MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc
SHA3-384 hash: 0ce6f3c84103ebc82d6641f3edfa770e97ec25b3dab65a63669c4349ee436353dc8ba4f2b021f089089264ef496cfac2
SHA1 hash: cc91689dda3eee0dc0686f8eda9f832d66007ab2
MD5 hash: 8ee398dc8c16098da7829cbe7f511598
humanhash: march-october-six-bakerloo
File name:c.sh
Download: download sample
File size:3'154 bytes
First seen:2026-01-25 00:52:41 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:0ivgRByuZ4M656LGn92YZCBAf7ZV3q4jfDi:0ivC0xZA2r8
TLSH T17B51F7F9BA70A131B20C8DFCF02AD48CBCA394BF11746A3158F69DB0C2AD558515A27E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://77.42.21.37/systemcl/arcfb73d8b20485136882c270df6fc64b7499dd9af4c1361bb8893f6ff827e8926d Miraielf mirai ua-wget
http://77.42.21.37/systemcl/arm0ebf87b4e6f9225a6062947618de49be2a4cdb146e9b68c07056d2fa0c91f16b Mirai32-bit elf mirai Mozi
http://77.42.21.37/systemcl/arm5dfd8a925739e4df860e83995e0625d562ec32ab5f7b338b204a30939b2019f3e Miraielf mirai ua-wget
http://77.42.21.37/systemcl/arm6ad083a1f9186ffc38fbd148fe515812a7ccc82f410ac74ed6ac7fbd88f135ac3 Miraielf mirai ua-wget
http://77.42.21.37/systemcl/arm7fa67b277479419302ccc82d5862c7c47723de5185f5798c3f21befbc0e26af9f Miraielf mirai ua-wget
http://77.42.21.37/systemcl/i486n/an/aelf ua-wget
http://77.42.21.37/systemcl/m68k3c4697891ad492001f880868fe557f2b1b4627ec60a2058e6ffa57bd5934243c Miraielf mirai ua-wget
http://77.42.21.37/systemcl/mipsa4d03d28364c3c527fb20f3cf9984f78abaef31182f25e106cf7bffb2094cdef Mirai32-bit elf mirai Mozi
http://77.42.21.37/systemcl/mpsle5fa9517ae35e916913e60115a385e0173239103f707688804b299ddf5c3ec36 Miraielf mirai ua-wget
http://77.42.21.37/systemcl/ppc9e74dc5377747bdd06bd70cbcb4325e0218a8dd31f66dcccfa41069b7a11ca00 Miraielf mirai ua-wget
http://77.42.21.37/systemcl/ppc440n/an/aelf ua-wget
http://77.42.21.37/systemcl/sh4105e02593bad28306e810b5c3ccfd4f3c76d8b1bb33e0dba4540381289ab8bda Miraielf mirai ua-wget
http://77.42.21.37/systemcl/spc911f54971bce91bd384ad1e66296f0baab373b3bfdba78a21baa0b6fd1f7f358 Miraielf mirai ua-wget
http://77.42.21.37/systemcl/x86b1eca05ac8f0dca29557632c95eab45b6cdedd3a594cc28c6d94ce8f7ef37bba Mirai32-bit elf mirai Mozi
http://77.42.21.37/systemcl/x86_6427968814839edb77bd46fe35bb64115b75985e9069a045b86f1dd73ade0d2de6 Miraielf mirai ua-wget
http://77.42.21.37/systemcl/x86_3260246e66a15265caf6b8d57f52e17f1f58f33498944d18dede0b91b8d4ebd087 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6975697ff3c1b7b1fbdc16c8/reports/4fad6d0f-b2ef-4859-8878-fd470726f546/overview
Result
Gathering data
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2346f6b1-2f8c-4ff8-8198-0f4614be5cb7
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-25 00:53:08 UTC
File Type:
Text (Shell)
AV detection:
10 of 36 (27.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ef2f3pocsotmc5shfhnasmsddmxcikd5ohnfe3xov5tx3zn3vc6a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260125-a8svaaby5c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 21745dbdc293a6c1764729da0932431b2e24287d71da526eeeaf677de5bba8bc

(this sample)

Mirai

elf fb73d8b20485136882c270df6fc64b7499dd9af4c1361bb8893f6ff827e8926d

  
URLhaus
https://urlhaus.abuse.ch/url/3763390/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3763449/
  
Dropping
MD5 762991edaaf311c970bd368b91606fee
  
Dropping
SHA256 fb73d8b20485136882c270df6fc64b7499dd9af4c1361bb8893f6ff827e8926d

Comments