MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026
SHA3-384 hash: 19ee5089d7b8b836ce7949e2f864fc76223c5999e6aeca1059bb5e3fc318d15e8bed5b1b3c9715ae80f16017833691ae
SHA1 hash: 21cb76a1d06b18caa2078f23c870769ad2478dfc
MD5 hash: 4ac1b23613e0eb94034ee6442115201e
humanhash: video-queen-crazy-maine
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'171 bytes
First seen:2025-07-26 05:43:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3O+LoNIQBK1qYdD18myWZIeAtnqLFSHR:YEa8IDnq0x
TLSH T19D211D8F9E719801A60C4FF9A096F0187757CED0E3B94B85F02D98B46994714A3C6A36
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/bins/upjohn90.armc395ceb8a4f4064e0671b8d6fdfb45e032c1664b7b2f573c800c3bd6072814d7 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm54e961ef5d8f7785e80d7b3a0724867290f3b1915f6c18e29161fa13bc2847308 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm65ce4b2ec0bed3dad02122aa983b8b971c1f7f1c83790fc0ff0553b01e7787643 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm7ee13944117cc17dbf206670b936391e7f972f4602ac69dfd697a7657247a8e8c Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.m68k6404f414a595daa57a4392b69cb368b82564ab3f10e4f2e693bf0d5527164947 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.mipsn/an/aelf opendir ua-wget
http://196.251.116.34/bins/upjohn90.mpsln/an/aelf opendir ua-wget
http://196.251.116.34/bins/upjohn90.ppcc3a430647d7655e27a93bd9603eea92334be7e84c8ea8980a78b598ff1224c67 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.sh492847d3959ecb46f8ca414864ec47af1d7de4dcb9f15bea49f0ca9c543f7fcc4 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.spcc4657bca1b72a99df88dd18a5f6facfae6fea5df0c5c24844456d1a9e35c73f7 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.x860bfd4a0db43370d7fafc548626a96aa0fbb22a13f517499cc10f357825fa0e37 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.x86_643f2ac0cc57fb6ed02a616835f1c67c6e8fb85bdb9dee190094293f0017b69e44 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68846b2da16348d835ef77bf/reports/407ba3d3-a6b7-446c-b248-b1147678de06/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/52b3eec9-d9bd-46d2-af01-9c92b0549871
Behavior Graph:
Download SVG
%3 guuid=20a3dc2c-1800-0000-fa5a-c2abe20c0000 pid=3298 /usr/bin/sudo guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305 /tmp/sample.bin guuid=20a3dc2c-1800-0000-fa5a-c2abe20c0000 pid=3298->guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305 execve guuid=afdc912e-1800-0000-fa5a-c2abeb0c0000 pid=3307 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=afdc912e-1800-0000-fa5a-c2abeb0c0000 pid=3307 execve guuid=59e73739-1800-0000-fa5a-c2abf40c0000 pid=3316 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=59e73739-1800-0000-fa5a-c2abf40c0000 pid=3316 execve guuid=1540b439-1800-0000-fa5a-c2abf50c0000 pid=3317 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=1540b439-1800-0000-fa5a-c2abf50c0000 pid=3317 clone guuid=a029d439-1800-0000-fa5a-c2abf60c0000 pid=3318 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=a029d439-1800-0000-fa5a-c2abf60c0000 pid=3318 execve guuid=c1411041-1800-0000-fa5a-c2ab030d0000 pid=3331 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=c1411041-1800-0000-fa5a-c2ab030d0000 pid=3331 execve guuid=a4966541-1800-0000-fa5a-c2ab040d0000 pid=3332 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=a4966541-1800-0000-fa5a-c2ab040d0000 pid=3332 clone guuid=c5807641-1800-0000-fa5a-c2ab050d0000 pid=3333 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=c5807641-1800-0000-fa5a-c2ab050d0000 pid=3333 execve guuid=fac0af46-1800-0000-fa5a-c2ab140d0000 pid=3348 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=fac0af46-1800-0000-fa5a-c2ab140d0000 pid=3348 execve guuid=e8ed3947-1800-0000-fa5a-c2ab150d0000 pid=3349 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=e8ed3947-1800-0000-fa5a-c2ab150d0000 pid=3349 clone guuid=bfe75047-1800-0000-fa5a-c2ab160d0000 pid=3350 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=bfe75047-1800-0000-fa5a-c2ab160d0000 pid=3350 execve guuid=e2a0bd4c-1800-0000-fa5a-c2ab250d0000 pid=3365 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=e2a0bd4c-1800-0000-fa5a-c2ab250d0000 pid=3365 execve guuid=52a1304d-1800-0000-fa5a-c2ab270d0000 pid=3367 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=52a1304d-1800-0000-fa5a-c2ab270d0000 pid=3367 clone guuid=a380434d-1800-0000-fa5a-c2ab280d0000 pid=3368 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=a380434d-1800-0000-fa5a-c2ab280d0000 pid=3368 execve guuid=3e46ac54-1800-0000-fa5a-c2ab380d0000 pid=3384 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=3e46ac54-1800-0000-fa5a-c2ab380d0000 pid=3384 execve guuid=ced4f154-1800-0000-fa5a-c2ab3a0d0000 pid=3386 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=ced4f154-1800-0000-fa5a-c2ab3a0d0000 pid=3386 clone guuid=5328fc54-1800-0000-fa5a-c2ab3b0d0000 pid=3387 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=5328fc54-1800-0000-fa5a-c2ab3b0d0000 pid=3387 execve guuid=4a92095a-1800-0000-fa5a-c2ab430d0000 pid=3395 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=4a92095a-1800-0000-fa5a-c2ab430d0000 pid=3395 execve guuid=7d4f565a-1800-0000-fa5a-c2ab450d0000 pid=3397 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=7d4f565a-1800-0000-fa5a-c2ab450d0000 pid=3397 clone guuid=aab0645a-1800-0000-fa5a-c2ab460d0000 pid=3398 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=aab0645a-1800-0000-fa5a-c2ab460d0000 pid=3398 execve guuid=4ec0fe60-1800-0000-fa5a-c2ab580d0000 pid=3416 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=4ec0fe60-1800-0000-fa5a-c2ab580d0000 pid=3416 execve guuid=fbd75561-1800-0000-fa5a-c2ab5b0d0000 pid=3419 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=fbd75561-1800-0000-fa5a-c2ab5b0d0000 pid=3419 clone guuid=bac16961-1800-0000-fa5a-c2ab5c0d0000 pid=3420 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=bac16961-1800-0000-fa5a-c2ab5c0d0000 pid=3420 execve guuid=6fcdd165-1800-0000-fa5a-c2ab6b0d0000 pid=3435 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=6fcdd165-1800-0000-fa5a-c2ab6b0d0000 pid=3435 execve guuid=e6d42966-1800-0000-fa5a-c2ab6d0d0000 pid=3437 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=e6d42966-1800-0000-fa5a-c2ab6d0d0000 pid=3437 clone guuid=1a3a3966-1800-0000-fa5a-c2ab6e0d0000 pid=3438 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=1a3a3966-1800-0000-fa5a-c2ab6e0d0000 pid=3438 execve guuid=664d6c6b-1800-0000-fa5a-c2ab800d0000 pid=3456 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=664d6c6b-1800-0000-fa5a-c2ab800d0000 pid=3456 execve guuid=3425af6b-1800-0000-fa5a-c2ab820d0000 pid=3458 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=3425af6b-1800-0000-fa5a-c2ab820d0000 pid=3458 clone guuid=e90bc06b-1800-0000-fa5a-c2ab830d0000 pid=3459 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=e90bc06b-1800-0000-fa5a-c2ab830d0000 pid=3459 execve guuid=16906a70-1800-0000-fa5a-c2ab920d0000 pid=3474 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=16906a70-1800-0000-fa5a-c2ab920d0000 pid=3474 execve guuid=551fa070-1800-0000-fa5a-c2ab930d0000 pid=3475 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=551fa070-1800-0000-fa5a-c2ab930d0000 pid=3475 clone guuid=71afa570-1800-0000-fa5a-c2ab940d0000 pid=3476 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=71afa570-1800-0000-fa5a-c2ab940d0000 pid=3476 execve guuid=41657774-1800-0000-fa5a-c2aba20d0000 pid=3490 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=41657774-1800-0000-fa5a-c2aba20d0000 pid=3490 execve guuid=b0a5c674-1800-0000-fa5a-c2aba40d0000 pid=3492 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=b0a5c674-1800-0000-fa5a-c2aba40d0000 pid=3492 clone guuid=2010cc74-1800-0000-fa5a-c2aba50d0000 pid=3493 /usr/bin/curl net send-data guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=2010cc74-1800-0000-fa5a-c2aba50d0000 pid=3493 execve guuid=b9dbc579-1800-0000-fa5a-c2abb40d0000 pid=3508 /usr/bin/chmod guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=b9dbc579-1800-0000-fa5a-c2abb40d0000 pid=3508 execve guuid=d721247a-1800-0000-fa5a-c2abb90d0000 pid=3513 /usr/bin/dash guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=d721247a-1800-0000-fa5a-c2abb90d0000 pid=3513 clone guuid=96d9337a-1800-0000-fa5a-c2abba0d0000 pid=3514 /usr/bin/rm delete-file guuid=20295d2e-1800-0000-fa5a-c2abe90c0000 pid=3305->guuid=96d9337a-1800-0000-fa5a-c2abba0d0000 pid=3514 execve f2b0adff-3c28-5b5a-8344-605c6057838c 196.251.116.34:80 guuid=afdc912e-1800-0000-fa5a-c2abeb0c0000 pid=3307->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B guuid=a029d439-1800-0000-fa5a-c2abf60c0000 pid=3318->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=c5807641-1800-0000-fa5a-c2ab050d0000 pid=3333->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=bfe75047-1800-0000-fa5a-c2ab160d0000 pid=3350->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=a380434d-1800-0000-fa5a-c2ab280d0000 pid=3368->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=5328fc54-1800-0000-fa5a-c2ab3b0d0000 pid=3387->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=aab0645a-1800-0000-fa5a-c2ab460d0000 pid=3398->f2b0adff-3c28-5b5a-8344-605c6057838c send: 96B guuid=bac16961-1800-0000-fa5a-c2ab5c0d0000 pid=3420->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B guuid=1a3a3966-1800-0000-fa5a-c2ab6e0d0000 pid=3438->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B guuid=e90bc06b-1800-0000-fa5a-c2ab830d0000 pid=3459->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B guuid=71afa570-1800-0000-fa5a-c2ab940d0000 pid=3476->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B guuid=2010cc74-1800-0000-fa5a-c2aba50d0000 pid=3493->f2b0adff-3c28-5b5a-8344-605c6057838c send: 98B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-07-26 05:44:10 UTC
File Type:
Text (Shell)
AV detection:
11 of 22 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmdy6g2z7nzinyzbnuhdaqwrwroqjjcfk23tarcyns2bnxtpqata._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250726-ge76faxxf1/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies registry class
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2b078f1b59fb7286e3216d0e3042d1b45d04a44556b73044586cb416de6f8026

(this sample)

Mirai

elf a42ab170b748e8b31ef24765f20d06b52dc60c3947f03fbbce7b552646b68d09

Mirai

elf 4e961ef5d8f7785e80d7b3a0724867290f3b1915f6c18e29161fa13bc2847308

  
URLhaus
https://urlhaus.abuse.ch/url/3586702/
  
Delivery method
Distributed via web download
  
Dropping
MD5 913e733dbaf290a9eabc35c6469c4e9c
  
Dropping
SHA256 4e961ef5d8f7785e80d7b3a0724867290f3b1915f6c18e29161fa13bc2847308

Comments