equal-venus-high-solar
File name:adb
Download: download sample
Signature Mirai
Create hunting rule
File size:419 bytes
First seen:2025-02-10 16:56:24 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:hW7Qj/WOIAloW6qVWiNIl5zA7HEW3f0LKje:I7QaxIx6NiNI7a6Ki
TLSH T16AE037D8F93956B71958CD0CF07A88446457E3C45079C3CC6C4E183D217491870D8F48
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.57.102.68/armd61588f19991b7c9b60acd508ff38bbbfa4224a818db357afbd67d6109dcd4ac Miraielf mirai ua-wget
http://31.57.102.68/arm4d61588f19991b7c9b60acd508ff38bbbfa4224a818db357afbd67d6109dcd4ac Miraiddos elf mirai
http://31.57.102.68/arm5bdda53da099bc4a8ceaa1ef191dba0bbe027dc5882b81b28ce9a8372f33863bc Miraiddos elf mirai
http://31.57.102.68/arm67789cc1cbd2719df2061b3189a2daef7dc87c0beeb40d54b6857a8e24d991c28 Miraiddos elf mirai
http://31.57.102.68/arm73f31d0b03c56cf6524a7915cb9aa46cd0144cc045b493d7f14a074a1b29a7353 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67aa427449f32dfb0d82df83linux22vpnfull_triage
Tags:
mirai virus shell html
Verdict:
Malicious
Labled as:
Downloader/Shell.Generic
Link:
https://www.hybrid-analysis.com/sample/c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e/
Threat name:
Linux.Downloader.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-10 18:15:29 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7xjmzulb7mmkdh74iybzbxlxoac4cchf6bfkreimy56eitl7zha._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery
Link:
https://tria.ge/reports/250210-wv3m8a1kdq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c7ee96668b0fd8c50cffe2301c86ebbb802e08472f82554488663be2226bfe4e

(this sample)

Mirai

elf d61588f19991b7c9b60acd508ff38bbbfa4224a818db357afbd67d6109dcd4ac

  
URLhaus
https://urlhaus.abuse.ch/url/3435030/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bbd9a91229163f1471278984320a4af7
  
Dropping
SHA256 d61588f19991b7c9b60acd508ff38bbbfa4224a818db357afbd67d6109dcd4ac

Comments