MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a
SHA3-384 hash:	266b6400c3541aab91c32181accdff333e6a6ce651d9ef923f339f69cc4169f2af0c8d1a9595352deeec20da57008839
SHA1 hash:	2b8bcd160bfde5324cd83f184dfeb0f015f98000
MD5 hash:	1fbed4f71982260f171140daff3c91d7
humanhash:	march-rugby-robin-alpha
File name:	bins.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	10'746 bytes
First seen:	2024-11-28 02:31:31 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:iQTLjSuQKfSggudpbmWmxFTq7u7L78IsosjSggudpPPmWmxFDAUVOnu7L78Idnqp:tTLjSuQKfVmWmxF27DNmWmxF8TLjSuL
TLSH	T11F22EDDA03E8397095498D386B646DD073D85FE2DCC28E96AA8C2897C24BFC57D37B41
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

1

# of downloads :

99

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.31244.LX.BOT.UNOFFICIAL

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Sanesecurity.Malware.30787.LX.BOT.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6747d7ead0583382434b9279linux22vpnfull_triage

Tags:

gafgyt mirai

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive

Link:

https://www.filescan.io/uploads/6747d6248f37cc1861ff395c/reports/0c3e3899-1a12-460c-b4c0-237dd3db3bfb/overview

Score:

1%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a/

Threat name:

Linux.Downloader.Dwnlodr

Status:

Malicious

First seen:

2024-11-28 02:32:06 UTC

File Type:

Text (Shell)

AV detection:

16 of 38 (42.11%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z4jcphewhxmzonk25vqttduzodgasimqmdoif4oyrpyto4du75va._file

Result

Malware family:

n/a

Score:

9/10

Tags:

antivm defense_evasion discovery execution linux persistence privilege_escalatio

Link:

https://tria.ge/reports/241128-c1ad3s1paw/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

Creates/modifies Cron job

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Renames itself

Contacts a large (1812) amount of remote hosts

Creates a large amount of network flows

Malware family:

Mirai

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/cf12279c963d/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh cf12279c963dd997355aed61398e9970cc09219060dc82f1d88bf1377074ff6a

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3273898/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample