MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f
SHA3-384 hash:	4672c7dd8c2e07d30fefad89f6a546dc37ce4a3fe907cd0dd2c4493fe9964d0611382d4421d9cacd70eeecb80dbad634
SHA1 hash:	f5fb43d6e5896bc36fd5359be38d8400f7415de2
MD5 hash:	ce33676f9ab8e6d9c8c87ae1f5896645
humanhash:	don-sierra-washington-august
File name:	arc
Download:	download sample
Signature	Mirai Create hunting rule
File size:	269 bytes
First seen:	2025-03-02 16:46:34 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	3:TKH/qMRXuljGVjKgqqROnQzanFCKl2f0FAI4zGVKRniqI4zGVKRnBqEEccJKocA0:JQwjGV24RzOnFflE0FX4z3niJ4z3nF20
TLSH	T13BD05ECB008247F05DC9553B32669D58BADAA267AFD30D81B6AC24F2C98DF907581593
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://83.147.13.230/Yboats.arc	4bd47f2ad2d89f4e034c979a2a258f8ba622d629aca35c535db455da81471a70	Mirai	censys elf mirai

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67c48c65c668b65489be6896linux22vpnfull_triage

Tags:

downloader agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox

Link:

https://www.filescan.io/uploads/67c48b9be95d0f9029e272fa/reports/d1839c6d-7d50-4829-af26-8dc5f34b22c2/overview

Result

Verdict:

UNKNOWN

Score:

13%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f/

Threat name:

Linux.Downloader.ShWg

Status:

Malicious

First seen:

2025-03-02 16:47:20 UTC

File Type:

Text (Shell)

AV detection:

11 of 38 (28.95%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2vesikr3xqwa36yplfadxmxxkzg7jzves5wjeyz4wzzuiqroqnpq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery linux

Link:

https://tria.ge/reports/250302-vakq8syqz5/

Behaviour

Reads runtime system information

Writes file to tmp directory

Checks CPU configuration

File and Directory Permissions Modification

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh d549242a3bbc2c0dfb0f59403bb2f7564df4e6a4976c92633cb67344422e835f

(this sample)

elf 4bd47f2ad2d89f4e034c979a2a258f8ba622d629aca35c535db455da81471a70

URLhaus

https://urlhaus.abuse.ch/url/3463207/

Delivery method

Distributed via web download

Dropping

MD5 9c4381f4a0f341fc958f8b1554a9549f

Dropping

SHA256 4bd47f2ad2d89f4e034c979a2a258f8ba622d629aca35c535db455da81471a70

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample