MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c
SHA3-384 hash: 209ce94b83ffe6474873b83e50468829bbca0cd670a21ade340ea9b45853e36d1ece8e5055e0cbb8391a46497349d3b7
SHA1 hash: 5df6de4f1c57f7158f76b934bb656d6bd4b3dc22
MD5 hash: e6f54a4fde57bc94535f3a1d39e55def
humanhash: foxtrot-stairway-sierra-asparagus
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:834 bytes
First seen:2025-10-05 06:36:49 UTC
Last seen:2025-10-06 04:37:40 UTC
File type: sh
MIME type:text/plain
ssdeep 24:3J3XtM+YkfNI75HKpO+Il7ji1T6qlNTtG8NNkln:lm+Yk+5HeTIl7mR6Io8Nil
TLSH T15F01DDEC63A161931B498DE4B0658468B02E96C272708F2E9D7B08E5D8DA3083976B79
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.237.253.28/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://185.237.253.28/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://185.237.253.28/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://185.237.253.28/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://185.237.253.28/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://185.237.253.28/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://185.237.253.28/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://185.237.253.28/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://185.237.253.28/systemcl/sh4n/an/an/a
http://185.237.253.28/systemcl/spcn/an/an/a
http://185.237.253.28/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://185.237.253.28/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive exploit mirai
Link:
https://www.filescan.io/uploads/68e21232d4a0085473c082bf/reports/8048bf01-e505-4cc2-91e1-19edfc6ff67c/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-04T18:30:00Z UTC
Last seen:
2025-10-07T00:05:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1ed1c584-1d10-409a-aea7-6187820fdb9a
Behavior Graph:
Download SVG
%3 guuid=1012d90b-1b00-0000-bf16-0d87ea0a0000 pid=2794 /usr/bin/sudo guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796 /tmp/sample.bin guuid=1012d90b-1b00-0000-bf16-0d87ea0a0000 pid=2794->guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796 execve guuid=84f0190e-1b00-0000-bf16-0d87ed0a0000 pid=2797 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=84f0190e-1b00-0000-bf16-0d87ed0a0000 pid=2797 execve guuid=69510318-1b00-0000-bf16-0d87fa0a0000 pid=2810 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=69510318-1b00-0000-bf16-0d87fa0a0000 pid=2810 execve guuid=fd856018-1b00-0000-bf16-0d87fb0a0000 pid=2811 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=fd856018-1b00-0000-bf16-0d87fb0a0000 pid=2811 clone guuid=a6c76c18-1b00-0000-bf16-0d87fd0a0000 pid=2813 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=a6c76c18-1b00-0000-bf16-0d87fd0a0000 pid=2813 execve guuid=977bd81b-1b00-0000-bf16-0d87020b0000 pid=2818 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=977bd81b-1b00-0000-bf16-0d87020b0000 pid=2818 execve guuid=088f521c-1b00-0000-bf16-0d87040b0000 pid=2820 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=088f521c-1b00-0000-bf16-0d87040b0000 pid=2820 clone guuid=7c70641c-1b00-0000-bf16-0d87050b0000 pid=2821 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=7c70641c-1b00-0000-bf16-0d87050b0000 pid=2821 execve guuid=b9bfae21-1b00-0000-bf16-0d87120b0000 pid=2834 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=b9bfae21-1b00-0000-bf16-0d87120b0000 pid=2834 execve guuid=aafb1122-1b00-0000-bf16-0d87140b0000 pid=2836 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=aafb1122-1b00-0000-bf16-0d87140b0000 pid=2836 clone guuid=7a2e2422-1b00-0000-bf16-0d87150b0000 pid=2837 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=7a2e2422-1b00-0000-bf16-0d87150b0000 pid=2837 execve guuid=ac7fbc26-1b00-0000-bf16-0d87200b0000 pid=2848 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=ac7fbc26-1b00-0000-bf16-0d87200b0000 pid=2848 execve guuid=70c0fe26-1b00-0000-bf16-0d87220b0000 pid=2850 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=70c0fe26-1b00-0000-bf16-0d87220b0000 pid=2850 clone guuid=08210a27-1b00-0000-bf16-0d87230b0000 pid=2851 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=08210a27-1b00-0000-bf16-0d87230b0000 pid=2851 execve guuid=ce458c2a-1b00-0000-bf16-0d87290b0000 pid=2857 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=ce458c2a-1b00-0000-bf16-0d87290b0000 pid=2857 execve guuid=fcced62a-1b00-0000-bf16-0d872a0b0000 pid=2858 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=fcced62a-1b00-0000-bf16-0d872a0b0000 pid=2858 clone guuid=f8a2e12a-1b00-0000-bf16-0d872b0b0000 pid=2859 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=f8a2e12a-1b00-0000-bf16-0d872b0b0000 pid=2859 execve guuid=c4c60630-1b00-0000-bf16-0d87390b0000 pid=2873 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=c4c60630-1b00-0000-bf16-0d87390b0000 pid=2873 execve guuid=9f986b30-1b00-0000-bf16-0d873c0b0000 pid=2876 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=9f986b30-1b00-0000-bf16-0d873c0b0000 pid=2876 