MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4
SHA3-384 hash:	5c9722287ef4c27f467de933e5e3faf0861b8e1af5eda3a93de41381894c4cf30de459429962cdf258eae07ac5dd330d
SHA1 hash:	ba0f0537ddfd910d21f616401577e67553733b3c
MD5 hash:	9cb9d27fc1ed1236ea8109cfd2880d39
humanhash:	tango-sierra-avocado-mirror
File name:	cn
Download:	download sample
Signature	Mirai Create hunting rule
File size:	546 bytes
First seen:	2025-02-17 17:54:04 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	6:LwWgrzebTpwbYCDwWgrzLTKA1wyXICDwWgrze22MwZi/DwWgrzAwZJDwWgrzxNI8:fTK8IhAH3UNIbtv0YI
TLSH	T1C4F04FCC5823BA82491CFD9F72B7169EB652C7DC904F8BDDAE85007D889DA44F058B94
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.143.1.32/mips	6cb427e528d9d6e68e43e97ff0f81ddd5768458159561d0fafdb5dffd0b6f7b2	Mirai	32-bit elf gafgyt mirai
http://193.143.1.32/mpsl	86c056be36634614be66908d7f0972d73bb765bad533391385adf9656ac0151e	Mirai	elf gafgyt mirai ua-wget
http://193.143.1.32/arm	06cd477d71445530f3bb6ec717e553569719b20cdaac7243640a275f051af2d8	Mirai	32-bit elf mirai
http://193.143.1.32/arm5	55bb1f8005d2fa8d651b660d4244c862511ad4a087fc11e9f431bd46133a9557	Mirai	elf mirai ua-wget
http://193.143.1.32/arm6	8e97f80775e8068982c685ca7f316fe380199675311ba3edc6c289acf32762ee	Mirai	elf mirai ua-wget
http://193.143.1.32/arm7	17bf13198278d1613f8fc3d44d0c2b307dedcb6b8d1b269c00f5d361ffa43ee9	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

52

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67b3829528ab76d43a5b85b1linux22vpnfull_triage

Tags:

trojan agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67b377c5de5f893502e09ca1/reports/cf2fb826-b021-427c-8c14-ca846138cbe3/overview

Verdict:

Malicious

Labled as:

Downloader/Shell.Generic

Link:

https://www.hybrid-analysis.com/sample/d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4

Result

Verdict:

UNKNOWN

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4/

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2025-02-17 18:37:11 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3filknkkgldw6xrv6pa6qjk3bienwlyzczlpewemsq3k36cfa22a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250217-w9ke7a1pal/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh d950b5354a32c76f5e35f3c1e8255b0a08db2f191656f2588c9436adf84506b4

(this sample)

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

URLhaus

https://urlhaus.abuse.ch/url/3443257/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3443267/

Dropping

MD5 ebaf6768ac8705e48d2403468bf8df74

Dropping

SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample