MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f
SHA3-384 hash:	24fe5428ffa86b01306e3329563d8790a22d0007b6f90fe74832c340a6c5ed783f5419bbbb85c4160696180854602c06
SHA1 hash:	995140411f0674ced58464ff62b1a6a4880e31b1
MD5 hash:	d9d2b893f3d44071466dc9236593c741
humanhash:	spaghetti-green-three-two
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'081 bytes
First seen:	2025-01-13 20:27:31 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:GBj+p3Xw+nNIBSkA+soKSu+/xH0KA+PuQlaq+3l9E+J9oE+hF3lqj+LTxyMA+Z3j:GBmtNIIAKSFTVuqa3l9/9sqG/PVeu
TLSH	T110116C9D6190541D04ECCD0C32AD1A109E7FC2C9B8A18F19DDB5483754A96A9BF6CF0F
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://190.123.44.73/bins/main_arm	0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_arm5	5d94992dac0b6d592f86b0d59af84c52168f05d7aa1713a0c4fd62820be71630	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_arm6	5b1cf87888710837c0007fd20877644abec191d7fed82763a15b959d591444d4	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_arm7	cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_sh4	fd893a3ee002cd623137b4f65fda5624232eb22e53f5fec40601bc26e7eed29a	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_arc	n/a	n/a	n/a
http://190.123.44.73/bins/main_mips	261cbea15e9c316a7a13d6ee7c496feb4364d264355821dc03664c17f398bcd1	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_mpsl	2322a5098627d113e939e6ac7ddb5c80ed5e253a650c6b6e1737baa4617db415	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_sparc	n/a	n/a	n/a
http://190.123.44.73/bins/main_x86_64	6c22bec08f6ce62b43664b22028e033d496990b06a053c4aee5168b3af787c55	Mirai	elf mirai ua-wget
http://190.123.44.73/bins/main_i686	n/a	n/a	n/a
http://190.123.44.73/bins/main_i586	n/a	n/a	n/a
http://190.123.44.73/bins/main_x86	05466e5727f528209cff95c2e7e2b197aa0fe4e312fd3709c13a1605c8cc2555	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

126

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67857753aa9c8e7858de8c62linux22vpnfull_triage

Tags:

shellcode agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug bash lolbin remote

Link:

https://www.filescan.io/uploads/6785775597e2575bb4bf3765/reports/1bb31673-ff4a-4470-be71-b5693c7f7339/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f/

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-01-13 20:28:04 UTC

File Type:

Text (Shell)

AV detection:

15 of 23 (65.22%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=35av72kbwhrouvxuqrjwh5eqerewvm4mopgqs5grv2va6asxoqpq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250113-y8zjtsyqer/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh df415fe941b1e2ea56f4845363f49024496ab38c73cd0974d1aeaa0f0257741f

(this sample)

Mirai

elf 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

URLhaus

https://urlhaus.abuse.ch/url/3391704/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3391707/

Dropping

MD5 994af88b29ff2e3d59e6f45a01cd710b

Dropping

SHA256 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample