MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9
SHA3-384 hash: 34a6f55bc5df48bf9477c8d41340fc85f13d330851bf134fe000705c583214978a9d0ffab6da8b8ad32b22cde5ca8083
SHA1 hash: 2642d484701b3ddf49c7b2be6a9e5c2893b7290b
MD5 hash: afe152c351276af01d771373a781de04
humanhash: illinois-edward-river-yellow
File name:goahead.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:593 bytes
First seen:2024-12-27 09:46:23 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:K6Sb06kkkpB66NIY6K+6Hr4KKxFjaHa9ae/:K6Sb06hsB66NIY1+6L4KKxFjaH8v/
TLSH T1A2F04F8AE3212106CB18DF472AA3A8CA8406B6F8D592CBCCF5C4CD395198B80F0F4E49
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://79.124.60.186/bins/telnet.arm78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a Miraimirai
http://79.124.60.186/bins/telnet.arm59fb807fda0cd97a310abe874e17dd481aeb13455c307331f46c20da65fce6367 Miraimirai
http://79.124.60.186/bins/telnet.arm62957962f6f7db455ef6f6172b85ef157862b41ef8a2236796c2669055dee915e Miraimirai
http://79.124.60.186/bins/telnet.arm78ad5ccff643191b3111166d99224d702c0c06e4629edbb953b060aa133c0f0fa Miraimirai
http://79.124.60.186/bins/telnet.mips0282a7e9745d35ad0d4c59ba8e1d321db5b9cc2c0d4c3558ce5232a2809fb18c Miraimirai
http://79.124.60.186/bins/telnet.mpsl4f47e52d92aab4f7620ec086f055251c0df84dc2029118f565b1f73ff73e9f32 Miraimirai
http://79.124.60.186/bins/telnet.x86e690a79a215ba4e23fd294dd13ae1065adfbdee259b9b8657e6851fdd912e7e8 Mirai32-bit elf mirai x86-32

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676e77998a4d48ee35fffe00linux22vpnfull_triage
Tags:
malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/676e779b04d70cdf80d7f0d8/reports/64f52c26-02e7-4c79-9478-1eaf17621f78/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9/
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-26 21:45:51 UTC
File Type:
Text (Shell)
AV detection:
11 of 23 (47.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3jjxorybppcwie5srj5ybpqcky3j2tc7bpv6obtd7whmvctzbxmq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/241227-lr7gwstqdq/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh da537747017bc56413b28a7b80be0256369d4c5f0bebe70663fd8eca8a790dd9

(this sample)

Mirai

elf 78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a

  
URLhaus
https://urlhaus.abuse.ch/url/3378231/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7deeb53f4b6c758fdd16275826bf5519
  
Dropping
SHA256 78aa12d9e013942202a1f63f5ca9e579e05a26e399c390a2703b5ecc97c19e6a

Comments