MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c27b5e45366cc70af89e5f00a6b8adad2cb842e6249f9649119b8afb87905d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 2c27b5e45366cc70af89e5f00a6b8adad2cb842e6249f9649119b8afb87905d5
SHA3-384 hash: 881728e6ce619afa0c8d3f0e80d3dea7f07eaa0bbc29cd3721c0e44b862c0d24ae24748fe486a07e4fce8bc62fe66bc2
SHA1 hash: 4939e5cffa5fd552d888522304363ecf0b97f016
MD5 hash: e342284fd3cd0c877437f3e1eca77d0f
humanhash: stairway-alanine-angel-missouri
File name:c.sh
Download: download sample
Signature Mirai
File size:826 bytes
First seen:2026-07-03 01:13:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3TQQehuNI7fOKQqqWZIUJs8tBDrKyYHR:FQQeh3fOxqqeIUWiDr1Yx
TLSH T178019ECF2795A2831A4CCD6CB46BC54C6A41EAC4F4B44D1AF358E8795EE63083056F76
Magika txt
Reporter abuse_ch
Tags:mirai sh

Intelligence


File Origin
# of uploads :
1
# of downloads :
59
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=cc1fa47d-1900-0000-2713-5d1f190f0000 pid=3865 /usr/bin/sudo guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878 /tmp/sample.bin guuid=cc1fa47d-1900-0000-2713-5d1f190f0000 pid=3865->guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878 execve guuid=86ee1780-1900-0000-2713-5d1f280f0000 pid=3880 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=86ee1780-1900-0000-2713-5d1f280f0000 pid=3880 execve guuid=f74eaa88-1900-0000-2713-5d1f460f0000 pid=3910 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=f74eaa88-1900-0000-2713-5d1f460f0000 pid=3910 execve guuid=ccc9f988-1900-0000-2713-5d1f470f0000 pid=3911 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=ccc9f988-1900-0000-2713-5d1f470f0000 pid=3911 clone guuid=231b0a89-1900-0000-2713-5d1f480f0000 pid=3912 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=231b0a89-1900-0000-2713-5d1f480f0000 pid=3912 execve guuid=2a52808e-1900-0000-2713-5d1f5a0f0000 pid=3930 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=2a52808e-1900-0000-2713-5d1f5a0f0000 pid=3930 execve guuid=8d1fd68e-1900-0000-2713-5d1f5c0f0000 pid=3932 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=8d1fd68e-1900-0000-2713-5d1f5c0f0000 pid=3932 clone guuid=69d4e08e-1900-0000-2713-5d1f5e0f0000 pid=3934 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=69d4e08e-1900-0000-2713-5d1f5e0f0000 pid=3934 execve guuid=4261ea97-1900-0000-2713-5d1f7e0f0000 pid=3966 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=4261ea97-1900-0000-2713-5d1f7e0f0000 pid=3966 execve guuid=63442b98-1900-0000-2713-5d1f820f0000 pid=3970 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=63442b98-1900-0000-2713-5d1f820f0000 pid=3970 clone guuid=ff784598-1900-0000-2713-5d1f830f0000 pid=3971 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=ff784598-1900-0000-2713-5d1f830f0000 pid=3971 execve guuid=f53fdb9d-1900-0000-2713-5d1f940f0000 pid=3988 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=f53fdb9d-1900-0000-2713-5d1f940f0000 pid=3988 execve guuid=d2c4369e-1900-0000-2713-5d1f950f0000 pid=3989 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=d2c4369e-1900-0000-2713-5d1f950f0000 pid=3989 clone guuid=cbf33f9e-1900-0000-2713-5d1f970f0000 pid=3991 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=cbf33f9e-1900-0000-2713-5d1f970f0000 pid=3991 execve guuid=24453da5-1900-0000-2713-5d1fad0f0000 pid=4013 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=24453da5-1900-0000-2713-5d1fad0f0000 pid=4013 execve guuid=901c80a5-1900-0000-2713-5d1faf0f0000 pid=4015 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=901c80a5-1900-0000-2713-5d1faf0f0000 pid=4015 clone guuid=89ac8ba5-1900-0000-2713-5d1fb00f0000 pid=4016 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=89ac8ba5-1900-0000-2713-5d1fb00f0000 pid=4016 execve guuid=f977f1ab-1900-0000-2713-5d1fc30f0000 pid=4035 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=f977f1ab-1900-0000-2713-5d1fc30f0000 pid=4035 execve guuid=b7d35aac-1900-0000-2713-5d1fc40f0000 pid=4036 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=b7d35aac-1900-0000-2713-5d1fc40f0000 pid=4036 clone guuid=a9876cac-1900-0000-2713-5d1fc60f0000 pid=4038 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=a9876cac-1900-0000-2713-5d1fc60f0000 pid=4038 execve guuid=d5e431b3-1900-0000-2713-5d1fdc0f0000 pid=4060 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=d5e431b3-1900-0000-2713-5d1fdc0f0000 pid=4060 execve guuid=cd928ab3-1900-0000-2713-5d1fde0f0000 pid=4062 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=cd928ab3-1900-0000-2713-5d1fde0f0000 pid=4062 clone guuid=92ec9bb3-1900-0000-2713-5d1fdf0f0000 pid=4063 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=92ec9bb3-1900-0000-2713-5d1fdf0f0000 pid=4063 execve guuid=abb2dfb9-1900-0000-2713-5d1ff40f0000 pid=4084 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=abb2dfb9-1900-0000-2713-5d1ff40f0000 pid=4084 execve guuid=83fa27ba-1900-0000-2713-5d1ff60f0000 pid=4086 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=83fa27ba-1900-0000-2713-5d1ff60f0000 pid=4086 clone guuid=465134ba-1900-0000-2713-5d1ff70f0000 pid=4087 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=465134ba-1900-0000-2713-5d1ff70f0000 pid=4087 execve guuid=3e47cdc4-1900-0000-2713-5d1f16100000 pid=4118 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=3e47cdc4-1900-0000-2713-5d1f16100000 pid=4118 execve guuid=897b28c5-1900-0000-2713-5d1f18100000 pid=4120 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=897b28c5-1900-0000-2713-5d1f18100000 pid=4120 clone guuid=36f432c5-1900-0000-2713-5d1f19100000 pid=4121 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=36f432c5-1900-0000-2713-5d1f19100000 pid=4121 execve guuid=ab9893cc-1900-0000-2713-5d1f31100000 pid=4145 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=ab9893cc-1900-0000-2713-5d1f31100000 pid=4145 execve guuid=8b71fdcc-1900-0000-2713-5d1f33100000 pid=4147 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=8b71fdcc-1900-0000-2713-5d1f33100000 pid=4147 clone guuid=900d0ecd-1900-0000-2713-5d1f34100000 pid=4148 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=900d0ecd-1900-0000-2713-5d1f34100000 pid=4148 execve guuid=1a6f81d3-1900-0000-2713-5d1f4c100000 pid=4172 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=1a6f81d3-1900-0000-2713-5d1f4c100000 pid=4172 execve guuid=40c4c1d3-1900-0000-2713-5d1f4d100000 pid=4173 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=40c4c1d3-1900-0000-2713-5d1f4d100000 pid=4173 clone guuid=64f8cfd3-1900-0000-2713-5d1f50100000 pid=4176 /usr/bin/curl net send-data guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=64f8cfd3-1900-0000-2713-5d1f50100000 pid=4176 execve guuid=1437cadc-1900-0000-2713-5d1f78100000 pid=4216 /usr/bin/chmod guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=1437cadc-1900-0000-2713-5d1f78100000 pid=4216 execve guuid=9b701cdd-1900-0000-2713-5d1f7c100000 pid=4220 /usr/bin/dash guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=9b701cdd-1900-0000-2713-5d1f7c100000 pid=4220 clone guuid=c33e31dd-1900-0000-2713-5d1f7d100000 pid=4221 /usr/bin/rm delete-file guuid=b6e5e17f-1900-0000-2713-5d1f260f0000 pid=3878->guuid=c33e31dd-1900-0000-2713-5d1f7d100000 pid=4221 execve 4df54c33-6c61-5e89-864b-33049e03647e 141.11.88.128:80 guuid=86ee1780-1900-0000-2713-5d1f280f0000 pid=3880->4df54c33-6c61-5e89-864b-33049e03647e send: 85B guuid=231b0a89-1900-0000-2713-5d1f480f0000 pid=3912->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=69d4e08e-1900-0000-2713-5d1f5e0f0000 pid=3934->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=ff784598-1900-0000-2713-5d1f830f0000 pid=3971->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=cbf33f9e-1900-0000-2713-5d1f970f0000 pid=3991->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=89ac8ba5-1900-0000-2713-5d1fb00f0000 pid=4016->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=a9876cac-1900-0000-2713-5d1fc60f0000 pid=4038->4df54c33-6c61-5e89-864b-33049e03647e send: 86B guuid=92ec9bb3-1900-0000-2713-5d1fdf0f0000 pid=4063->4df54c33-6c61-5e89-864b-33049e03647e send: 85B guuid=465134ba-1900-0000-2713-5d1ff70f0000 pid=4087->4df54c33-6c61-5e89-864b-33049e03647e send: 85B guuid=36f432c5-1900-0000-2713-5d1f19100000 pid=4121->4df54c33-6c61-5e89-864b-33049e03647e send: 85B guuid=900d0ecd-1900-0000-2713-5d1f34100000 pid=4148->4df54c33-6c61-5e89-864b-33049e03647e send: 85B guuid=64f8cfd3-1900-0000-2713-5d1f50100000 pid=4176->4df54c33-6c61-5e89-864b-33049e03647e send: 88B
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Threat name:
Linux.Worm.Mirai
Status:
Malicious
First seen:
2026-07-03 01:14:32 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2c27b5e45366cc70af89e5f00a6b8adad2cb842e6249f9649119b8afb87905d5

(this sample)

  
Delivery method
Distributed via web download

Comments