MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47
SHA3-384 hash: a2518e3bb5c68ac3f004053862ddc2d666fee07427ca08ca7b639de38dab67ad0db8e4cc5c4ea53648f44980a698876c
SHA1 hash: 05867808c49f4cb95580a73463cc49b36fe0cb4f
MD5 hash: 18c02f839ef63f2db54c5e21a1f6e7bc
humanhash: lake-harry-four-lion
File name:ipc
Download: download sample
Signature Mirai
Create hunting rule
File size:958 bytes
First seen:2025-01-10 09:51:30 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:sXCZG+1ZuZI4WupqLr9qZt0mql/qiBiFqhd1qoW8B9:20b54NpqLRqZWmql/qiBiFqhd1qoXB9
TLSH T1E11138EF42713E109091886E33661624F800C6CF0A4B1F94BEFD6A7EBB9C63C7024959
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.136.41.100/g18616497f4ed2138839edf3069eae4f1d38cf9d19c97ffa79e12ab5acaa4676f5 Miraielf mirai ua-wget
http://103.136.41.100/g21e2a4d110fdc4f98687c5e06d2b0d4003929f679ffa05e7d26b2365e92000c10 Miraielf mirai ua-wget
http://103.136.41.100/g3773f77b3dec9437e08cf0aff0871b179bef8d08506504a2a282a8353d1581973 Miraielf mirai ua-wget
http://103.136.41.100/g41ca51bb1da94ef8e16810e8b03f86694d3fba5cd46915cdba67f7ba82482234e Miraielf mirai ua-wget
http://103.136.41.100/g53a3df579db037959687c6e759bf139097f527f3143ffacc0000b7c6f6ce1e6ab Miraielf mirai ua-wget
http://103.136.41.100/g6205ac62c0762881b7458328370b2007ad947870de7ea9ae281302fbf4dbcf9f9 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6780ef36c029bd73f288f730linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6780edc21b01484d158e1239/reports/b49cc754-97b0-44b9-bf00-5ab52d0382b1/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-01-10 10:01:53 UTC
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=54m7bgq6efhjrbggqeaqza735saknjfrgjabqfmojwhvldqvx5dq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery execution linux persistence privilege_escalatio privilege_escalation
Link:
https://tria.ge/reports/250110-lxr96a1lbw/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Creates/modifies Cron job
Enumerates running processes
Modifies init.d
Modifies rc script
Modifies systemd
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ef19f09a1e214e9884c681010c83fbec80a6a4b1324018158e4d8f558e15bf47

(this sample)

Mirai

elf a1aac7dc4dbc183abd33ccb0fd8f75b110155fcc4c219883d28e77ea9e97766d

  
URLhaus
https://urlhaus.abuse.ch/url/3393719/
  
Delivery method
Distributed via web download
  
Dropping
MD5 410069d7c73864048cbed3344d75c6bd
  
Dropping
SHA256 a1aac7dc4dbc183abd33ccb0fd8f75b110155fcc4c219883d28e77ea9e97766d

Comments