MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc
SHA3-384 hash:	c3815563ade6556a8590558de10977b514b09684827f4006a31a758199b97f7e68ac84be22b621925f55e15d9adf48ad
SHA1 hash:	f0f43eae29f60afd506c0d18873f3e8151d9f82b
MD5 hash:	c5d55505a9f46fe5e56b28a1085c1442
humanhash:	december-carpet-jupiter-tennis
File name:	telnet.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'778 bytes
First seen:	2025-08-02 17:49:45 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:ofmdtVNaKM6bODOmFkfw1J1at1YoLBYtp77tLByCBwltuANyhyZCK:ofqZFMDzF380thtZ2
TLSH	T14B3178CD72E09153E541CE01F261428FB39FFDC8A2B44E61E4C23C6A9045A92FC7D697
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://89.116.20.194:81/x86_64	e25cb6a0329ab4129928491c960a9b6c42f42cf3bb6d1b89485217dd6f7d705a	Mirai	elf mirai ua-wget
http://89.116.20.194:81/aarch64	148368c139656907c8f6b266d81bcdc3b3319441f9988e9ef0f6e3350e726e59	Mirai	elf mirai ua-wget
http://89.116.20.194:81/m68k	7530b99c41379554d302646138d991d40ad2ffff31bceaf04493745bb1cde170	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mips	83bd516969f81d470c869f68fee62897f9da0ec9a278e60d8a0c0b45461e5eaa	Mirai	elf mirai ua-wget
http://89.116.20.194:81/mipsel	a270f9fb39eb9caa67daf5557ef8f9c39e8dccdef8a60f41d34aec9b0ee251b7	Mirai	elf mirai ua-wget
http://89.116.20.194:81/powerpc	14a6adf2607a29cfeaff0e65612e1bfd5220c15bfb90edb3058cb6f5b9f61a06	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sparc	3c4d721eeb1a3ef68e983bcf20db27d01ded9a90eb12cb4ef358b89b4a1cc2ab	Mirai	elf mirai ua-wget
http://89.116.20.194:81/sh4	42c8c3d999658ef740caabf3dbb91d3a6af70514740a7d36600e3dd4e001da48	Mirai	elf mirai ua-wget
http://89.116.20.194:81/arc	6862040c524ed7a5c79b2c2e64f194537b5fa38ed18c8cecbb60bbb4c7eb8b76	Mirai	elf mirai ua-wget
http://89.116.20.194:81/i486	796b967b81a51130d6f47328b2219861690c752be963d1a51be01595737a4f6d	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv4l	5ad2f330adc43117af5dba048185f94ebae7f4a49c89c04cb7263ec048534fec	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv5l	4f586b94ffdd1276d511378c0d2806ee203190b22c39065f236df3194ef9a66d	Mirai	elf gafgyt mirai ua-wget
http://89.116.20.194:81/armv6l	2af131ebd0b08f6ee4fa518e41d5a513e8b16301d4a9e54e5da46680242703a5	Mirai	elf mirai ua-wget
http://89.116.20.194:81/armv7l	6f7a57d7a8935f0bfa58c74e65b796c27dff7608d7253d06ea00719fd06f6694	Mirai	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/12287056-09e9-4e9c-90c9-89214819b27d

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc/

Verdict:

Malicious

Threat:

HEUR:Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc

Threat name:

Linux.Trojan.SAgnt

Status:

Malicious

First seen:

2025-08-02 17:50:31 UTC

File Type:

Text (Shell)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cddonx7u6jkyyfol5iutrz22xlz2vz6cvqe5ezk5pt6akw3c4hoa._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery linux persistence

Link:

https://tria.ge/reports/250802-wet15sszez/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Creates a large amount of network flows

Enumerates running processes

Modifies init.d

File and Directory Permissions Modification

Deletes itself

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.75

Link:

https://yomi.yoroi.company/submissions/10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 10c6e6dff4f2558c15cbea2938e75abaf3aae7c2ac09d2655d7cfc055b62e1dc

(this sample)

Mirai

elf 7c78e5680aec283bdfcffd32df748f5dd0da8228485c300de504bf5fe88cc12c

URLhaus

https://urlhaus.abuse.ch/url/3590806/

Delivery method

Distributed via web download

Dropping

MD5 31a1eab97c6e18319f51e83bfc3298be

Dropping

SHA256 7c78e5680aec283bdfcffd32df748f5dd0da8228485c300de504bf5fe88cc12c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample