MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b
SHA3-384 hash:	976d4dacd1bf22f873897cfe9eccf81ac1d40828a730ff033e0076b5d98b360f8149e2a7e94390eb76232bf65d271716
SHA1 hash:	6c7dad8e505f0653d01f0fad728bdda44e300b1c
MD5 hash:	677bbad11dde212d758dbe31d647e853
humanhash:	alabama-floor-snake-zebra
File name:	w.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	804 bytes
First seen:	2025-02-24 21:11:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:obaXbCNI7pbaKQbOGbCvb8Ub1MbItXb2ub3:tXga+o
TLSH	T1E0014CCD389157B20C4A9E4360A68CD8A008EEC12244AFDDE98C4DFA5DC8D19F759ABC
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.191.245.128/arm	e4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e	Mirai	censys elf mirai moobot
http://160.191.245.128/arm5	6fff4613e86ec31a62ac216f4d8165540bf848d12c1c56210943d34d24ba2e98	Mirai	censys elf mirai moobot
http://160.191.245.128/arm6	bfd77e47ec2a24abef601efe5aabc33c1ce7bb09b2a6c49bc1cc74b2ac487f70	Mirai	censys elf mirai moobot
http://160.191.245.128/arm7	877e42a47d8eb971c4e4d1a5e336048ed4fc6bc5d448b6c163a34e080a6fc071	Mirai	censys elf mirai moobot
http://160.191.245.128/m68k	fba19afd35d37cac554b2594a4ccc73a485ec495d6843889a81169ec3b49fee1	Mirai	censys elf mirai moobot
http://160.191.245.128/mips	859bf0ab1e056057e423b613b1bdf557f4c5f55cfd39c770385e3aa978b0b9ca	Mirai	censys elf mirai moobot
http://160.191.245.128/mpsl	fb3887f0459af8f20a6368853887281b00e507859955105b0acbb16caa7937f5	Mirai	censys elf mirai moobot
http://160.191.245.128/ppc	4c69ccc4c590186eb6045441e1a97ecfa3ef83956e8acde302e8fbc29603cee9	Mirai	censys elf mirai moobot
http://160.191.245.128/sh4	172ac7badb194e01c2c7a62ca934363389031a8e0523c36d6567af9be3b15a8b	Mirai	censys elf mirai moobot
http://160.191.245.128/x86	7ffbd075d9180401fb5f1d453af42e45135a8d08e07604c71af4d3f1fcebcf2b	Mirai	censys elf mirai moobot
http://160.191.245.128/x86_64	1ebe6d1924ccb4b64931026e44a0425d00ca12a237ac1c3d93e5b7c0937e13c5	Mirai	censys elf mirai moobot

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67bce0ae28ab76d43a5cebdelinux22vpnfull_triage

Tags:

mirai ddos

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/67bce0a76222db7f23da5f9a/reports/f970f4bb-847c-4267-9fd6-692c48014a4f/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2025-02-24 21:12:14 UTC

File Type:

Text (Shell)

AV detection:

13 of 38 (34.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5kudbz4hfy3aw7g4c6yxrclh3etclv7y2yhek6suu2ptcl4uei5q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250224-z17e5swnv2/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh eaa830e7872e360b7cdc17b1788967d92625d7f8d60e457a54a69f312f94223b

(this sample)

Mirai

elf e4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e

URLhaus

https://urlhaus.abuse.ch/url/3433729/

Delivery method

Distributed via web download

Dropping

MD5 ca8da90063f085a20739e8d25f6a4962

Dropping

SHA256 e4e9888ee3da1cf1881054380aa3f3e5e870791cef748434a6ee960042b2263e

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample