MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5
SHA3-384 hash:	a90ce9d5602a0910a57304c0fc344f127ebea87d472abcd7f0011a88afcefb54b79516e5a7a50bafc4b1c0cc83fdbd2a
SHA1 hash:	568943bb98d4b8a3aabffd071930da5712e09807
MD5 hash:	e6ab63ce347df71380ee2137daf61083
humanhash:	minnesota-fanta-island-yankee
File name:	fc
Download:	download sample
File size:	982 bytes
First seen:	2025-02-21 19:16:39 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:2zKOYt3jWT6soe3TSsoe3TPe3TWve3T/e3k:2zZm3jWT6mTSmT0TWUTEk
TLSH	T13611E9532B4C74F5BBDE5D0AB2A78BD968D9D09F3C830601D87892E66C905140A34F70
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://91.188.254.201/arm7	17f914470010441ed25e072bce54a4dd4ed8f2d0a6fbc82c549228c6bf835145	Mirai	censys elf mirai opendir
http://91.188.254.201/mips	5b9d2b23c12dac512fc127a47c9e1d81aa92bfdb9edc2dbaa0d85c88141cf900	Gafgyt	elf gafgyt opendir
http://91.188.254.201/arm	2f66b28645b910c0fcb7a751e9a0dad86fd2be825d07f45dd6ab086ec2eeafc0	Mirai	32-bit elf mirai opendir

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67b9772e28ab76d43a5c5eaelinux22vpnfull_triage

Tags:

trojan mirai agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/67b8d13e5b81efb9a6978ba3/reports/38d913d2-f941-49c2-a866-bbe6df441aa6/overview

Verdict:

Suspicious

Labled as:

SH/Mirai.C.gen

Link:

https://www.hybrid-analysis.com/sample/e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5/

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2025-02-22 04:12:50 UTC

File Type:

Text (Shell)

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4esa3rgyjhw7x6junlxqooq7fbuknmdywcn73n2bqvovo6jezksq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e1240dc4d849edfbf9346aef073a1f2868a6b078b09bfdb741855d577924caa5

(this sample)

Mirai

elf d2ea0eed1f82458ed76a956ca3fd1f72d1c1e29b40a6118d1e5f1e6d78418077

URLhaus

https://urlhaus.abuse.ch/url/3445404/

Delivery method

Distributed via web download

Dropping

MD5 7b439f437784a01424eaabdc749bebaf

Dropping

SHA256 d2ea0eed1f82458ed76a956ca3fd1f72d1c1e29b40a6118d1e5f1e6d78418077

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample