MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58
SHA3-384 hash: e9a389e5445b6830363addf5ff070293d3e1a0907c8405bfd3a24b1e9b1a57c4d035b86802499a7df7ae501c86de9203
SHA1 hash: d5bbc007b496a0ecc480cb3989903823908f167a
MD5 hash: 79c92e0435c96085b5f5bb0c3f0e2644
humanhash: carolina-carpet-lemon-magazine
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'054 bytes
First seen:2026-02-08 19:59:22 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3CxObYxjIXRxxNI5ncx1rKD7xUpuxd+DxfspuxBCquxtukSxcxWxyvY7xTMuHR:0eIoXAExyNkyMVfMyIqyQkOu66Moux
TLSH T10F11A28D2251DE47DF0DAF0C7E55F50C6284E7F8F6A18A21E41B48BC679C2047067F2A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://151.242.30.234/bins/frost.armb2a35f23d4afec2b82af026ce82374c644d1f54abde53f90ba0655c07dc2141d Miraiarm elf geofenced mirai opendir ua-wget USA
http://151.242.30.234/bins/frost.arm5n/an/aelf ua-wget
http://151.242.30.234/bins/frost.arm6n/an/aelf ua-wget
http://151.242.30.234/bins/frost.arm7n/an/aelf ua-wget
http://151.242.30.234/bins/frost.m68k4865b07ecff6039735c9be81cd17db5ef8487030b3a25f2aca2f232b7767575c Miraielf geofenced m68k mirai opendir ua-wget USA
http://151.242.30.234/bins/frost.mips5344d45eaade42cf25c4855e075cdc29666ca24ff6d74da1db56d2147bbb65f1 Miraielf geofenced mips mirai opendir ua-wget USA
http://151.242.30.234/bins/frost.mpsln/an/aelf ua-wget
http://151.242.30.234/bins/frost.ppcn/an/aelf ua-wget
http://151.242.30.234/bins/frost.sh400fcbe218929b193ad814206774813bac8bd9fd17387074ec40aadedb36321b1 Miraielf geofenced mirai opendir SuperH ua-wget USA
http://151.242.30.234/bins/frost.spcn/an/aelf ua-wget
http://151.242.30.234/bins/frost.x86n/an/aelf ua-wget
http://151.242.30.234/bins/frost.x86_6484cc932737cb8c5342b3882adeefd075ed2fd21e66501a54c7febe47bc22528a Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/6988eb61930564ff3c92b59f/reports/0931b24f-57eb-4ced-9f40-d6b4e13f5a48/overview
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-08 20:00:57 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqlq6xsa6vk2wiyrw3xglkb5xbq6kwmpmpcqba3kibvcjgnvn5ma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260208-yq9bbahz7e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2c170f5e40f555ab2311b6ee65a83db861e5598f63c500836a406a2499b56f58

(this sample)

Mirai

elf b2a35f23d4afec2b82af026ce82374c644d1f54abde53f90ba0655c07dc2141d

  
URLhaus
https://urlhaus.abuse.ch/url/3774794/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ff9147931d4206a7f780538eb413dfc8
  
Dropping
SHA256 b2a35f23d4afec2b82af026ce82374c644d1f54abde53f90ba0655c07dc2141d

Comments