MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87
SHA3-384 hash:	63dac7b21d18b34c736cd30f6b9e5c4c28ffb2d5f0c49a978a8d6f59f08167aef8acedd5722fc867b9c44c54b97d1a48
SHA1 hash:	edfe79e497c1a77b0ec7ff765a8519e39295a971
MD5 hash:	4a03a1ca0d39847bd39f54f158d3409a
humanhash:	diet-salami-north-papa
File name:	c.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'105 bytes
First seen:	2024-12-26 07:26:21 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:3J3gQ/QKQIPQMQhNIO8eQa7KYjowb9sR0ITi:eKjazJowb9sR0Wi
TLSH	T1E511ED88275A6487654809096D7DCC5D6D94F4A1E020ABFDE70AF861DEAC202FAC8AB5
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://154.213.190.241/lmaoWTF/loligang.arm	5bc6d389c73199f180528757a9d70b3cb6d71d132efa94c19719eb6928caa369	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.arm5	a560655939c4ccdf5f4c29fa53548d9209784062b9ad203c9f0693ca48c6b964	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.arm6	fb762dc466481fcf19ee9698f1b627e9b221d8877a99e07f6856a813c2f6bcea	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.arm7	4f994fdc0a89d2277f7fe89448c036337ca33cfb66b9e2d5058e0e37f9d2bda6	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.sh4	00341737153d84428e9c418eba3afbe1b682f7f35cba431f2166ba403de9af3a	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.ppc	567485fc8b49fbadd83eddf0748b78c1aa55c061470c3dc4584898fb16005cbd	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.mips	71d3a997c01de5190eda846e095db2c2a49514502c0ff1a552794bf33d11d19b	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.mpsl	2e6870fb45436c54e458c56af1340d96ad8f61c3226b4de21e7cce3901577195	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.spc	5f18265ba96b1d55399624190fb7622892bae4704c85255dc00b8e09718d0c4e	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.x86	de9d9fd7681fc41b0d746e329ddeae164410684f58105696ae0f1515684c02f8	Mirai	elf mirai
http://154.213.190.241/lmaoWTF/loligang.m68k	c8bac3a2e507a45cedb6c8c445784e73f2eafbf6a493c993c075ff300aa4a644	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=676d05488a4d48ee35ff8f99linux22vpnfull_triage

Tags:

malware

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/676d054703bf7f0bdb5baec1/reports/880bed33-971e-4a3c-a43e-147eecf0befc/overview

Result

Verdict:

MALICIOUS

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87/

Threat name:

Win32.Trojan.Alevaul

Status:

Malicious

First seen:

2024-12-26 05:15:16 UTC

File Type:

Text

AV detection:

10 of 23 (43.48%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7lwgbex6mbaqq7rd5xcfmbdu5ujwcysioplcqs6esza7oq4hbsdq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241226-h931msznek/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh faec6092fe6041087e23edc4560474ed1361624873d6284bc49641f743870c87

(this sample)

Mirai

elf 5bc6d389c73199f180528757a9d70b3cb6d71d132efa94c19719eb6928caa369

URLhaus

https://urlhaus.abuse.ch/url/3376829/

Delivery method

Distributed via web download

Dropping

MD5 9b4ef231f25ed1f03a7dcddb4c9c24af

Dropping

SHA256 5bc6d389c73199f180528757a9d70b3cb6d71d132efa94c19719eb6928caa369

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample