MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228
SHA3-384 hash: b702f2eee2513b82117bd34a91992532f6a39efd694843014fd1af1cc5691cff5dffd8848e8507d16a048866324cd87e
SHA1 hash: 9b4f0e25645cdcdbf8c77f8ec43976bb17dee67f
MD5 hash: c1a67b32dbf48783462036929ac6492b
humanhash: black-football-happy-network
File name:x.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:5'268 bytes
First seen:2025-01-12 18:31:11 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:s4tVA8ttSVKegVjEHs/FyVF+LiiibcF+QiiibMTgVkttNwK3gV2E+s/qyqF++iie:8JgesdgergYsCRTg4ssC
TLSH T164B1068074735C6A6EE1A88FB17AC80977E5388E1CE55FC174ED76BA908DD487A42323
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.222.191.91/oops/Kloki.mpsle2dcccd310db024365d99ed4d2ca34c7df4fe90005ede03b1382c6ec129b24b3 Miraielf mirai
http://83.222.191.91/oops/Kloki.mips358fe1f21475d8c341f57165fe6d95f10d54128765a3b9a6c6fd67889c6585ce Miraielf mirai
http://83.222.191.91/oops/Kloki.arm481fa7637ba78c674c4742411f3aece085bb8b3452a9b9ac8fcbd4d86472b333e Miraielf mirai
http://83.222.191.91/oops/Kloki.arm520c9236bc4e53aeb80e2081170b8cec48a4ef684fa0533535566925cbd2f6b19 Miraielf mirai
http://83.222.191.91/oops/Kloki.arm6c9cdaf1220728bc52be27339ea9a386495f7831b7605321b8321c6cc10320eca Miraielf mirai
http://83.222.191.91/oops/Kloki.arm7f9d20ac6ca870e6ed03705e064dc92fcd683dd1395faf4441100529f68095662 Miraielf mirai
http://83.222.191.91/oops/Kloki.m68kfffaeb9914819e087339e1dab864af51cbd9f609df26f651ce51ef19fd8d879e Miraielf mirai
http://83.222.191.91/oops/Kloki.x86082de1f04e7ae4081b730efd85573af73c82df93fb0bb438200138c01f496e8c Miraielf mirai
http://83.222.191.91/oops/Kloki.spc374f4c2910cb3ad6a8bf751a4293edd0f5c67e94c57bccc849fc6d6424c78252 Miraielf mirai
http://83.222.191.91/oops/Kloki.ppc372a95c2cfbeb4a7495585f4f839942e1f099bb3734c7e300e9a595fc51fa346 Miraielf mirai
http://83.222.191.91/oops/Kloki.x86_64b06b14493faffda2bbe45f03fb48384cbda85bfd324af397d985efb7dd206a67 Miraielf mirai
http://83.222.191.90/oops/Kloki.x86_64n/an/an/a
http://83.222.191.90/oops/Kloki.mpsln/an/an/a
http://83.222.191.90/oops/Kloki.mipsn/an/an/a
http://83.222.191.90/oops/Kloki.arm4n/an/an/a
http://83.222.191.90/oops/Kloki.arm5n/an/an/a
http://83.222.191.90/oops/Kloki.arm6n/an/an/a
http://83.222.191.90/oops/Kloki.arm7n/an/an/a
http://83.222.191.90/oops/Kloki.m68kn/an/an/a
http://83.222.191.90/oops/Kloki.x86n/an/an/a
http://83.222.191.90/oops/Kloki.spcn/an/an/a
http://83.222.191.90/oops/Kloki.ppcn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67840aab2c8240e189bc2724linux22vpnfull_triage
Tags:
downloader phishing backdoor overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug busybox evasive
Link:
https://www.filescan.io/uploads/67840aa9af471c736890c903/reports/adb2d666-47bc-409f-ab5f-42e03907065f/overview
Result
Verdict:
UNKNOWN
Score:
62%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-01-12 18:32:08 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4b36iegrowhv5nswajpbtv22mnivarvd5e6yj3p276zwpnkxqiua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250112-w6lh3stlfx/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e077e410d1758f5eb656025e19d75a63515046a3e93d84edfaffb367b5578228

(this sample)

Mirai

elf bebb0ff043cb40ec2fc9f1e6c01bfa53aa8e063c4271986497abb2646708d837

  
URLhaus
https://urlhaus.abuse.ch/url/3397136/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fcc4681513b58c125d5898d7f94a36b2
  
Dropping
SHA256 bebb0ff043cb40ec2fc9f1e6c01bfa53aa8e063c4271986497abb2646708d837
  
URLhaus
https://urlhaus.abuse.ch/url/3396822/

Comments