MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2
SHA3-384 hash: 0f7860f2e6c70cc049c2b09aedd1465c729bba0df709f5bf548fea7f73de904bcbd3d3a3fb34a307a332ed1261c9c310
SHA1 hash: 12855ca96cce8db15169ed519653d095c3948dbb
MD5 hash: 769df8bd205407cf16c6d5feef2abb5b
humanhash: carolina-december-carolina-violet
File name:gig.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:220 bytes
First seen:2025-03-07 03:56:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L2UiMwWcqR0TLTeUWRLQmGBzSEyLTUWaXw8Ui9WFKV2UiMwWcqR0TLTeUWRLQcBD:LFwPfWRqIyw7FgFwPfWRjL1wC
TLSH T1E0D0C7C9049338408198EC863567C3BF6481C3C8111B0B8F9CCC1539F58C654F4A0BC5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.134.5/mipsef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget
http://176.65.134.5/mpsl9cf41e60807702cd85a42ffcabb10f2798193200a381b47f3adbebe65f8360aa Mirai403 dosbot Micheal mirai Mirai.TBOT skids Supplys ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ca6fafc8d04e92a4bf8cfelinux22vpnfull_triage
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash busybox lolbin
Link:
https://www.filescan.io/uploads/67ca6e9c4a3011c802c9ff76/reports/5b712776-d6d6-4115-aa16-1e32fc35c4fc/overview
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-03-07 03:57:16 UTC
File Type:
Text (Shell)
AV detection:
5 of 38 (13.16%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xmeulolssni4rnm7hav7d2nprpmp7chkhkevtf7xhsjsasta7ba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250307-eh157attft/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d5d84a2dcb949a8e45acf9c15f8f4d7c5ec7fc4751d44accbfb9e499025307c2

(this sample)

Mirai

elf 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

  
URLhaus
https://urlhaus.abuse.ch/url/3458537/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3458868/
  
Dropping
MD5 da5f082847104367fefde63653084863
  
Dropping
SHA256 6fc1f441c08b49ceb3083fa2a201d424c5282ec7a5cd2431bd017490ba2b23de

Comments