MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a
SHA3-384 hash: 411d94c1bcc8bf76864b1d7b2631283feaf045d82200fbda5f9db76b4022ac26ea4c95b6c75c422b77974b59fe95b9e9
SHA1 hash: ca94719aa048e4d6a0e87544411e72066c03f220
MD5 hash: 54135b7f9acfd5024c88ccc5429cf881
humanhash: wisconsin-maryland-maryland-south
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:979 bytes
First seen:2025-06-30 17:11:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3+InIyIRGNINTInKLIpIwIG8I3hIaNI7I6f:/IREnvCnGj3qaWc6f
TLSH T146110DED005E7446AB3D9E31F03D6849E48086E035A4D781F04ED4B6F1A9A2B4336B93
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://bulon.trumdvfb.com/skibidi/cutearm1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm531bd74459680c387a1eb10667a44b7691101778b2eee79dd9e33c27cf18af7eb Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm6e7ed00ebd7a3124bf74c3a1e5de27d55daeba1a6c6dd9b507a5c4435eb87e78c Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm7b2510b90cc924b8bde71cb86f3875a466de3a4dff19efa2cc4d93173f38a3381 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutem68kfc1848906eb6cf539a5009dfa5cbd87b822287242ceb9e04e7bd6f747a1f0a6e Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutemips994d3872166fd7b39d2c05628c86417140f456637e811f9235792c5b667947dd Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutempsle389a22f9b3afb0c931166ee35ed4668519b21fb82040c5def34e6da01918b43 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutepowerpcn/an/aelf opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutesh4245daaf02866c349c32028beeaec0c428a85ad4a0fe3df40449ad0cdd2942db6 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutex8672f6704fdb711d1ba20c96a7ef73e7ac2cd41943cc4bdd417cab03417be1eb55 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutex86_64a6880d908d5fa479ce234db7beed1598d5c8e9304696d3af7dc8cfee07a55e7e Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32158.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6862c57037c343677947e0d2linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6862c57b7423ff017c37793f/reports/9a3abf75-af2d-4e03-8a6d-061387cfef4b/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/247e196b-db41-4323-ab6d-4a16a7afed85
Behavior Graph:
Download SVG
%3 guuid=1e5affb5-1800-0000-d785-838dd1060000 pid=1745 /usr/bin/sudo guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753 /tmp/sample.bin guuid=1e5affb5-1800-0000-d785-838dd1060000 pid=1745->guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753 execve guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1754 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1754 execve guuid=2814d009-1900-0000-d785-838d78070000 pid=1912 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=2814d009-1900-0000-d785-838d78070000 pid=1912 execve guuid=547a1d0a-1900-0000-d785-838d7a070000 pid=1914 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=547a1d0a-1900-0000-d785-838d7a070000 pid=1914 clone guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1915 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1915 execve guuid=2215ef54-1900-0000-d785-838dfa070000 pid=2042 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=2215ef54-1900-0000-d785-838dfa070000 pid=2042 execve guuid=ab643055-1900-0000-d785-838dfc070000 pid=2044 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=ab643055-1900-0000-d785-838dfc070000 pid=2044 clone guuid=35673e55-1900-0000-d785-838dfd070000 pid=2045 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=35673e55-1900-0000-d785-838dfd070000 pid=2045 execve guuid=423daea2-1900-0000-d785-838dbf080000 pid=2239 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=423daea2-1900-0000-d785-838dbf080000 pid=2239 execve guuid=5c6af8a2-1900-0000-d785-838dc1080000 pid=2241 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=5c6af8a2-1900-0000-d785-838dc1080000 pid=2241 clone guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2242 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2242 execve guuid=0682d4ea-1900-0000-d785-838d33090000 pid=2355 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=0682d4ea-1900-0000-d785-838d33090000 pid=2355 execve guuid=23b944eb-1900-0000-d785-838d35090000 pid=2357 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=23b944eb-1900-0000-d785-838d35090000 pid=2357 clone guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2358 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2358 execve guuid=02f66341-1a00-0000-d785-838de0090000 pid=2528 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=02f66341-1a00-0000-d785-838de0090000 pid=2528 execve guuid=37af9f41-1a00-0000-d785-838de2090000 pid=2530 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=37af9f41-1a00-0000-d785-838de2090000 pid=2530 clone guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2531 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2531 execve guuid=39028989-1a00-0000-d785-838d9d0a0000 pid=2717 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=39028989-1a00-0000-d785-838d9d0a0000 pid=2717 execve guuid=60aac889-1a00-0000-d785-838d9f0a0000 pid=2719 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=60aac889-1a00-0000-d785-838d9f0a0000 pid=2719 clone guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2720 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2720 execve guuid=5b41e5d0-1a00-0000-d785-838d250b0000 pid=2853 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=5b41e5d0-1a00-0000-d785-838d250b0000 pid=2853 execve guuid=f8965fd1-1a00-0000-d785-838d270b0000 pid=2855 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=f8965fd1-1a00-0000-d785-838d270b0000 pid=2855 clone guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2856 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2856 execve guuid=1257fdf2-1a00-0000-d785-838d640b0000 pid=2916 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=1257fdf2-1a00-0000-d785-838d640b0000 pid=2916 execve guuid=e41548f3-1a00-0000-d785-838d650b0000 pid=2917 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=e41548f3-1a00-0000-d785-838d650b0000 pid=2917 clone guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2918 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2918 execve guuid=b123463c-1b00-0000-d785-838dd90b0000 pid=3033 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=b123463c-1b00-0000-d785-838dd90b0000 pid=3033 execve guuid=662c843c-1b00-0000-d785-838dda0b0000 pid=3034 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=662c843c-1b00-0000-d785-838dda0b0000 pid=3034 clone guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3035 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3035 execve guuid=18dff377-1b00-0000-d785-838d600c0000 pid=3168 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=18dff377-1b00-0000-d785-838d600c0000 pid=3168 execve guuid=a46e4b78-1b00-0000-d785-838d620c0000 pid=3170 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=a46e4b78-1b00-0000-d785-838d620c0000 pid=3170 clone guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3171 /usr/bin/curl net send-data guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3171 execve guuid=7df265c3-1b00-0000-d785-838db10c0000 pid=3249 /usr/bin/chmod guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=7df265c3-1b00-0000-d785-838db10c0000 pid=3249 execve guuid=4ab6dac3-1b00-0000-d785-838db30c0000 pid=3251 /usr/bin/dash guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=4ab6dac3-1b00-0000-d785-838db30c0000 pid=3251 clone guuid=f23dedc3-1b00-0000-d785-838db50c0000 pid=3253 /usr/bin/rm delete-file guuid=aaef5cb8-1800-0000-d785-838dd9060000 pid=1753->guuid=f23dedc3-1b00-0000-d785-838db50c0000 pid=3253 execve 335e45e1-900c-525d-a121-427d12ffb8e9 bulon.trumdvfb.com:80 guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1754->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1765 /usr/bin/curl dns net send-data guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1754->guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1765 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=1755b2b8-1800-0000-d785-838dda060000 pid=1765->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1915->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1924 /usr/bin/curl dns net send-data guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1915->guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1924 clone guuid=f15f2d0a-1900-0000-d785-838d7b070000 pid=1924->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=35673e55-1900-0000-d785-838dfd070000 pid=2045->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=35673e55-1900-0000-d785-838dfd070000 pid=2052 /usr/bin/curl dns net send-data guuid=35673e55-1900-0000-d785-838dfd070000 pid=2045->guuid=35673e55-1900-0000-d785-838dfd070000 pid=2052 clone guuid=35673e55-1900-0000-d785-838dfd070000 pid=2052->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2242->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2251 /usr/bin/curl dns net send-data guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2242->guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2251 clone guuid=df8e08a3-1900-0000-d785-838dc2080000 pid=2251->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2358->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2363 /usr/bin/curl dns net send-data guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2358->guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2363 clone guuid=d1fb51eb-1900-0000-d785-838d36090000 pid=2363->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2531->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2537 /usr/bin/curl dns net send-data guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2531->guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2537 clone guuid=52cdb341-1a00-0000-d785-838de3090000 pid=2537->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2720->335e45e1-900c-525d-a121-427d12ffb8e9 send: 98B guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2725 /usr/bin/curl dns net send-data guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2720->guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2725 clone guuid=8092cd89-1a00-0000-d785-838da00a0000 pid=2725->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2856->335e45e1-900c-525d-a121-427d12ffb8e9 send: 101B guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2865 /usr/bin/curl dns net send-data guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2856->guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2865 clone guuid=d9566fd1-1a00-0000-d785-838d280b0000 pid=2865->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2918->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2925 /usr/bin/curl dns net send-data guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2918->guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2925 clone guuid=85e74ef3-1a00-0000-d785-838d660b0000 pid=2925->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3035->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3039 /usr/bin/curl dns net send-data guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3035->guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3039 clone guuid=d6268a3c-1b00-0000-d785-838ddb0b0000 pid=3039->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3171->335e45e1-900c-525d-a121-427d12ffb8e9 send: 100B guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3181 /usr/bin/curl dns net send-data guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3171->guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3181 clone guuid=96105b78-1b00-0000-d785-838d630c0000 pid=3181->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a/
Threat name:
Document-HTML.Browser.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-06-30 17:12:15 UTC
File Type:
Text (Shell)
AV detection:
4 of 36 (11.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=apji4hvfhpt4bxfaxx5sij4yetkjcnwugxv6kgonjrgwzdytngna._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250630-vqxeza1wbw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 03d28e1ea53be7c0dca0bdfb24279824d49136d435ebe519cd4c4d6c8f13699a

(this sample)

Mirai

elf 1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c

  
URLhaus
https://urlhaus.abuse.ch/url/3561452/
  
Delivery method
Distributed via web download
  
Dropping
MD5 42278aa3a2e73a1034ad0ece2ac21b5b
  
Dropping
SHA256 1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c
  
URLhaus
https://urlhaus.abuse.ch/url/3572550/

Comments