MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248
SHA3-384 hash:	38fdb87beb820cf21205cf00a7ad5165f098c81e175db723a008990c4b6b7625b6e7642eb79e77e3459723c6a3ed01b8
SHA1 hash:	b62982d2c840a1d44ccc27b1609ac6677c22fad2
MD5 hash:	fa2d0c8de44dcf96c04ad5cde60a2986
humanhash:	quiet-fix-echo-robin
File name:	o.xml
Download:	download sample
Signature	Mirai Create hunting rule
File size:	665 bytes
First seen:	2025-03-29 13:56:35 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:FzY8id/7JAC7akxGWi2jX0KTkkjtx51n5hpnv:FzY8k1/sWi2jkwtP15r
TLSH	T12A0146DCF1BCCB91099DC58AF6B061048482D0C7E2F55BC9F28D0820AF04E8E366364D
Magika	xml
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.32.162.27/bins/px86	a2d91163eeefbc033b7f4aad57635df36c770a8a2f7864e78d8831739c1d9da6	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

1

# of downloads :

72

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e8fefe855e5ec5240a0a8blinux22vpnfull_triage

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade opendir opendir

Link:

https://www.filescan.io/uploads/67e7fc3b631830704a8af3a2/reports/05226274-d000-4e00-b0de-0891c11a989d/overview

Verdict:

Suspicious

Labled as:

Linux/TrojanDownloader.SH

Link:

https://www.hybrid-analysis.com/sample/cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248/

Threat name:

Script-JS.Malware.Heuristic

Status:

Malicious

First seen:

2025-03-29 00:28:00 UTC

File Type:

Text

AV detection:

1 of 36 (2.78%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=znw7i643z6lfyemmo5sk5thnjer435wi4se34owsxd7hfxokajea._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh cb6df47b9bcf965c118c7764aecced4923cdf6c8e489be3ad2b8fe72ddca0248

(this sample)

elf 48149300436783604a0ba8626ceba9d4060efad73592fcee69fc5cc8eedc6028

URLhaus

https://urlhaus.abuse.ch/url/3493635/

Delivery method

Distributed via web download

Dropping

MD5 4995d05bf5468109373f0a5608ec3793

Dropping

SHA256 48149300436783604a0ba8626ceba9d4060efad73592fcee69fc5cc8eedc6028

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample