MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0
SHA3-384 hash:	4df5c9242e9820709afb56085878c4705bf05cf92aa443e585524576f8c0ef4f1080c2fdda2fb01b832d561c13f691c5
SHA1 hash:	36072445e0e5d5e321590e0e91ede1abc1d987cd
MD5 hash:	8807aeb90c4c3cb0a0d353ea635c6697
humanhash:	west-mirror-may-earth
File name:	f
Download:	download sample
Signature	Mirai Create hunting rule
File size:	150 bytes
First seen:	2025-01-05 08:51:53 UTC
Last seen:	2025-01-11 03:41:30 UTC
File type:	sh
MIME type:	text/plain
ssdeep	3:cSXeMEd9EKIMV7GBzSEyLTUWMnry8HDjeMEd9EKIVaBzSE8eUxKnr7Vv:jXFE8KIUCIkdHXFE8KIVavnVv
TLSH	T101C08CEF242020808048EC8C64EFC32E648AC3C62F810B8F7A9C2822C8CA800F028E84
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.188.82.218/mips	3609f8f3d45d41da70c11fc558eb7e37b6cae17d88c0179a4473d9991dad23cc	Mirai	ddos elf HailBot mirai
http://103.188.82.218/mpsl	647723492da9410480ea3337ea11c5e39d360305dea6a09eb661cce35b9a8b7e	Gafgyt	ddos elf gafgyt HailBot mirai

Intelligence

File Origin

# of uploads :

2

# of downloads :

88

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.SH.Mirai.C.gen.Camelot.16531.31685.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=677a90c0c029bd73f282f00blinux22vpnfull_triage

Tags:

mirai

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug lolbin remote

Link:

https://www.filescan.io/uploads/677a4835b489e5d0aebd001d/reports/bcd57059-5e11-4509-acdf-5c342671eabc/overview

Verdict:

Suspicious

Labled as:

SH/Mirai.C.gen

Link:

https://www.hybrid-analysis.com/sample/efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0

Result

Verdict:

MALICIOUS

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=56xlm53lyk5gcyndfy5dq7dio2wyy7oyvn2m2el26k43t2qorpia._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250105-q8849syjgp/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh efaeb6776bc2ba6161a32e3a387c6876ad8c7dd8ab74cd117af2b9b9ea0e8bd0

(this sample)

elf 0ef56902fe4ff6364b5f464dd189f8d0663220946d7c2e2f3f09c5fab45669cf

URLhaus

https://urlhaus.abuse.ch/url/3389891/

Delivery method

Distributed via web download

Dropping

MD5 0d6189f4e61001f513d4e09331cbac30

Dropping

SHA256 0ef56902fe4ff6364b5f464dd189f8d0663220946d7c2e2f3f09c5fab45669cf

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample