MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830
SHA3-384 hash:	46145b7967b874d528f2fca08851348b6bf98a9e39d2c1b1838d9ac0791bea995e97cde0b2474604bbf113b6d92a055b
SHA1 hash:	8615354cdc188499cf45a4813346e555839c93de
MD5 hash:	a3e69cfe72543effb994bd1b6803e8d2
humanhash:	echo-foxtrot-cola-mirror
File name:	t
Download:	download sample
Signature	Mirai Create hunting rule
File size:	2'444 bytes
First seen:	2024-12-24 13:36:26 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:4k5CEA00Z3k1Uk1iD7k1mk1Mk1Wk18k1Yk1Uk1xlgk18k1ioak1kk1bj:tCEA0fFJbVr9Jdl99lZ
TLSH	T1625136EF615844D0A940C9DC37D3C818F68E88C814C9CB6E244F1631E9FC91EBC26FA9
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://87.120.113.47/tt/mips	d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/mipsel	97a24b4b731f4e99adc64b52b2c8f282c0d81837d24f151417d10119fd5f5de0	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/armv4l	a463278c09b693e045ec03b0def9ffd560f56993eb40cbbd513942d704680778	Gafgyt	gafgyt
http://87.120.113.47/tt/armv5l	f40c05923568661de9bd1caf7de1cf4e0a16e69972bf871a5e07227cf2b330eb	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/armv6l	7ece6b3ea0def41175f59467cc817611f815b1d9997a496435dca089243e2c0e	Gafgyt	elf gafgyt ua-wget
http://87.120.113.47/tt/armv7l	0b28b1a6fadf0429784f76bdcf763b09960e84ea5793ec9cd783b37bd7897181	Gafgyt	elf gafgyt ua-wget
http://87.120.113.47/tt/sh4	2c0a317af8c8ad9255f20d6d7bda5effd8012886dd64f62484e33ca25995de8f	Gafgyt	elf gafgyt ua-wget
http://87.120.113.47/tt/sparc	c7d4204efff17cf1a07c62af9aa1d24ab87cf006437bde9128bc909cd1fbb81e	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/riscv32	b6e0036281a36ce295405c8edf3e65e24b11adcd4a7a5d77b43f9c14a624162d	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/powerpc	ac2921f97af63ea1e2ef94d53ec118b9b8f82964c9eac536f96eabe90a18f64f	Mirai	elf mirai ua-wget
http://87.120.113.47/tt/armv4eb	7a5e56517ce37bdb71b2b75cf9e2210e8c76f7f3494f797f5179ec183cc0a6a5	Gafgyt	gafgyt
http://87.120.113.47/tt/arc	90b4e907a8ed7c4ca292aa54504d5277ac5c079b009966290a0a0d754030e0c9	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=676ade808a4d48ee35ff0cd6linux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug lolbin remote

Link:

https://www.filescan.io/uploads/676ab9088134167603978fdf/reports/b9018d21-1c08-43ab-8c12-2358b5e3b26c/overview

Verdict:

Malicious

Labled as:

Bash.MiraiA.Generic

Link:

https://www.hybrid-analysis.com/sample/dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830/

Threat name:

Script-Shell.Trojan.MiraiA

Status:

Malicious

First seen:

2024-12-24 14:02:41 UTC

File Type:

Text (Shell)

AV detection:

7 of 38 (18.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3lqfxrzwu5nvk7bzd5q6jttfhifhrdxf266hyjtq4dkdackjraya._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241224-trcara1nhw/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dae05bc736a75b557c391f61e4ce653a0a788ee5d7bc7c2670e0d43009498830

(this sample)

Mirai

elf d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d

URLhaus

https://urlhaus.abuse.ch/url/3375083/

Delivery method

Distributed via web download

Dropping

MD5 6eae27ecf1e2d9153b6f1552ab3fc8a3

Dropping

SHA256 d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample