MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da
SHA3-384 hash: b4890eebe6d95c4f693e256cde88939d955d4e81f2dcd8f0a794e5bdcaa4bdfc8a31a6ba952e7a75496d5194025363ac
SHA1 hash: c57d3954e54c9d88c9557cf793b355e88dbb2fd9
MD5 hash: ad95ee309cf1b6b6986ebac05208c96a
humanhash: triple-steak-romeo-network
File name:r.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'482 bytes
First seen:2025-03-21 11:42:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:1b3AgXQWc/6WMxtqNGDF9MydECCDq3ngeXWb/JWroaqN7DiKMXSdCHMHi5z/8pBO:1LwBN2XLaNgRfGADFv
TLSH T13D7129E8BC512F36CB46DF0EA923C04CA063D4D98AD11A5114EC12FAC5FCD993921FAB
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://85.192.48.131/nimips5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e Miraielf mirai ua-wget
http://85.192.48.131/mpsla15bf9dd4d0aad9778ab4380feb71ca2cf314765a78f8dbb5275f1343a9f5b8e Miraielf mirai ua-wget
http://85.192.48.131/arm33ffeb7f9d5e17ad498d9ca9843e31844d7421e04917b3a9a1475c53c177c05b Miraielf mirai ua-wget
http://85.192.48.131/arm5c2d51bc86e52742a4d5bfc9541667690c516aaf1d7a4f971f4eee77d79c89076 Miraielf mirai ua-wget
http://85.192.48.131/arm63a23ff501ce58ec816fa09f77f8b8e9b79934199688f6f8aaf2d8e32caad1435 Miraielf mirai ua-wget
http://85.192.48.131/arm7091b84349ab71754a9f74f93525a054a64b98f17799013df02f2dfb42ce918da Miraielf mirai ua-wget
http://85.192.48.131/ppc41d7eb8d26f4db1c4efaa16ee1c230d3f4760a4c5a4c334c037d4efb1c5fc6a3 Miraielf mirai ua-wget
http://85.192.48.131/sh43dc6298bbf1922c1d5c6d34f9a45fa0ce297c5438ec63fdfdcd562b1732ac6ac Miraielf mirai ua-wget
ftp://5.192.48.131:8021/nimipsn/an/an/a
ftp://5.192.48.131:8021/mpsln/an/an/a
ftp://5.192.48.131:8021/armn/an/an/a
ftp://5.192.48.131:8021/arm5n/an/an/a
ftp://5.192.48.131:8021/arm7n/an/an/a
ftp://5.192.48.131:8021/ppcn/an/an/a
ftp://5.192.48.131:8021/sh4n/an/an/a
ftp://5.192.48.131:8021/arm6n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67dd5ef59388e75d078f1946linux22vpnfull_triage
Tags:
mirai agent virus hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive expand lolbin remote
Link:
https://www.filescan.io/uploads/67dd5097605ea86de781de0e/reports/4f9a7dc3-5003-4784-a814-62758bb522cb/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2025-03-21 11:43:10 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5t4fyfmjzp6qgcfhjzwhybcxoza6ti2oedh3tl7zbve5sgl2itna._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250321-nt3mtsxtev/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ecf85c1589cbfd0308a74e6c7c04577641e9a34e20cfb9aff90d49d9197a44da

(this sample)

Mirai

elf 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

  
URLhaus
https://urlhaus.abuse.ch/url/3484897/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3484899/
  
URLhaus
https://urlhaus.abuse.ch/url/3484900/
  
URLhaus
https://urlhaus.abuse.ch/url/3484904/
  
URLhaus
https://urlhaus.abuse.ch/url/3484902/
  
URLhaus
https://urlhaus.abuse.ch/url/3484901/
  
URLhaus
https://urlhaus.abuse.ch/url/3484908/
  
URLhaus
https://urlhaus.abuse.ch/url/3484907/
  
URLhaus
https://urlhaus.abuse.ch/url/3484909/
  
URLhaus
https://urlhaus.abuse.ch/url/3484910/
  
URLhaus
https://urlhaus.abuse.ch/url/3484911/
  
URLhaus
https://urlhaus.abuse.ch/url/3484913/
  
URLhaus
https://urlhaus.abuse.ch/url/3484916/
  
URLhaus
https://urlhaus.abuse.ch/url/3484912/
  
URLhaus
https://urlhaus.abuse.ch/url/3484914/
  
URLhaus
https://urlhaus.abuse.ch/url/3484915/
  
URLhaus
https://urlhaus.abuse.ch/url/3484917/
  
URLhaus
https://urlhaus.abuse.ch/url/3484918/
  
URLhaus
https://urlhaus.abuse.ch/url/3484919/
  
URLhaus
https://urlhaus.abuse.ch/url/3484922/
  
URLhaus
https://urlhaus.abuse.ch/url/3484920/
  
URLhaus
https://urlhaus.abuse.ch/url/3484921/
  
URLhaus
https://urlhaus.abuse.ch/url/3484924/
  
URLhaus
https://urlhaus.abuse.ch/url/3484928/
  
URLhaus
https://urlhaus.abuse.ch/url/3484929/
  
URLhaus
https://urlhaus.abuse.ch/url/3484931/
  
URLhaus
https://urlhaus.abuse.ch/url/3484932/
  
URLhaus
https://urlhaus.abuse.ch/url/3484933/
  
URLhaus
https://urlhaus.abuse.ch/url/3484938/
  
URLhaus
https://urlhaus.abuse.ch/url/3484936/
  
URLhaus
https://urlhaus.abuse.ch/url/3484939/
  
URLhaus
https://urlhaus.abuse.ch/url/3484937/
  
URLhaus
https://urlhaus.abuse.ch/url/3484942/
  
URLhaus
https://urlhaus.abuse.ch/url/3484941/
  
URLhaus
https://urlhaus.abuse.ch/url/3484944/
  
URLhaus
https://urlhaus.abuse.ch/url/3484946/
  
URLhaus
https://urlhaus.abuse.ch/url/3484945/
  
URLhaus
https://urlhaus.abuse.ch/url/3484948/
  
URLhaus
https://urlhaus.abuse.ch/url/3484949/
  
URLhaus
https://urlhaus.abuse.ch/url/3484950/
  
URLhaus
https://urlhaus.abuse.ch/url/3484952/
  
URLhaus
https://urlhaus.abuse.ch/url/3484953/
  
URLhaus
https://urlhaus.abuse.ch/url/3484956/
  
URLhaus
https://urlhaus.abuse.ch/url/3484955/
  
URLhaus
https://urlhaus.abuse.ch/url/3484960/
  
URLhaus
https://urlhaus.abuse.ch/url/3484961/
  
URLhaus
https://urlhaus.abuse.ch/url/3484962/
  
URLhaus
https://urlhaus.abuse.ch/url/3484968/
  
URLhaus
https://urlhaus.abuse.ch/url/3484969/
  
URLhaus
https://urlhaus.abuse.ch/url/3484970/
  
URLhaus
https://urlhaus.abuse.ch/url/3484974/
  
URLhaus
https://urlhaus.abuse.ch/url/3484976/
  
URLhaus
https://urlhaus.abuse.ch/url/3484977/
  
URLhaus
https://urlhaus.abuse.ch/url/3484980/
  
URLhaus
https://urlhaus.abuse.ch/url/3484984/
  
URLhaus
https://urlhaus.abuse.ch/url/3484983/
  
URLhaus
https://urlhaus.abuse.ch/url/3484988/
  
URLhaus
https://urlhaus.abuse.ch/url/3484986/
  
URLhaus
https://urlhaus.abuse.ch/url/3484987/
  
URLhaus
https://urlhaus.abuse.ch/url/3484991/
  
URLhaus
https://urlhaus.abuse.ch/url/3484989/
  
URLhaus
https://urlhaus.abuse.ch/url/3484990/
  
URLhaus
https://urlhaus.abuse.ch/url/3484992/
  
URLhaus
https://urlhaus.abuse.ch/url/3484995/
  
URLhaus
https://urlhaus.abuse.ch/url/3484996/
  
URLhaus
https://urlhaus.abuse.ch/url/3484997/
  
URLhaus
https://urlhaus.abuse.ch/url/3484999/
  
URLhaus
https://urlhaus.abuse.ch/url/3485000/
  
URLhaus
https://urlhaus.abuse.ch/url/3485001/
  
URLhaus
https://urlhaus.abuse.ch/url/3485002/
  
URLhaus
https://urlhaus.abuse.ch/url/3485004/
  
URLhaus
https://urlhaus.abuse.ch/url/3485006/
  
Dropping
MD5 833feb0df15c75d09fd2f10ffbd7b5e0
  
Dropping
SHA256 5b339544ba55c78bff25dbd5e737cd854d6c61d5ed3b1866d6d5fe110a8a9d7e

Comments