MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff
SHA3-384 hash: daf7deafaecd1bb8dfa4f1d58437765db841dbb2790ea34c5f3a3d1a61cc0e460857175212bd499c7773f7f36406edcb
SHA1 hash: bd0d85e1f744a2f421cde17e98d1ae083289934d
MD5 hash: 62da7a0ca52eb27e21567f7801ce0e46
humanhash: saturn-utah-ink-king
File name:t
Download: download sample
Signature Mirai
Create hunting rule
File size:2'444 bytes
First seen:2024-12-26 17:01:20 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:4k5CEA00LZoQk1mPlk1mXJX7k1m0Ok1m7xk1meck1mWEk1m6Yk1mBDk1m4S4gk11:tCEA00irEPuEZwE0lE7iEe/EWnE6zEBO
TLSH T1F15166CF026848B65E40C9AD76D74E54648D8ADF1CCDCA4FA84F0D36B08CA5E7621F6A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://5.230.228.134/tt/mipsd43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d Miraielf gafgyt mirai
http://5.230.228.134/tt/mipsel97a24b4b731f4e99adc64b52b2c8f282c0d81837d24f151417d10119fd5f5de0 Miraielf gafgyt mirai
http://5.230.228.134/tt/armv4l16665f3472a973adddc341e684d708066d35d89d6454f92235111ff4d205096e Gafgytelf gafgyt
http://5.230.228.134/tt/armv5lf163e77db013b6c781026dfd9e155b6676b048091c457dde5bf88da709750d26 Gafgytelf gafgyt
http://5.230.228.134/tt/armv6lfb4215132aee270148aabc85c0d6272b828cb5cf035c6b8823638c03a99c3e16 Gafgytelf gafgyt
http://5.230.228.134/tt/armv7l2ea8ef781900b5a3048e1f7f9d15893c5f366a9b1724de29cc5702d40c1a176a Gafgytelf gafgyt
http://5.230.228.134/tt/sh42c0a317af8c8ad9255f20d6d7bda5effd8012886dd64f62484e33ca25995de8f Gafgytelf gafgyt
http://5.230.228.134/tt/sparcc7d4204efff17cf1a07c62af9aa1d24ab87cf006437bde9128bc909cd1fbb81e Miraielf gafgyt mirai
http://5.230.228.134/tt/riscv32b6e0036281a36ce295405c8edf3e65e24b11adcd4a7a5d77b43f9c14a624162d Miraielf gafgyt mirai
http://5.230.228.134/tt/powerpcac2921f97af63ea1e2ef94d53ec118b9b8f82964c9eac536f96eabe90a18f64f Miraielf gafgyt mirai
http://5.230.228.134/tt/armv4ebd4264092f6981bbcfaa1455bb1da08cb85860bbccc4c8601e30d80ec7f6c1e06 Gafgytelf gafgyt
http://5.230.228.134/tt/arc90b4e907a8ed7c4ca292aa54504d5277ac5c079b009966290a0a0d754030e0c9 Miraielf gafgyt mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676e46258a4d48ee35ffe697linux22vpnfull_triage
Tags:
mirai agent virus hype
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug lolbin remote
Link:
https://www.filescan.io/uploads/676d8c0db227d2dfb41070fe/reports/f21fb172-0cbd-43f6-95e3-b9b5fa727b66/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff
Result
Verdict:
MALICIOUS
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff/
Threat name:
Script-Shell.Trojan.MiraiA
Create hunting rule
Status:
Malicious
First seen:
2024-12-26 17:47:32 UTC
File Type:
Text (Shell)
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6dudt3u7ik3gjfqg4wkmztvzwo2n6o2taiybwt5emqiabxqgqx7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f0e839ee9f42b6649606e594ccceb9b3b4df3b5302301b4fa4641000de0685ff

(this sample)

Mirai

elf d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d

  
URLhaus
https://urlhaus.abuse.ch/url/3377327/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6eae27ecf1e2d9153b6f1552ab3fc8a3
  
Dropping
SHA256 d43fbf7577e3c3cddd61bf545d63fa164f9337fc239b4c6f3c11010158febb4d
  
URLhaus
https://urlhaus.abuse.ch/url/3378406/

Comments