MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577
SHA3-384 hash: 56931c56bdb4e31ab4252db39c87b2815ee68b7e611a9bf2768ae836b386c25e76e0c7781546c5b76344d7a27459e332
SHA1 hash: 4b60e847bdf1038cf82093a72c467aff23fceefe
MD5 hash: ff0b3257b4d92a8e34d0c780a02d4195
humanhash: thirteen-undress-summer-december
File name:w
Download: download sample
Signature Mirai
Create hunting rule
File size:1'122 bytes
First seen:2025-12-22 00:06:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:DfIkXI8mDNIiIItKKII8lISfIdv7jIvls7gIsOb0WJI0fn4747InNs:DfIkXID9IItRIRlISfIdv7jIvlHIZ0Wn
TLSH T142219BFE8FA1103A44E9897068654C24D80C9DF16C48CA98B95F0BBB7B8CA25FE15B5C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://5.255.103.171/sdxkzX_UXA229x.arm03102d2c210a07eb67ac99d90a57eed7f87681fa49eea3f69d36812088968ca7 Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.arm55879891986f59c8b383eceefa97ae332fb55c1ff1a7313f1f3b9d080a094c616 Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.arm65e1843ee80b0a0f47fe7c102882aecaf626b2c2c671f80f217b8fb5558cf4456 Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.arm74b00c9ff1eb55bd1ab7e067a274dc00a16fd07870f915cbc871e887f16d0277d Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.m68k2b84ee15e57c62eb1290ce93a70baa65f7bc397a5688db0eab69b93967c6de71 Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.mipse530b4adb8b1ffa561ed18c4ad5886a1daf860aec402ecf679fb8559fa2b4cdc Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.ppc1b1df35f15ce9734c51a5ee94460400efafd1523b4b3baea89ddb0cf86c970dc Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.sh47501f714f4c5c7ec1efc47ba26305c02859416ad276d01090665117a2183065b Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.spc67bcae85e624585fa0b682425eaeb84323b1a3222c27aa1fdb46b69e09bbcc3b Miraimirai opendir
http://5.255.103.171/sdxkzX_UXA229x.x869b2a851f233972d421481a79d7be7ac7ee45288b0599ecdb62a6a6f203f44d84 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6948e8bee126b9ff438baa7e/reports/b5544062-7825-49ca-9134-ff5236e5e401/overview
Verdict:
Malicious
Labled as:
Linux.Downloader.F.Generic
Link:
https://www.hybrid-analysis.com/sample/2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T22:51:00Z UTC
Last seen:
2025-12-21T23:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fd19d2b4-19bb-4313-acd8-4823fbe2b827
Behavior Graph:
Download SVG
%3 guuid=3d8786f5-1800-0000-dcfc-fa5bc20c0000 pid=3266 /usr/bin/sudo guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272 /tmp/sample.bin guuid=3d8786f5-1800-0000-dcfc-fa5bc20c0000 pid=3266->guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272 execve guuid=aea367f7-1800-0000-dcfc-fa5bc90c0000 pid=3273 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=aea367f7-1800-0000-dcfc-fa5bc90c0000 pid=3273 execve guuid=791713fb-1800-0000-dcfc-fa5bd30c0000 pid=3283 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=791713fb-1800-0000-dcfc-fa5bd30c0000 pid=3283 execve guuid=ffc374fb-1800-0000-dcfc-fa5bd60c0000 pid=3286 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=ffc374fb-1800-0000-dcfc-fa5bd60c0000 pid=3286 clone guuid=fe813afd-1800-0000-dcfc-fa5bdb0c0000 pid=3291 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=fe813afd-1800-0000-dcfc-fa5bdb0c0000 pid=3291 execve guuid=361d4900-1900-0000-dcfc-fa5be30c0000 pid=3299 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=361d4900-1900-0000-dcfc-fa5be30c0000 pid=3299 execve guuid=62ee8c00-1900-0000-dcfc-fa5be50c0000 pid=3301 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=62ee8c00-1900-0000-dcfc-fa5be50c0000 pid=3301 clone guuid=aab6b601-1900-0000-dcfc-fa5bea0c0000 pid=3306 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=aab6b601-1900-0000-dcfc-fa5bea0c0000 pid=3306 execve guuid=8c3b5e14-1900-0000-dcfc-fa5b050d0000 pid=3333 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=8c3b5e14-1900-0000-dcfc-fa5b050d0000 pid=3333 execve guuid=ff36cd14-1900-0000-dcfc-fa5b060d0000 pid=3334 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=ff36cd14-1900-0000-dcfc-fa5b060d0000 pid=3334 clone guuid=5011ba15-1900-0000-dcfc-fa5b080d0000 pid=3336 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=5011ba15-1900-0000-dcfc-fa5b080d0000 pid=3336 execve guuid=1ee8121b-1900-0000-dcfc-fa5b090d0000 pid=3337 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=1ee8121b-1900-0000-dcfc-fa5b090d0000 pid=3337 execve guuid=f1f3661b-1900-0000-dcfc-fa5b0a0d0000 pid=3338 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=f1f3661b-1900-0000-dcfc-fa5b0a0d0000 pid=3338 clone guuid=169a1a1c-1900-0000-dcfc-fa5b0d0d0000 pid=3341 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=169a1a1c-1900-0000-dcfc-fa5b0d0d0000 pid=3341 execve guuid=37828420-1900-0000-dcfc-fa5b170d0000 pid=3351 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=37828420-1900-0000-dcfc-fa5b170d0000 pid=3351 execve guuid=308fb820-1900-0000-dcfc-fa5b190d0000 pid=3353 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=308fb820-1900-0000-dcfc-fa5b190d0000 pid=3353 clone guuid=5e8e3621-1900-0000-dcfc-fa5b1c0d0000 pid=3356 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=5e8e3621-1900-0000-dcfc-fa5b1c0d0000 pid=3356 execve guuid=988d5426-1900-0000-dcfc-fa5b2a0d0000 pid=3370 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=988d5426-1900-0000-dcfc-fa5b2a0d0000 pid=3370 execve guuid=26db0e27-1900-0000-dcfc-fa5b2c0d0000 pid=3372 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=26db0e27-1900-0000-dcfc-fa5b2c0d0000 pid=3372 clone guuid=ab57fe28-1900-0000-dcfc-fa5b320d0000 pid=3378 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=ab57fe28-1900-0000-dcfc-fa5b320d0000 pid=3378 execve guuid=25acd52c-1900-0000-dcfc-fa5b3b0d0000 pid=3387 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=25acd52c-1900-0000-dcfc-fa5b3b0d0000 pid=3387 execve guuid=e13c5f2d-1900-0000-dcfc-fa5b3e0d0000 pid=3390 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=e13c5f2d-1900-0000-dcfc-fa5b3e0d0000 pid=3390 clone guuid=c16ee22d-1900-0000-dcfc-fa5b420d0000 pid=3394 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=c16ee22d-1900-0000-dcfc-fa5b420d0000 pid=3394 execve guuid=f4b7ae31-1900-0000-dcfc-fa5b4a0d0000 pid=3402 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=f4b7ae31-1900-0000-dcfc-fa5b4a0d0000 pid=3402 execve guuid=53950432-1900-0000-dcfc-fa5b4c0d0000 pid=3404 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=53950432-1900-0000-dcfc-fa5b4c0d0000 pid=3404 clone guuid=6c4fcd32-1900-0000-dcfc-fa5b500d0000 pid=3408 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=6c4fcd32-1900-0000-dcfc-fa5b500d0000 pid=3408 execve guuid=f66cbb36-1900-0000-dcfc-fa5b5c0d0000 pid=3420 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=f66cbb36-1900-0000-dcfc-fa5b5c0d0000 pid=3420 execve guuid=5125fa36-1900-0000-dcfc-fa5b5d0d0000 pid=3421 /usr/bin/dash guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=5125fa36-1900-0000-dcfc-fa5b5d0d0000 pid=3421 clone guuid=074e1738-1900-0000-dcfc-fa5b5f0d0000 pid=3423 /usr/bin/busybox net send-data write-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=074e1738-1900-0000-dcfc-fa5b5f0d0000 pid=3423 execve guuid=16f02f3c-1900-0000-dcfc-fa5b690d0000 pid=3433 /usr/bin/chmod guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=16f02f3c-1900-0000-dcfc-fa5b690d0000 pid=3433 execve guuid=4c5a8a3c-1900-0000-dcfc-fa5b6b0d0000 pid=3435 /home/sandbox/sdxkzX_UXA229x.x86 delete-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=4c5a8a3c-1900-0000-dcfc-fa5b6b0d0000 pid=3435 execve guuid=2278c73c-1900-0000-dcfc-fa5b6d0d0000 pid=3437 /usr/bin/rm delete-file guuid=536c29f7-1800-0000-dcfc-fa5bc80c0000 pid=3272->guuid=2278c73c-1900-0000-dcfc-fa5b6d0d0000 pid=3437 execve 499968a9-0fa4-5adb-abbe-22bd4b86dc4d 5.255.103.171:80 guuid=aea367f7-1800-0000-dcfc-fa5bc90c0000 pid=3273->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 94B guuid=fe813afd-1800-0000-dcfc-fa5bdb0c0000 pid=3291->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 95B guuid=aab6b601-1900-0000-dcfc-fa5bea0c0000 pid=3306->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 95B guuid=5011ba15-1900-0000-dcfc-fa5b080d0000 pid=3336->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 95B guuid=169a1a1c-1900-0000-dcfc-fa5b0d0d0000 pid=3341->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 95B guuid=5e8e3621-1900-0000-dcfc-fa5b1c0d0000 pid=3356->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 95B guuid=ab57fe28-1900-0000-dcfc-fa5b320d0000 pid=3378->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 94B guuid=c16ee22d-1900-0000-dcfc-fa5b420d0000 pid=3394->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 94B guuid=6c4fcd32-1900-0000-dcfc-fa5b500d0000 pid=3408->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 94B guuid=074e1738-1900-0000-dcfc-fa5b5f0d0000 pid=3423->499968a9-0fa4-5adb-abbe-22bd4b86dc4d send: 94B guuid=dfffba3c-1900-0000-dcfc-fa5b6c0d0000 pid=3436 /home/sandbox/sdxkzX_UXA229x.x86 net send-data zombie guuid=4c5a8a3c-1900-0000-dcfc-fa5b6b0d0000 pid=3435->guuid=dfffba3c-1900-0000-dcfc-fa5b6c0d0000 pid=3436 clone 0c565469-e118-5e64-b250-02bc365c63ad 146.103.41.220:6669 guuid=dfffba3c-1900-0000-dcfc-fa5b6c0d0000 pid=3436->0c565469-e118-5e64-b250-02bc365c63ad send: 9B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=dfffba3c-1900-0000-dcfc-fa5b6c0d0000 pid=3436->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2161ca3c-1900-0000-dcfc-fa5b6f0d0000 pid=3439 /home/sandbox/sdxkzX_UXA229x.x86 guuid=dfffba3c-1900-0000-dcfc-fa5b6c0d0000 pid=3436->guuid=2161ca3c-1900-0000-dcfc-fa5b6f0d0000 pid=3439 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-22 00:18:26 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fsf6dzc4saika65pypxo4n44lkzcjk5ei7av3fghcpcfksepyv3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lpmdyaslcz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2c8be1e45c9010a07bafc3eeee379c5ab224aba447c15d94c713c455488fc577

(this sample)

Mirai

elf 03102d2c210a07eb67ac99d90a57eed7f87681fa49eea3f69d36812088968ca7

  
URLhaus
https://urlhaus.abuse.ch/url/3733513/
  
Delivery method
Distributed via web download
  
Dropping
MD5 929f8271895a193b93d5ac9c442591c7
  
Dropping
SHA256 03102d2c210a07eb67ac99d90a57eed7f87681fa49eea3f69d36812088968ca7

Comments