MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac
SHA3-384 hash:	9ec993c8529c860f43fe38973ff30251eea7be5f3912ed4bb83f5ec03ec850a3460f410b7dcae555dc9cbe4c1201b07b
SHA1 hash:	fc8d5ad8ef6b052021e620cbcb82f89459bddbb9
MD5 hash:	64a708c8763115bdba6cbd152131b86e
humanhash:	utah-failed-sodium-maryland
File name:	w.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'044 bytes
First seen:	2025-02-27 19:02:27 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:wBg01wNIIoKKSfK2ml95W9molATl0wUq0/HA:wBg01moKxfK2g95W9molATl0wUq0/g
TLSH	T1E411A2CF02B1A82949ECDC4C32AE6218A97DC6D13051CFACDD4C46BB7597AB4AD06F0C
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://154.62.226.41/main_arm	e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm5	734d18288048e79e81ef5d34f26de0063b6cafe42a5f6dbdd945bfe8fb8e5b96	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm6	b6514b170d91b411c13ba070e8e7cfd2e9ad98e4d77874b64821d3b7a8c74906	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_arm7	5b138834bf6b729b1281c962bfdb4c2dbef3b5478c2b200c18f39a77c1bf433c	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_m68k	82f996a815055be678e562fb3a72a09bc30f187f17c417a64520e749c497c9f1	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_mips	e3b530b95f981b23945378bf562089e2acb21ae08d82a5dc7b2bb5495d27e72a	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_mpsl	63484602a19f0428e4fdd88591b119f37519e2e11eee1d041017f065daf036d2	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_ppc	64c88b73c5c8cbfab69eac6ee84b700338240cc3485bd9a22c50144b0591626f	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_sh4	435ab8ef0256940b9f2e181d8bc97ee2077583a5e8ee5cc974e9fe138f740f6e	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_spc	0b4c1a8d856eb38d093b610be105c39c6bfc55701f0d68d485a20e1c434b8d8a	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_x86	39c9a49a85178c7cd1d23266464e804fb415980540207e432276a7439cf4c2a3	Mirai	elf fbi.gov mirai moobot
http://154.62.226.41/main_x86_64	729a9b975d43fab9c2e504624d1d9f9dde5ea27e20ed8ea5f19cfc5a8946b06a	Mirai	elf fbi.gov mirai moobot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67c0b7192dfba428b46ee4e9linux22vpnfull_triage

Tags:

hype sage

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

bash lolbin mirai remote

Link:

https://www.filescan.io/uploads/67c0b6f9e95d0f9029e12b27/reports/c855a428-512d-44b1-ac1b-5fb263c44787/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2025-02-27 19:03:16 UTC

File Type:

Text (Shell)

AV detection:

11 of 24 (45.83%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zkqcnrn3zt6oxbkohv5po7i7lbvuqasln44vxkxc5hguzavdqkwa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250227-xqek9svyhx/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh caa026c5bbccfceb854e3d7af77d1f586b48024b6f395baae2e9cd4c82a382ac

(this sample)

Mirai

elf e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022

URLhaus

https://urlhaus.abuse.ch/url/3460019/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3460066/

Dropping

MD5 3713947ffc337850baa678147cf66e26

Dropping

SHA256 e7de0daf2aa863e2918a712a6ba2dc9e13dafa40f1052d5868cd0808968db022

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample