MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2
SHA3-384 hash:	3f1d91f132b531e8a851c867cb3ec778e62ce29bae1d374c309bcd7533b65abe7ce5fc817fb96d75d3ce7a5aa100705c
SHA1 hash:	db0a369df0887febacb3800f4c6f0b81a1f68351
MD5 hash:	05f3e94487bf02c65f08cbed72943ce0
humanhash:	black-may-low-fish
File name:	huh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	3'684 bytes
First seen:	2024-12-30 06:47:30 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:2msXsbrK3s6+ssxs+s7s1s0sJsEs8NsZsVsTsF:23cq8T6/wuZCp82SOYF
TLSH	T167717DC52BEC12342CDA851FB768CED971DA909394D31E2495AC78F8C16EF4E7482E93
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

123

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6772474b75fb913a14793b39linux22vpnfull_triage

Tags:

downloader agent overt

Hybrid Analysis Linux.Medusa.C.Generic

Verdict:

Malicious

Labled as:

Linux.Medusa.C.Generic

Link:

https://www.hybrid-analysis.com/sample/ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Nucleon Malprob Malware

Score:

87%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2/

ReversingLabs TitaniumCloud Win32.Trojan.Mirai

Threat name:

Win32.Trojan.Mirai

Alert

Create hunting rule

Status:

Malicious

First seen:

2024-12-30 03:04:08 UTC

File Type:

Text (Shell)

AV detection:

15 of 23 (65.22%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5rdpcbnqjhlgoswl6rldtcbwepzpdsz65vio5w2lbys2e6t3m7ra._file

Hatching Triage mirai

Result

Malware family:

mirai

Alert

Create hunting rule

Score:

  10/10

Tags:

family:echobot family:mirai antivm botnet defense_evasion discovery linux trojan

Link:

https://tria.ge/reports/241230-hzcqps1mfj/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (253624) amount of remote hosts

Creates a large amount of network flows

Detected Echobot

Echobot

Echobot family

Mirai

Mirai family

VMRay Mirai

Malware family:

Mirai

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ec46f105b049/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ec46f105b049d6674acbf45639883623f2f1cb3eed50eedb4b0e25a27a7b67e2