MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba
SHA3-384 hash:	071d97c47e418a8ca98619e1f13d3ae519701c7be253808b5696758f07346e8034a071140eb31f6c77dc9f276abf9ef6
SHA1 hash:	e4c12dcc94ecd739b521ac677ef9679d8c065225
MD5 hash:	b53899e5e5a026b2a57a9383eef81831
humanhash:	glucose-lamp-freddie-montana
File name:	wget.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	910 bytes
First seen:	2024-11-18 21:30:52 UTC
Last seen:	2024-11-22 08:22:15 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:XiV+lxCWE+9NI9kxwA+OySKxWH+cyF+9PC+7oeV+p6+DxRI4qKA+sJe+yx7+cA+v:y0DNIqfKxCo1xqHwxv
TLSH	T1D6116ACD5036948DC02DCDC7726D090C9745CBD0B5ACDF35A8959AB7689BA00FA5CF0B
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

File Origin

# of uploads :

2

# of downloads :

94

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=673bb3975107a56eacc7aea6linux22vpnfull_triage

Tags:

mirai ddos

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/673bb21ee5748936cfcaf9c7/reports/ce877fb9-d8e6-4a1c-9e87-ff35ba0ae2ab/overview

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2024-11-18 21:32:04 UTC

File Type:

Text (Shell)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5fx5gpcdgwz7rt7zeiepfhzyh4cmhh5d6ijhqlbwexd6fxf2pc5a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241118-1c14wswelj/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e96fd33c4335b3f8cff92208f29f383f04c39fa3f212782c3625c7e2dcba78ba

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3295331/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3295353/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample