MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd
SHA3-384 hash:	e84e795af7dd4ec3eabf715479be1e83747fab5583f88719c9d9974570468b70534c961bb292baa3149658481d567da1
SHA1 hash:	c2b9f44e8eb4c2690a47a42ece36a859ba38fb35
MD5 hash:	249bcbf97ad77c7a9167b7c125b6f7e1
humanhash:	friend-whiskey-pluto-nineteen
File name:	cat.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'385 bytes
First seen:	2025-11-23 09:05:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:Ifzp2fIdzGSSXaex5J2NrV/w2zheR922/j1G52012WNOHs2IOrhOl8S273HMDo4v:i2a6MZy71AJNODNN1Mku10+VlmPSd
TLSH	T161217E8F559A1AD303098F6BB371D2D8E808C38F20E3E644FCAB4C318E959A53614E17
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://45.153.34.63/x86_64	b3a59c31bb2b2caa6dc0806400ff5623b33016eca39113afedd8af71ce49c5bc	Mirai	elf mirai ua-wget
http://45.153.34.63/aarch64	af945e8087d7948e30bdbb92e64039714ae50a581b34f35c17cf78923c03674f	Mirai	elf mirai ua-wget
http://45.153.34.63/armhf	794e555182b294e74a7d9ea364566bb85458df33b93a25a16db1eae7a8406732	Mirai	elf mirai ua-wget
http://45.153.34.63/arm	b1c682128658c5d48b4b75876bac6e48f709e691305c4d643433a8b372ab7ae7	Mirai	elf mirai ua-wget
http://45.153.34.63/i686	304780cc651bebe053d8ed919f1241a1677be6a12bd4087b9918f21b49d83dd4	Mirai	elf mirai ua-wget
http://45.153.34.63/m68k	9c6c44ffea2996fa81cf14c10347e82792541fa447878a90271ff342a7aad76c	Mirai	elf mirai ua-wget
http://45.153.34.63/mips	099d29f38684c1e01d3d51d661678fafcf10e36cfc9bacc8be783c934dcb7b1e	Mirai	elf mirai ua-wget
http://45.153.34.63/mipsel	8f595816b847e22356a442bc2d58d50daacde42d6cefeeee46b64b6616313e04	Mirai	elf mirai ua-wget
http://45.153.34.63/powerpc64	bd8203ba8b6ead4e07ccab3d85bb1a7790e60b4686644cfa5d54c56511ab753f	Mirai	elf mirai ua-wget
http://45.153.34.63/sparc	cf6d394bf6a00f7bfba853d95af329da39c2016f8b7d91852ecff96eaf28630d	Mirai	elf mirai ua-wget
http://45.153.34.63/sh4	953c9e1fd3b31e50ea71020d0bde3bf8077a2383a51c7380208262598e574819	Mirai	elf mirai ua-wget
http://45.153.34.63/arc	83e74b3614a3e21867e8d4baebcd131e81a6d9695f3d68fb1bce9a766f0c0efc	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6922ce895d3feebe12d80c73/reports/822cdcca-11c6-47db-a048-a6e56e0f910b/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-11-20T22:21:00Z UTC

Last seen:

2025-11-24T05:37:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.cx HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/f45afe06-4da3-44ef-b2f8-f47492fe3779

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd

Threat name:

Script-Shell.Trojan.Geninst

Status:

Malicious

First seen:

2025-11-21 03:15:25 UTC

File Type:

Text (Shell)

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dqbst6esihkjsrfdeajk33slf223m34usnndtonjtgy44fyqfh6q._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery linux

Link:

https://tria.ge/reports/251123-k2faqadm8s/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1c0329f89241d49944a32012adee4b2eb5b66f94935a39b9a999b1ce171029fd

(this sample)

Mirai

elf b3a59c31bb2b2caa6dc0806400ff5623b33016eca39113afedd8af71ce49c5bc

URLhaus

https://urlhaus.abuse.ch/url/3714723/

Delivery method

Distributed via web download

Dropping

MD5 29e9f1e8fcd226b0ee93ed159c19511c

Dropping

SHA256 b3a59c31bb2b2caa6dc0806400ff5623b33016eca39113afedd8af71ce49c5bc

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample