MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685
SHA3-384 hash:	f6bdaf7590ab18953a467b42dfb8e5b800aebf82f6b4a6a4898a3639952060ae828af3cd957f810b495351a6c2e16e81
SHA1 hash:	7deed337a2063d0d7913fdccb7a1270a4a630974
MD5 hash:	078e92acde48afde49d02ad4cba98f9a
humanhash:	pennsylvania-saturn-grey-fish
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'580 bytes
First seen:	2025-02-10 16:41:30 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:jovLJEB7vdbJhMcvRJmLv5JXN60ibf46I+96jN/BbcMmfJ6o4Y9:jovLJEB7vdbJacvRJmLv5JXN60ibf5IO
TLSH	T13E3130C004D52F7ECCC496267766503E902868C9AF371ED8D6CB58D4AA45B93F830D8C
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://94.156.167.35/jklarm	n/a	n/a	n/a
http://94.156.167.35/jklarm5	n/a	n/a	n/a
http://94.156.167.35/jklarm6	n/a	n/a	n/a
http://94.156.167.35/jklarm7	n/a	n/a	n/a
http://94.156.167.35/jklm68k	n/a	n/a	n/a
http://94.156.167.35/jklmips	n/a	n/a	n/a
http://94.156.167.35/jklmpsl	n/a	n/a	n/a
http://94.156.167.35/jklppc	n/a	n/a	n/a
http://94.156.167.35/jklsh4	n/a	n/a	n/a
http://94.156.167.35/jklspc	n/a	n/a	n/a
http://94.156.167.35/jklx86	n/a	n/a	n/a
http://94.156.167.35/jklarc	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67aa2ca4f667f46cd182dc20linux22vpnfull_triage

Tags:

hype sage

Result

Verdict:

UNKNOWN

Score:

79%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685/

Threat name:

Win32.Trojan.Vigorf

Status:

Malicious

First seen:

2025-02-10 16:42:23 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=37q46v4rtq3tekkyzhbh4pyt5arh2ihgfv7xj2hut5ovjoz4e2cq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion linux

Link:

https://tria.ge/reports/250210-t7r15sxnfl/

Behaviour

File and Directory Permissions Modification

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.29

Link:

https://yomi.yoroi.company/submissions/dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dfe1cf57919c37322958c9c27e3f13e8227d20e62d7f74e8f49f5d54bb3c2685

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3434982/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample