MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c
SHA3-384 hash: 35821785821130045c309b5f541bc34ff91dd8684d0a385bfd521925d26f9f110fe21db1d7d1f46c1001140873194e2e
SHA1 hash: cc68f505425239d20211d9a529651a55e2cde91d
MD5 hash: b11839c0349133d3b7f1378317adebd2
humanhash: oranges-robin-east-early
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:692 bytes
First seen:2025-11-21 07:47:03 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3U6EKwpUq9ohU0FUIUjQUqYdTCUbSYLp1vGZr4OGtEOXj:3J3TuAUQodTCs/LnGZNGrXj
TLSH T19801D69A6212FFA3296CBD16B9A1468D008081CF6A7F8B88FC734A2CCCD174311D8726
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.250.247.152/arcn/an/aelf
http://160.250.247.152/arma8cf98b8e71e4800662e5fa1f73e8f730d51989379f7080e89eb439de1aee238 Mirai32-bit elf mirai Mozi
http://160.250.247.152/arm594d887bd9e17ef1d032b1ade397c8cdb06ad5bee97ee2acbea986815812e7833 Miraielf mirai
http://160.250.247.152/arm73dfeaec000f3ed10fcc5e73e4511c8fae039625abb7c3ad78bd0494b9e806248 Miraielf mirai
http://160.250.247.152/mips8ace4e3efde30f300d3c116b03ddf62b3ed8b289363f6cb97f441229b9765786 Mirai32-bit elf gafgyt mirai Mozi
http://160.250.247.152/mpsl1a7cc94fc56632039953e36a6c1deb26451416d9315e00ec0a930417fd443c2a Miraielf gafgyt
http://160.250.247.152/ppc86623fea2bd4b84059577d1af23790421a9a054f8021c3628f5f4e45feb292ef Miraielf mirai
http://160.250.247.152/sh41382e61009a959a78baad1ed49599c84509e99aad0f2b8aaf8aa34fecff6e61f Miraielf gafgyt

Intelligence

File Origin
# of uploads :
1
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/69201917eecb08e4aa430b74/reports/063f06ee-ca2c-4e76-a3ce-2f487e152247/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fd279566-84b2-4859-9a45-f9778fbd7cbc
Behavior Graph:
Download SVG
%3 guuid=8daa4520-1b00-0000-649a-204c200c0000 pid=3104 /usr/bin/sudo guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110 /tmp/sample.bin guuid=8daa4520-1b00-0000-649a-204c200c0000 pid=3104->guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110 execve guuid=ed946022-1b00-0000-649a-204c280c0000 pid=3112 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=ed946022-1b00-0000-649a-204c280c0000 pid=3112 execve guuid=0aa5696d-1b00-0000-649a-204c7a0c0000 pid=3194 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=0aa5696d-1b00-0000-649a-204c7a0c0000 pid=3194 execve guuid=6c39146e-1b00-0000-649a-204c7b0c0000 pid=3195 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=6c39146e-1b00-0000-649a-204c7b0c0000 pid=3195 clone guuid=e521db6e-1b00-0000-649a-204c7d0c0000 pid=3197 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=e521db6e-1b00-0000-649a-204c7d0c0000 pid=3197 execve guuid=15752f6f-1b00-0000-649a-204c7e0c0000 pid=3198 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=15752f6f-1b00-0000-649a-204c7e0c0000 pid=3198 execve guuid=e1916caa-1b00-0000-649a-204cc30c0000 pid=3267 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=e1916caa-1b00-0000-649a-204cc30c0000 pid=3267 execve guuid=6abac1aa-1b00-0000-649a-204cc40c0000 pid=3268 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=6abac1aa-1b00-0000-649a-204cc40c0000 pid=3268 clone guuid=b5b19dab-1b00-0000-649a-204cc60c0000 pid=3270 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=b5b19dab-1b00-0000-649a-204cc60c0000 pid=3270 execve guuid=ab1efdab-1b00-0000-649a-204cc70c0000 pid=3271 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=ab1efdab-1b00-0000-649a-204cc70c0000 pid=3271 execve guuid=9a29b5e8-1b00-0000-649a-204c3a0d0000 pid=3386 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=9a29b5e8-1b00-0000-649a-204c3a0d0000 pid=3386 execve guuid=1dae25e9-1b00-0000-649a-204c3d0d0000 pid=3389 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=1dae25e9-1b00-0000-649a-204c3d0d0000 pid=3389 clone guuid=b246e9e9-1b00-0000-649a-204c400d0000 pid=3392 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=b246e9e9-1b00-0000-649a-204c400d0000 pid=3392 execve guuid=8a483cea-1b00-0000-649a-204c410d0000 pid=3393 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=8a483cea-1b00-0000-649a-204c410d0000 pid=3393 execve guuid=c9deb52f-1c00-0000-649a-204cd70d0000 pid=3543 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=c9deb52f-1c00-0000-649a-204cd70d0000 pid=3543 execve guuid=92f83e30-1c00-0000-649a-204cd90d0000 pid=3545 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=92f83e30-1c00-0000-649a-204cd90d0000 pid=3545 clone guuid=bbeb1332-1c00-0000-649a-204cdf0d0000 pid=3551 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=bbeb1332-1c00-0000-649a-204cdf0d0000 pid=3551 execve guuid=561b6432-1c00-0000-649a-204ce00d0000 pid=3552 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=561b6432-1c00-0000-649a-204ce00d0000 pid=3552 execve guuid=3b71ec7e-1c00-0000-649a-204c730e0000 pid=3699 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=3b71ec7e-1c00-0000-649a-204c730e0000 pid=3699 execve guuid=5fe4397f-1c00-0000-649a-204c740e0000 pid=3700 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=5fe4397f-1c00-0000-649a-204c740e0000 pid=3700 clone guuid=8cfdc17f-1c00-0000-649a-204c790e0000 pid=3705 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=8cfdc17f-1c00-0000-649a-204c790e0000 pid=3705 execve guuid=32e21d80-1c00-0000-649a-204c7a0e0000 pid=3706 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=32e21d80-1c00-0000-649a-204c7a0e0000 pid=3706 execve guuid=4964a8d0-1c00-0000-649a-204c7e0f0000 pid=3966 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=4964a8d0-1c00-0000-649a-204c7e0f0000 pid=3966 execve guuid=c5bf0fd1-1c00-0000-649a-204c800f0000 pid=3968 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=c5bf0fd1-1c00-0000-649a-204c800f0000 pid=3968 clone guuid=cd1ef1d1-1c00-0000-649a-204c840f0000 pid=3972 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=cd1ef1d1-1c00-0000-649a-204c840f0000 pid=3972 execve guuid=8d0f65d2-1c00-0000-649a-204c860f0000 pid=3974 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=8d0f65d2-1c00-0000-649a-204c860f0000 pid=3974 execve guuid=a557b50f-1d00-0000-649a-204c47100000 pid=4167 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=a557b50f-1d00-0000-649a-204c47100000 pid=4167 execve guuid=c5356210-1d00-0000-649a-204c4d100000 pid=4173 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=c5356210-1d00-0000-649a-204c4d100000 pid=4173 clone guuid=0b2b4011-1d00-0000-649a-204c51100000 pid=4177 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=0b2b4011-1d00-0000-649a-204c51100000 pid=4177 execve guuid=981a7d11-1d00-0000-649a-204c53100000 pid=4179 /usr/bin/curl net send-data write-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=981a7d11-1d00-0000-649a-204c53100000 pid=4179 execve guuid=ff52e44e-1d00-0000-649a-204c1f110000 pid=4383 /usr/bin/chmod guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=ff52e44e-1d00-0000-649a-204c1f110000 pid=4383 execve guuid=9f7d214f-1d00-0000-649a-204c20110000 pid=4384 /usr/bin/dash guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=9f7d214f-1d00-0000-649a-204c20110000 pid=4384 clone guuid=e6dca04f-1d00-0000-649a-204c24110000 pid=4388 /usr/bin/rm delete-file guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=e6dca04f-1d00-0000-649a-204c24110000 pid=4388 execve guuid=373fe54f-1d00-0000-649a-204c25110000 pid=4389 /usr/bin/rm guuid=2fca1e22-1b00-0000-649a-204c260c0000 pid=3110->guuid=373fe54f-1d00-0000-649a-204c25110000 pid=4389 execve cce1270c-927c-521e-a92a-33aa51fd6daf 160.250.247.152:80 guuid=ed946022-1b00-0000-649a-204c280c0000 pid=3112->cce1270c-927c-521e-a92a-33aa51fd6daf send: 82B guuid=15752f6f-1b00-0000-649a-204c7e0c0000 pid=3198->cce1270c-927c-521e-a92a-33aa51fd6daf send: 82B guuid=ab1efdab-1b00-0000-649a-204cc70c0000 pid=3271->cce1270c-927c-521e-a92a-33aa51fd6daf send: 83B guuid=8a483cea-1b00-0000-649a-204c410d0000 pid=3393->cce1270c-927c-521e-a92a-33aa51fd6daf send: 83B guuid=561b6432-1c00-0000-649a-204ce00d0000 pid=3552->cce1270c-927c-521e-a92a-33aa51fd6daf send: 83B guuid=32e21d80-1c00-0000-649a-204c7a0e0000 pid=3706->cce1270c-927c-521e-a92a-33aa51fd6daf send: 83B guuid=8d0f65d2-1c00-0000-649a-204c860f0000 pid=3974->cce1270c-927c-521e-a92a-33aa51fd6daf send: 82B guuid=981a7d11-1d00-0000-649a-204c53100000 pid=4179->cce1270c-927c-521e-a92a-33aa51fd6daf send: 82B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 07:41:15 UTC
File Type:
Text (Shell)
AV detection:
5 of 36 (13.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqghumqp4x4miu2dn3fo6xwym366hekctrgsmauawyxjsdq73j6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-jmsf3aas6d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 340c7a320fe5f8c453436ecaef5ed866fde391429c4d260280b62e990e1fda7c

(this sample)

elf 3ca4cb5499ac164a6af42f3e852d4d804d0bd440739746567364c922d3be7b36

  
URLhaus
https://urlhaus.abuse.ch/url/3713337/
  
Delivery method
Distributed via web download
  
Dropping
MD5 44d165b56f291781a30063af41e2d014
  
Dropping
SHA256 3ca4cb5499ac164a6af42f3e852d4d804d0bd440739746567364c922d3be7b36

Comments