MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d
SHA3-384 hash:	e9ca638fed34c46f0eeaf6d6aaf311deb7380b4efc5ac262b2b022f23563005aeaa56a256450ebd21ffac5a22f04079f
SHA1 hash:	0ddb1fc23223185553564af6ee6caafd88660827
MD5 hash:	ff31ffe7edff1e5019fca42c14a37159
humanhash:	grey-thirteen-yellow-fifteen
File name:	wmlsw.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'128 bytes
First seen:	2025-01-29 14:06:27 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:3p6SbVp6hs/Up66NIY1vp6L4KKapgvp2pjDpIpspH8vg:3ppp4pJpNIpgvp2pjDpIpspH8vg
TLSH	T19F2166DDEBD19209C2408E9351D353FA810A99E068165FDCBBCCD836829CD64FAD370C
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.arm	8cb705b992dca95956a0c9d370c7fecf9c76c194cc56a51b8501e42801abb4cd	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.arm5	0c593a80ea15c32d16a7cad5de336118aac3f4d72d58f45865c905c39c2a907c	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.arm6	61e8e27b69e9cdea27309b92bc77129d989d53821287a1bdd5dad9e23ceeb740	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.arm7	7af5da49025c9573f868bf6e244332d4684b3a8b19f16d6017dd15487f4ec3a0	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.mk68k	7af5da49025c9573f868bf6e244332d4684b3a8b19f16d6017dd15487f4ec3a0	Mirai	elf
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.mips	52da7aa64126aa61b71478769cacaa1ba8deb57f47242b26b72f99ee72bd6da6	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.mpsl	60bb8fd01655dd0511f0691fc3b014dcf1c189690ebcdcd4b6308487bfb4a7e0	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.ppc	72a0bfd3a8d7f40d6178ab07e92ddf44fb0d9648c19793098d73cd25fac1134b	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.sh4	110a255533511c63d10559e3236d70bea214fcba4889a3a5afc97e04a3c7b527	Mirai	elf mirai
http://209.38.31.174/dhwuiadhjsakfbhdsjfgdsdwahw/telnet.x86	fdee9e9f4fdf844ecd4d60688701723c56b7c41392ef9f89d1f552d693334604	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

107

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=679a388839cd5095f12b5039linux22vpnfull_triage

Tags:

downloader ransomware shellcode

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/679a360a1dd12f0a59d46433/reports/3ffe459b-a3d5-4e93-afba-c35d94e267a5/overview

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-01-29 14:07:04 UTC

File Type:

Text (Shell)

AV detection:

16 of 38 (42.11%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6twqh7av3ubhwn4gqm7lc3gv3ipmokf6z2vko4i654zg6xmwnfgq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250129-rey8mszpfz/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f4ed03fc15dd027b3786833eb16cd5da1ec728beceaaa7711eef326f5d96694d

(this sample)

Mirai

elf 8cb705b992dca95956a0c9d370c7fecf9c76c194cc56a51b8501e42801abb4cd

URLhaus

https://urlhaus.abuse.ch/url/3418592/

Delivery method

Distributed via web download

Dropping

MD5 94031679886442f66e62d183e878eb4a

Dropping

SHA256 8cb705b992dca95956a0c9d370c7fecf9c76c194cc56a51b8501e42801abb4cd

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample