MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962
SHA3-384 hash: c86f03f62eb47d11b1294ceda91bb54b7a90c176d1a86aabe464bb31a558a787ffaec95fccd0f0dbbac7035a2fcf6328
SHA1 hash: e183c46897a53521c4079b81cd7ade5ac9398f26
MD5 hash: e961c29f47ebdd118ef86e50160100b7
humanhash: eight-helium-september-east
File name:lol
Download: download sample
Signature Mirai
Create hunting rule
File size:870 bytes
First seen:2024-12-22 14:20:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:ESnJiAFK/XS0aN8mRXSmiMQAjS0USrqOK5XS9NIl5HLGjSO0LKT4KWSy+tqZ8SIG:EeJU2N8gXsujgUqO+QNI7+QKC/+tDDG
TLSH T1E01173CFB1211A06050EEE4DB2A7D66A7055C6CA1A870BD77E9C043DC5EC9287126B68
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.218/mips3609f8f3d45d41da70c11fc558eb7e37b6cae17d88c0179a4473d9991dad23cc Miraiddos elf HailBot mirai
http://103.188.82.218/mpsl647723492da9410480ea3337ea11c5e39d360305dea6a09eb661cce35b9a8b7e Gafgytddos elf gafgyt HailBot mirai
http://103.188.82.218/x86bbbd8da54939b309d5355cb37e5e526d0fd504634fe8e17d5b6a79635a951028 Gafgytddos elf gafgyt mirai
http://103.188.82.218/armb4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57 Miraielf HailBot mirai ua-wget
http://103.188.82.218/arm5f641c646b09a47bce17d7c55b7323bb67bf16c151269d125f9615455955ab201 Miraiddos elf HailBot mirai
http://103.188.82.218/arm61200075da17d87d7748d66dde17eceb0f75fb2a2a491da622db0cdd3a61077a1 Miraiddos elf HailBot mirai
http://103.188.82.218/arm71473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraiddos elf HailBot mirai
http://103.188.82.218/sh4c34e1ab4eb2920835607e62307be32b42d9de09aa0b04ce7199e378801fede24 hailBotelf mirai ua-wget
http://103.188.82.218/ppcfa14447ee4ed6660aa798e1ab3993dd47782d0fb07858514fc5fee99d770226a Miraielf HailBot mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676900658a4d48ee35fe627flinux22vpnfull_triage
Tags:
medusa mirai virus shell
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug expand lolbin remote
Link:
https://www.filescan.io/uploads/67682050103c07c163770538/reports/a57f11eb-36c8-427c-bac5-d4b27672e018/overview
Verdict:
Malicious
Labled as:
Linux.Medusa.D.Generic
Link:
https://www.hybrid-analysis.com/sample/db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962
Result
Verdict:
MALICIOUS
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2024-12-22 15:11:09 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3nymcmrndwr7b7blyd24e24as57ecrfh3v47es4v7mrxidrulfra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh db70c1322d1da3f0fc2bc0f5c26b80977e4144a7dd79f24b95fb23740e345962

(this sample)

Mirai

elf 0ef56902fe4ff6364b5f464dd189f8d0663220946d7c2e2f3f09c5fab45669cf

  
URLhaus
https://urlhaus.abuse.ch/url/3372443/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3372734/
  
URLhaus
https://urlhaus.abuse.ch/url/3372803/
  
Dropping
MD5 0d6189f4e61001f513d4e09331cbac30
  
Dropping
SHA256 0ef56902fe4ff6364b5f464dd189f8d0663220946d7c2e2f3f09c5fab45669cf

Comments