MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6
SHA3-384 hash: 84e0fbe1a19d1d810b57f54fdf4ea731ad2a3ee5d6f065405e4bcb655c6a6ed0d8d76fb635453fe1ddbb6145ba1376e5
SHA1 hash: 6d0449d4453c12251e95701af42161487bfb6c17
MD5 hash: 65b2e9828f4f559965fa3baaf79ebc6c
humanhash: mirror-fillet-table-thirteen
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:898 bytes
First seen:2025-02-02 07:11:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:NiV+lxCWE+9NI9kxwA+OySKxWH+cyF+9PC+7oeV+p6+DxRI4qKA+sJe+yx7+cA+v:girNIq9Kxak1xqv6xv
TLSH T1EE119A8D102491840D1FCDC3325D8A05734D8BD0F8BDAF39A98688F34A9A601B048F8B
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.224.0.242/bot.armef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c Miraielf mirai
http://185.224.0.242/bot.arm57c4169afb95dbf9379c0230e1360f6ec398b6e05c62c1f650581b3af3de55a93 Mirai32-bit elf mirai
http://185.224.0.242/bot.arm60bff380e3afc00cae803e1539ed95192a5668d9bfdc528990fff0404eaa421f3 Miraielf mirai
http://185.224.0.242/bot.arm727f22cc044fbc4effd6a36b52833f099c0f387ce84f9f784e95b4d5e4bd2e259 Mirai32-bit elf mirai
http://185.224.0.242/bot.m68k9d95dea116305758f492500920e1a7347e355319bc0b7eeedd1ae941dc28e559 Miraielf mirai
http://185.224.0.242/bot.mipsc27fcbc9c81b90d4eda69cf14370aa082d6bec5deeb067efa13413aa186d2d21 Miraielf mirai
http://185.224.0.242/bot.mpsl94e99db7f85183422eeca5d053f275c04d70a27ce1022a6574477f11a65d440b Miraielf mirai
http://185.224.0.242/bot.ppc0b9fbd958f934c6e37bdac3d05edbffcd7b66539846b5cc5cd7967586ee301cb Miraielf mirai
http://185.224.0.242/bot.sh42105dea0c1426ff27495bc26ff4b0a07d7c6b5459fd0e6c330d9d3db5ccb5b62 Mirai32-bit elf mirai
http://185.224.0.242/bot.spc2105dea0c1426ff27495bc26ff4b0a07d7c6b5459fd0e6c330d9d3db5ccb5b62 Miraielf
http://185.224.0.242/bot.x86fa738a5a3abcc40bb979d0b71135f14b1041ff773f6c93f500ec07e4edaf8fdd Miraielf mirai
http://185.224.0.242/bot.x86_6433c2ed520416d7b003f9727d717b55be33ea9d83e33fa294b3775892998af2f4 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30755.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679f1acfa9881a7a01c51405linux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin remote
Link:
https://www.filescan.io/uploads/679f1ace32695d90016253f5/reports/83eccd2f-0aa3-435e-be9c-9e7a603dbba5/overview
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-02-02 06:44:09 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6avlxe7zou6m5ld26jcsvbsazfu7dqsuqlz6iqz3ageqvnokz3la._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250202-h1jwea1mas/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f02abb93f9753cceac7af2452a8640c969f1c25482f3e4433b01890ab5caced6

(this sample)

Mirai

elf ef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c

  
URLhaus
https://urlhaus.abuse.ch/url/3423934/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3423947/
  
Dropping
MD5 ac2f659cb5cb063e09e0eed62191a7d6
  
Dropping
SHA256 ef24c5f6ba56bb0761d69486389e900f2d7959f93758e4e854f9094f2fd64a6c

Comments