MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306
SHA3-384 hash: 8dd990b202875e9365c87a55f509d9a06ae9d3f793a5e989c6a6d1fa677b131465df50a19d05633647bee95122bc2d2c
SHA1 hash: 8f0ecd9c0924b2b1ba130d3f8190ba427b4643a1
MD5 hash: 304d8d61bf11a07d021a671bd15809bd
humanhash: timing-stream-happy-cup
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'455 bytes
First seen:2025-12-21 14:59:00 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ewEBvw01CDBFBv60hN7YTtqBvTm30TAd1BvG0xVBlczibEByTvNAUs8AgOMtqBVV:dovw0+B7v60hGcvu0ULvG0Rlcp0KUsGO
TLSH T1923184C51C811B3FDEC8992777A2607D206828C63F3A2DD4E8DB5CD6B6947C2B71892D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/jklarm54d29b85aa239ea8df3412d49e727b28342ac5ac89ad4eb36b68ea34f7a104d5 Miraielf mirai
http://130.12.180.64/jklarm5f3d791ee79cea878f3e032c127fc38da0ff51b26932ebd376a98dbd9f0d74d5a Miraielf mirai ua-wget
http://130.12.180.64/jklarm693c45488ac8fd7eb5f944ff44505f04d3b67ab6554c31675cf6c478b89ac4cac Miraielf mirai ua-wget
http://130.12.180.64/jklarm7e16b97b4df6f3316c798b571ff21c0e70b59d3e43d46fa7704fcdc0cebcbe433 Miraielf mirai
http://130.12.180.64/jklm68kfb34871f216659fd07819b1827668836f3f28cd5f87d37953b0bfc2b3eeeb101 Miraielf mirai ua-wget
http://130.12.180.64/jklmips1a9cd08680adf2f14806a8268b6710cee2b18ac046c912be5fbee54fcaebcf80 Miraielf mirai ua-wget
http://130.12.180.64/jklmpslb8a2fbe4255f70fa8a7e800939101581f7ca09293eb98c3194a63b2ca8ff7cef Miraielf mirai ua-wget
http://130.12.180.64/jklppccb98fcb93f8aa6c784f730e4433363ad74611b324107d067efd717cc68eadc0b Miraielf mirai ua-wget
http://130.12.180.64/jklsh4222bb0584c2bc1b9aefe40923b50337f2e0c96f7e76a723e21fa7063f28de614 Miraielf mirai ua-wget
http://130.12.180.64/jklspc0e296b89ece175baab9df3b832d6c9a028f2d62a8fc51fcc9c3950688e143e18 Miraielf mirai ua-wget
http://130.12.180.64/jklx86749e4adaede0e7f973af5c72b2e612c67c705943930eb5a109d12baf61e12c77 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/69480b50e126b9ff438ace39/reports/7d91e0e5-3a01-4cf2-b39e-91e82054fa0e/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-21T12:13:00Z UTC
Last seen:
2025-12-22T14:45:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/16d1b2d7-abd6-4c09-826d-ebea099e67ad
Behavior Graph:
Download SVG
%3 guuid=d129c81b-1a00-0000-8303-04ef040b0000 pid=2820 /usr/bin/sudo guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827 /tmp/sample.bin guuid=d129c81b-1a00-0000-8303-04ef040b0000 pid=2820->guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827 execve guuid=ea81c220-1a00-0000-8303-04ef0d0b0000 pid=2829 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=ea81c220-1a00-0000-8303-04ef0d0b0000 pid=2829 execve guuid=3da43e21-1a00-0000-8303-04ef0e0b0000 pid=2830 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=3da43e21-1a00-0000-8303-04ef0e0b0000 pid=2830 execve guuid=8b35ae21-1a00-0000-8303-04ef100b0000 pid=2832 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=8b35ae21-1a00-0000-8303-04ef100b0000 pid=2832 clone guuid=5b5abd21-1a00-0000-8303-04ef110b0000 pid=2833 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=5b5abd21-1a00-0000-8303-04ef110b0000 pid=2833 execve guuid=dfe7ef21-1a00-0000-8303-04ef120b0000 pid=2834 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=dfe7ef21-1a00-0000-8303-04ef120b0000 pid=2834 execve guuid=873b2d22-1a00-0000-8303-04ef140b0000 pid=2836 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=873b2d22-1a00-0000-8303-04ef140b0000 pid=2836 execve guuid=5e4b6f22-1a00-0000-8303-04ef150b0000 pid=2837 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=5e4b6f22-1a00-0000-8303-04ef150b0000 pid=2837 clone guuid=642c8b22-1a00-0000-8303-04ef160b0000 pid=2838 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=642c8b22-1a00-0000-8303-04ef160b0000 pid=2838 execve guuid=d982c622-1a00-0000-8303-04ef180b0000 pid=2840 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=d982c622-1a00-0000-8303-04ef180b0000 pid=2840 execve guuid=b9d80f23-1a00-0000-8303-04ef190b0000 pid=2841 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=b9d80f23-1a00-0000-8303-04ef190b0000 pid=2841 execve guuid=a5444823-1a00-0000-8303-04ef1a0b0000 pid=2842 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=a5444823-1a00-0000-8303-04ef1a0b0000 pid=2842 clone guuid=58034f23-1a00-0000-8303-04ef1c0b0000 pid=2844 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=58034f23-1a00-0000-8303-04ef1c0b0000 pid=2844 execve guuid=02088a23-1a00-0000-8303-04ef1d0b0000 pid=2845 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=02088a23-1a00-0000-8303-04ef1d0b0000 pid=2845 execve guuid=0644d023-1a00-0000-8303-04ef1f0b0000 pid=2847 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=0644d023-1a00-0000-8303-04ef1f0b0000 pid=2847 execve guuid=03980324-1a00-0000-8303-04ef200b0000 pid=2848 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=03980324-1a00-0000-8303-04ef200b0000 pid=2848 clone guuid=b6d80f24-1a00-0000-8303-04ef210b0000 pid=2849 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=b6d80f24-1a00-0000-8303-04ef210b0000 pid=2849 execve guuid=51ed4924-1a00-0000-8303-04ef230b0000 pid=2851 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=51ed4924-1a00-0000-8303-04ef230b0000 pid=2851 execve guuid=15568124-1a00-0000-8303-04ef240b0000 pid=2852 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=15568124-1a00-0000-8303-04ef240b0000 pid=2852 execve guuid=6afdb524-1a00-0000-8303-04ef250b0000 pid=2853 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=6afdb524-1a00-0000-8303-04ef250b0000 pid=2853 clone guuid=be5bc824-1a00-0000-8303-04ef270b0000 pid=2855 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=be5bc824-1a00-0000-8303-04ef270b0000 pid=2855 execve guuid=baa80225-1a00-0000-8303-04ef280b0000 pid=2856 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=baa80225-1a00-0000-8303-04ef280b0000 pid=2856 execve guuid=2be73f25-1a00-0000-8303-04ef290b0000 pid=2857 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=2be73f25-1a00-0000-8303-04ef290b0000 pid=2857 execve guuid=e6247d25-1a00-0000-8303-04ef2a0b0000 pid=2858 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=e6247d25-1a00-0000-8303-04ef2a0b0000 pid=2858 clone guuid=0d668525-1a00-0000-8303-04ef2b0b0000 pid=2859 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=0d668525-1a00-0000-8303-04ef2b0b0000 pid=2859 execve guuid=b91ee625-1a00-0000-8303-04ef2d0b0000 pid=2861 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=b91ee625-1a00-0000-8303-04ef2d0b0000 pid=2861 execve guuid=dd5e2226-1a00-0000-8303-04ef2e0b0000 pid=2862 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=dd5e2226-1a00-0000-8303-04ef2e0b0000 pid=2862 execve guuid=d1655a26-1a00-0000-8303-04ef300b0000 pid=2864 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=d1655a26-1a00-0000-8303-04ef300b0000 pid=2864 clone guuid=71546b26-1a00-0000-8303-04ef310b0000 pid=2865 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=71546b26-1a00-0000-8303-04ef310b0000 pid=2865 execve guuid=5f139626-1a00-0000-8303-04ef330b0000 pid=2867 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=5f139626-1a00-0000-8303-04ef330b0000 pid=2867 execve guuid=2183ba26-1a00-0000-8303-04ef340b0000 pid=2868 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=2183ba26-1a00-0000-8303-04ef340b0000 pid=2868 execve guuid=7187e426-1a00-0000-8303-04ef350b0000 pid=2869 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=7187e426-1a00-0000-8303-04ef350b0000 pid=2869 clone guuid=26d2fd26-1a00-0000-8303-04ef370b0000 pid=2871 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=26d2fd26-1a00-0000-8303-04ef370b0000 pid=2871 execve guuid=58472627-1a00-0000-8303-04ef380b0000 pid=2872 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=58472627-1a00-0000-8303-04ef380b0000 pid=2872 execve guuid=90f85327-1a00-0000-8303-04ef390b0000 pid=2873 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=90f85327-1a00-0000-8303-04ef390b0000 pid=2873 execve guuid=34127c27-1a00-0000-8303-04ef3b0b0000 pid=2875 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=34127c27-1a00-0000-8303-04ef3b0b0000 pid=2875 clone guuid=ed2b8127-1a00-0000-8303-04ef3c0b0000 pid=2876 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=ed2b8127-1a00-0000-8303-04ef3c0b0000 pid=2876 execve guuid=2868af27-1a00-0000-8303-04ef3e0b0000 pid=2878 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=2868af27-1a00-0000-8303-04ef3e0b0000 pid=2878 execve guuid=a80ed727-1a00-0000-8303-04ef3f0b0000 pid=2879 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=a80ed727-1a00-0000-8303-04ef3f0b0000 pid=2879 execve guuid=d5e31128-1a00-0000-8303-04ef400b0000 pid=2880 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=d5e31128-1a00-0000-8303-04ef400b0000 pid=2880 clone guuid=c1fa1c28-1a00-0000-8303-04ef410b0000 pid=2881 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=c1fa1c28-1a00-0000-8303-04ef410b0000 pid=2881 execve guuid=bf654928-1a00-0000-8303-04ef430b0000 pid=2883 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=bf654928-1a00-0000-8303-04ef430b0000 pid=2883 execve guuid=89907528-1a00-0000-8303-04ef440b0000 pid=2884 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=89907528-1a00-0000-8303-04ef440b0000 pid=2884 execve guuid=8a65ba28-1a00-0000-8303-04ef450b0000 pid=2885 /usr/bin/dash guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=8a65ba28-1a00-0000-8303-04ef450b0000 pid=2885 clone guuid=66c7cc28-1a00-0000-8303-04ef460b0000 pid=2886 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=66c7cc28-1a00-0000-8303-04ef460b0000 pid=2886 execve guuid=daf8ff28-1a00-0000-8303-04ef470b0000 pid=2887 /usr/bin/busybox guuid=82632920-1a00-0000-8303-04ef0b0b0000 pid=2827->guuid=daf8ff28-1a00-0000-8303-04ef470b0000 pid=2887 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:00:35 UTC
File Type:
Text (Shell)
AV detection:
9 of 36 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fshss5ncl3vath7lrbtmxrvo5r7k4ebagdx3dv7alnkssf43mmda._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/251221-sc9f9swjfl/
Behaviour
System Network Configuration Discovery
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2c8f2975a25eea099feb8866cbc6aeec7eae102030efb1d7e05b5529179b6306

(this sample)

Mirai

elf 76cef13d393b6a2d6b81ce5ce644536b2d77edc858a36b5aa3c45645e90b47bb

  
URLhaus
https://urlhaus.abuse.ch/url/3739151/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3739321/
  
Dropping
MD5 8f11f9f73c29505741a10b393819721d
  
Dropping
SHA256 76cef13d393b6a2d6b81ce5ce644536b2d77edc858a36b5aa3c45645e90b47bb

Comments