MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa
SHA3-384 hash: cb414ff2e8747a58776104129e27ecc202653288138b2558d972d7b129318d3af210158f47a2c85af81b46a5b53b70aa
SHA1 hash: 24bb43b78fa8f9e26f48c03a5ead795026737c2d
MD5 hash: ca65063fe8ffdb35421cdc7f80315bce
humanhash: texas-cat-carolina-tennis
File name:cr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'065 bytes
First seen:2025-10-18 05:50:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3HAHwaNHuNIQhHzvKgHBTHlHCE1xHILHGTH0HGeHxoUn:3J3RNISKmLyloUn
TLSH T12F1167F90025510ABE00AF20B4DA94396CB3EAE2A03A9DF4D27FE42341DB9D47720E31
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.167/UnHAnaAW.armc7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507 Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm58f4cc08c2665eea2fbf8f6571d2003201845ca4d27eed4f66e55079fc7edd37d Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm6557c913d03aa64790ea3ca66c01684cbe17cece15e50539307ce6789dd3d9d4f Miraielf mirai
http://213.209.143.167/UnHAnaAW.arm7289d71e0d077e1473836ebbd89a69fcd646c9e860f16c2c63b7abf090d8a4a02 Miraielf mirai
http://213.209.143.167/UnHAnaAW.sh4fe5b60917c992253bdcc935a5a2dab13391cf63c45680e2c5bf5b52e0a9f18c3 Miraielf mirai
http://213.209.143.167/UnHAnaAW.ppcn/an/an/a
http://213.209.143.167/UnHAnaAW.mips625534a1125a9ab0c459a395907df84307b303345edf1c60cce1b3d4ebf47bd5 Miraielf mirai
http://213.209.143.167/UnHAnaAW.mpsl79822204c6f2bdccbfa228ba1c8b343fa927a425eb7a061a0c3b220f12181fd9 Miraielf mirai
http://213.209.143.167/UnHAnaAW.spcd01d9cb2aa57fef2752c753c62dfde895eead5a578f983fb265bf0d27fd066c1 Miraielf mirai
http://213.209.143.167/UnHAnaAW.x865c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf mirai
http://213.209.143.167/UnHAnaAW.x86_64n/an/an/a
http://213.209.143.167/UnHAnaAW.i586n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68f32b133a79800405e9b3d2/reports/bf483b80-b9df-4542-9c47-f0ea6be9a25f/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-18T03:09:00Z UTC
Last seen:
2025-10-18T03:32:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8a404ebb-455b-4dff-830b-66949f47a870
Behavior Graph:
Download SVG
%3 guuid=1b452bc2-1a00-0000-0442-d86a6e0b0000 pid=2926 /usr/bin/sudo guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928 /tmp/sample.bin guuid=1b452bc2-1a00-0000-0442-d86a6e0b0000 pid=2926->guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928 execve guuid=7ebb77c6-1a00-0000-0442-d86a710b0000 pid=2929 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=7ebb77c6-1a00-0000-0442-d86a710b0000 pid=2929 execve guuid=82e9f9d7-1a00-0000-0442-d86a860b0000 pid=2950 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=82e9f9d7-1a00-0000-0442-d86a860b0000 pid=2950 execve guuid=14a97ed8-1a00-0000-0442-d86a870b0000 pid=2951 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=14a97ed8-1a00-0000-0442-d86a870b0000 pid=2951 clone guuid=ac64b1d8-1a00-0000-0442-d86a880b0000 pid=2952 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=ac64b1d8-1a00-0000-0442-d86a880b0000 pid=2952 execve guuid=3cd7a2df-1a00-0000-0442-d86a930b0000 pid=2963 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=3cd7a2df-1a00-0000-0442-d86a930b0000 pid=2963 execve guuid=23ae26e0-1a00-0000-0442-d86a940b0000 pid=2964 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=23ae26e0-1a00-0000-0442-d86a940b0000 pid=2964 clone guuid=784a3ae0-1a00-0000-0442-d86a950b0000 pid=2965 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=784a3ae0-1a00-0000-0442-d86a950b0000 pid=2965 execve guuid=ef0ba8e6-1a00-0000-0442-d86aa20b0000 pid=2978 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=ef0ba8e6-1a00-0000-0442-d86aa20b0000 pid=2978 execve guuid=58ff2ee7-1a00-0000-0442-d86aa40b0000 pid=2980 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=58ff2ee7-1a00-0000-0442-d86aa40b0000 pid=2980 clone guuid=b4f54ee7-1a00-0000-0442-d86aa50b0000 pid=2981 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=b4f54ee7-1a00-0000-0442-d86aa50b0000 pid=2981 execve guuid=100ba9f3-1a00-0000-0442-d86abe0b0000 pid=3006 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=100ba9f3-1a00-0000-0442-d86abe0b0000 pid=3006 execve guuid=6b7512f4-1a00-0000-0442-d86ac00b0000 pid=3008 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=6b7512f4-1a00-0000-0442-d86ac00b0000 pid=3008 clone guuid=d70f20f4-1a00-0000-0442-d86ac10b0000 pid=3009 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=d70f20f4-1a00-0000-0442-d86ac10b0000 pid=3009 execve guuid=c947b1f9-1a00-0000-0442-d86ace0b0000 pid=3022 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=c947b1f9-1a00-0000-0442-d86ace0b0000 pid=3022 execve guuid=8c3718fa-1a00-0000-0442-d86ad00b0000 pid=3024 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=8c3718fa-1a00-0000-0442-d86ad00b0000 pid=3024 clone guuid=13a12afa-1a00-0000-0442-d86ad10b0000 pid=3025 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=13a12afa-1a00-0000-0442-d86ad10b0000 pid=3025 execve guuid=83af3600-1b00-0000-0442-d86adf0b0000 pid=3039 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=83af3600-1b00-0000-0442-d86adf0b0000 pid=3039 execve guuid=47bb7c00-1b00-0000-0442-d86ae00b0000 pid=3040 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=47bb7c00-1b00-0000-0442-d86ae00b0000 pid=3040 clone guuid=17eb8800-1b00-0000-0442-d86ae10b0000 pid=3041 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=17eb8800-1b00-0000-0442-d86ae10b0000 pid=3041 execve guuid=f0664d0d-1b00-0000-0442-d86a020c0000 pid=3074 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=f0664d0d-1b00-0000-0442-d86a020c0000 pid=3074 execve guuid=40ddec0d-1b00-0000-0442-d86a040c0000 pid=3076 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=40ddec0d-1b00-0000-0442-d86a040c0000 pid=3076 clone guuid=3c0dfa0d-1b00-0000-0442-d86a050c0000 pid=3077 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=3c0dfa0d-1b00-0000-0442-d86a050c0000 pid=3077 execve guuid=bdaff01d-1b00-0000-0442-d86a2e0c0000 pid=3118 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=bdaff01d-1b00-0000-0442-d86a2e0c0000 pid=3118 execve guuid=a78a3a1e-1b00-0000-0442-d86a300c0000 pid=3120 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=a78a3a1e-1b00-0000-0442-d86a300c0000 pid=3120 clone guuid=b31b4c1e-1b00-0000-0442-d86a310c0000 pid=3121 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=b31b4c1e-1b00-0000-0442-d86a310c0000 pid=3121 execve guuid=99d28b2a-1b00-0000-0442-d86a440c0000 pid=3140 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=99d28b2a-1b00-0000-0442-d86a440c0000 pid=3140 execve guuid=b54fcd2a-1b00-0000-0442-d86a460c0000 pid=3142 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=b54fcd2a-1b00-0000-0442-d86a460c0000 pid=3142 clone guuid=9247d62a-1b00-0000-0442-d86a470c0000 pid=3143 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=9247d62a-1b00-0000-0442-d86a470c0000 pid=3143 execve guuid=281fcf34-1b00-0000-0442-d86a660c0000 pid=3174 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=281fcf34-1b00-0000-0442-d86a660c0000 pid=3174 execve guuid=90782635-1b00-0000-0442-d86a670c0000 pid=3175 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=90782635-1b00-0000-0442-d86a670c0000 pid=3175 clone guuid=85cf3e35-1b00-0000-0442-d86a680c0000 pid=3176 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=85cf3e35-1b00-0000-0442-d86a680c0000 pid=3176 execve guuid=52ed4b3b-1b00-0000-0442-d86a770c0000 pid=3191 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=52ed4b3b-1b00-0000-0442-d86a770c0000 pid=3191 execve guuid=e215913b-1b00-0000-0442-d86a780c0000 pid=3192 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=e215913b-1b00-0000-0442-d86a780c0000 pid=3192 clone guuid=ebb5a53b-1b00-0000-0442-d86a7a0c0000 pid=3194 /usr/bin/curl net send-data guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=ebb5a53b-1b00-0000-0442-d86a7a0c0000 pid=3194 execve guuid=a9717e44-1b00-0000-0442-d86a860c0000 pid=3206 /usr/bin/chmod guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=a9717e44-1b00-0000-0442-d86a860c0000 pid=3206 execve guuid=3c4f0345-1b00-0000-0442-d86a870c0000 pid=3207 /usr/bin/dash guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=3c4f0345-1b00-0000-0442-d86a870c0000 pid=3207 clone guuid=23781745-1b00-0000-0442-d86a880c0000 pid=3208 /usr/bin/rm delete-file guuid=823bebc5-1a00-0000-0442-d86a700b0000 pid=2928->guuid=23781745-1b00-0000-0442-d86a880c0000 pid=3208 execve 3194d43e-e69b-5f2b-9e54-ed7596f96757 213.209.143.167:80 guuid=7ebb77c6-1a00-0000-0442-d86a710b0000 pid=2929->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 91B guuid=ac64b1d8-1a00-0000-0442-d86a880b0000 pid=2952->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B guuid=784a3ae0-1a00-0000-0442-d86a950b0000 pid=2965->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B guuid=b4f54ee7-1a00-0000-0442-d86aa50b0000 pid=2981->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B guuid=d70f20f4-1a00-0000-0442-d86ac10b0000 pid=3009->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 91B guuid=13a12afa-1a00-0000-0442-d86ad10b0000 pid=3025->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 91B guuid=17eb8800-1b00-0000-0442-d86ae10b0000 pid=3041->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B guuid=3c0dfa0d-1b00-0000-0442-d86a050c0000 pid=3077->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B guuid=b31b4c1e-1b00-0000-0442-d86a310c0000 pid=3121->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 91B guuid=9247d62a-1b00-0000-0442-d86a470c0000 pid=3143->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 91B guuid=85cf3e35-1b00-0000-0442-d86a680c0000 pid=3176->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 94B guuid=ebb5a53b-1b00-0000-0442-d86a7a0c0000 pid=3194->3194d43e-e69b-5f2b-9e54-ed7596f96757 send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-17 23:17:37 UTC
File Type:
Text
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggh33fx4ri2qwoj3ttcelsswuc7f5ygps3obrpd2d4vnfpdfml5a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-glkcysxqcr/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 318fbd96fc8a350b393b9cc445ca56a0be5ee0cf96dc18bc7a1f2ad2bc6562fa

(this sample)

Mirai

elf c7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507

  
URLhaus
https://urlhaus.abuse.ch/url/3680523/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6a18d266d28f43a7a5b35b623e917365
  
Dropping
SHA256 c7c87d459cc5b520b3a46450a0fecf6d36d846994c1ea1b9c6cc8fceb772b507
  
URLhaus
https://urlhaus.abuse.ch/url/3639210/

Comments