clone guuid=2ff97a30-1b00-0000-bf16-0d873d0b0000 pid=2877 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=2ff97a30-1b00-0000-bf16-0d873d0b0000 pid=2877 execve guuid=c3458d38-1b00-0000-bf16-0d87530b0000 pid=2899 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=c3458d38-1b00-0000-bf16-0d87530b0000 pid=2899 execve guuid=f9ddd038-1b00-0000-bf16-0d87550b0000 pid=2901 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=f9ddd038-1b00-0000-bf16-0d87550b0000 pid=2901 clone guuid=b15edb38-1b00-0000-bf16-0d87560b0000 pid=2902 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=b15edb38-1b00-0000-bf16-0d87560b0000 pid=2902 execve guuid=4a70753e-1b00-0000-bf16-0d87650b0000 pid=2917 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=4a70753e-1b00-0000-bf16-0d87650b0000 pid=2917 execve guuid=bd21c73e-1b00-0000-bf16-0d87660b0000 pid=2918 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=bd21c73e-1b00-0000-bf16-0d87660b0000 pid=2918 clone guuid=b0c4d33e-1b00-0000-bf16-0d87670b0000 pid=2919 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=b0c4d33e-1b00-0000-bf16-0d87670b0000 pid=2919 execve guuid=4855bb42-1b00-0000-bf16-0d876f0b0000 pid=2927 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=4855bb42-1b00-0000-bf16-0d876f0b0000 pid=2927 execve guuid=121b3743-1b00-0000-bf16-0d87700b0000 pid=2928 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=121b3743-1b00-0000-bf16-0d87700b0000 pid=2928 clone guuid=549d4a43-1b00-0000-bf16-0d87710b0000 pid=2929 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=549d4a43-1b00-0000-bf16-0d87710b0000 pid=2929 execve guuid=2ff73348-1b00-0000-bf16-0d877a0b0000 pid=2938 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=2ff73348-1b00-0000-bf16-0d877a0b0000 pid=2938 execve guuid=a0399048-1b00-0000-bf16-0d877c0b0000 pid=2940 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=a0399048-1b00-0000-bf16-0d877c0b0000 pid=2940 clone guuid=bb789c48-1b00-0000-bf16-0d877d0b0000 pid=2941 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=bb789c48-1b00-0000-bf16-0d877d0b0000 pid=2941 execve guuid=e328214c-1b00-0000-bf16-0d87860b0000 pid=2950 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=e328214c-1b00-0000-bf16-0d87860b0000 pid=2950 execve guuid=ccd1834c-1b00-0000-bf16-0d87870b0000 pid=2951 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=ccd1834c-1b00-0000-bf16-0d87870b0000 pid=2951 clone guuid=7f299b4c-1b00-0000-bf16-0d87880b0000 pid=2952 /usr/bin/curl net send-data guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=7f299b4c-1b00-0000-bf16-0d87880b0000 pid=2952 execve guuid=b5609e52-1b00-0000-bf16-0d878a0b0000 pid=2954 /usr/bin/chmod guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=b5609e52-1b00-0000-bf16-0d878a0b0000 pid=2954 execve guuid=b9fbdb52-1b00-0000-bf16-0d878c0b0000 pid=2956 /usr/bin/dash guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=b9fbdb52-1b00-0000-bf16-0d878c0b0000 pid=2956 clone guuid=d213f052-1b00-0000-bf16-0d878e0b0000 pid=2958 /usr/bin/rm delete-file guuid=c976c00d-1b00-0000-bf16-0d87ec0a0000 pid=2796->guuid=d213f052-1b00-0000-bf16-0d878e0b0000 pid=2958 execve 82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 185.237.253.28:80 guuid=84f0190e-1b00-0000-bf16-0d87ed0a0000 pid=2797->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=a6c76c18-1b00-0000-bf16-0d87fd0a0000 pid=2813->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=7c70641c-1b00-0000-bf16-0d87050b0000 pid=2821->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=7a2e2422-1b00-0000-bf16-0d87150b0000 pid=2837->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=08210a27-1b00-0000-bf16-0d87230b0000 pid=2851->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=f8a2e12a-1b00-0000-bf16-0d872b0b0000 pid=2859->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=2ff97a30-1b00-0000-bf16-0d873d0b0000 pid=2877->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 91B guuid=b15edb38-1b00-0000-bf16-0d87560b0000 pid=2902->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=b0c4d33e-1b00-0000-bf16-0d87670b0000 pid=2919->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=549d4a43-1b00-0000-bf16-0d87710b0000 pid=2929->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=bb789c48-1b00-0000-bf16-0d877d0b0000 pid=2941->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=7f299b4c-1b00-0000-bf16-0d87880b0000 pid=2952->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 93B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-04 23:24:44 UTC
File Type:
Text (Shell)
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cqs54hkteiemlrkgsavfyx4sppjohdt4dnkhopws2675r6fxjjwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251005-hdtgbscp9t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1425de1d532208c5c546902a5c5f927bd2e38e7c1b54773ed2d7bfd8f8b74a6c

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3657442/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments