MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f
SHA3-384 hash: 099b546e70d98d714f043fd767f689a7d3351ef3f34b679323d694847f7294e4f39aac43463fbc1975147cf910046496
SHA1 hash: 6a7643f2eae059235cf472ce88f6bd5aecec1f51
MD5 hash: c6c7401c3683097152c1ad51fb827071
humanhash: quebec-whiskey-uniform-hot
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:681 bytes
First seen:2026-03-25 03:32:56 UTC
Last seen:2026-03-25 12:11:04 UTC
File type: sh
MIME type:text/plain
ssdeep 12:eJKjkCKjkJrjzKjrwjRUjRWjgHpjgHdLzjLgjb0LKVv:eUkJkJ/zerM6ogHNgHdLno2K1
TLSH T1150175D52AE53B53614BCF10FB6227CE510DA2FCA082CEE5A08D3D577C680C1AA9DB51
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.241.94/mips515fa150dd501477994d59e301e24a5bc61f121709f92a209ce2d5c4ff1c4f1e Miraielf gafgyt mips mirai ua-wget
http://91.92.241.94/mpsl54770cc6f92091ece1475548324fe4255f9c2b6002c4285fe34b7dc6f38575d0 Miraielf mips mirai ua-wget
http://91.92.241.94/arm45dc7e84871af255a0706465eee841ddeb13819d9b1555b6976e3f96d2591521e Miraiarm elf mirai ua-wget
http://91.92.241.94/arm5bf2f32cf70d2783d25d1df96f63a0bb00c6fd8cc12f55339c962e11f08326732 Miraiarm elf mirai ua-wget
http://91.92.241.94/arm7e4ad930449f130b22330db4edcdba4d3cc64f73b0fec860372992c0ea05e21d2 Miraiarm elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/69c35778256cd88a6aaf799d/reports/e1810447-f1cb-4b24-86e5-5c803c59333c/overview
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1a44e3e4-3fcb-44b2-bf11-92f7411253ba
Behavior Graph:
Download SVG
%3 guuid=5f89d380-1a00-0000-344a-5b28aa0a0000 pid=2730 /usr/bin/sudo guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735 /tmp/sample.bin guuid=5f89d380-1a00-0000-344a-5b28aa0a0000 pid=2730->guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735 execve guuid=ac303684-1a00-0000-344a-5b28b10a0000 pid=2737 /usr/bin/rm guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=ac303684-1a00-0000-344a-5b28b10a0000 pid=2737 execve guuid=52878884-1a00-0000-344a-5b28b30a0000 pid=2739 /usr/bin/curl net send-data write-file guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=52878884-1a00-0000-344a-5b28b30a0000 pid=2739 execve guuid=3275a597-1a00-0000-344a-5b28d00a0000 pid=2768 /usr/bin/chmod guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=3275a597-1a00-0000-344a-5b28d00a0000 pid=2768 execve guuid=11781398-1a00-0000-344a-5b28d10a0000 pid=2769 /usr/bin/dash guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=11781398-1a00-0000-344a-5b28d10a0000 pid=2769 clone guuid=a277f198-1a00-0000-344a-5b28d40a0000 pid=2772 /usr/bin/curl net send-data write-file guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=a277f198-1a00-0000-344a-5b28d40a0000 pid=2772 execve guuid=b15396a7-1a00-0000-344a-5b28f10a0000 pid=2801 /usr/bin/chmod guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=b15396a7-1a00-0000-344a-5b28f10a0000 pid=2801 execve guuid=1372f6a7-1a00-0000-344a-5b28f20a0000 pid=2802 /usr/bin/dash guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=1372f6a7-1a00-0000-344a-5b28f20a0000 pid=2802 clone guuid=024a96a8-1a00-0000-344a-5b28f60a0000 pid=2806 /usr/bin/curl net send-data write-file guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=024a96a8-1a00-0000-344a-5b28f60a0000 pid=2806 execve guuid=b7437bb6-1a00-0000-344a-5b280d0b0000 pid=2829 /usr/bin/chmod guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=b7437bb6-1a00-0000-344a-5b280d0b0000 pid=2829 execve guuid=75beddb6-1a00-0000-344a-5b28100b0000 pid=2832 /usr/bin/dash guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=75beddb6-1a00-0000-344a-5b28100b0000 pid=2832 clone guuid=8cf2d8b7-1a00-0000-344a-5b28120b0000 pid=2834 /usr/bin/curl net send-data write-file guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=8cf2d8b7-1a00-0000-344a-5b28120b0000 pid=2834 execve guuid=38c146c6-1a00-0000-344a-5b28290b0000 pid=2857 /usr/bin/chmod guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=38c146c6-1a00-0000-344a-5b28290b0000 pid=2857 execve guuid=4a21b9c6-1a00-0000-344a-5b282a0b0000 pid=2858 /usr/bin/dash guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=4a21b9c6-1a00-0000-344a-5b282a0b0000 pid=2858 clone guuid=8a41c2c7-1a00-0000-344a-5b28300b0000 pid=2864 /usr/bin/curl net send-data write-file guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=8a41c2c7-1a00-0000-344a-5b28300b0000 pid=2864 execve guuid=5d3a15d7-1a00-0000-344a-5b28520b0000 pid=2898 /usr/bin/chmod guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=5d3a15d7-1a00-0000-344a-5b28520b0000 pid=2898 execve guuid=13f855d7-1a00-0000-344a-5b28530b0000 pid=2899 /usr/bin/dash guuid=4b9edd83-1a00-0000-344a-5b28af0a0000 pid=2735->guuid=13f855d7-1a00-0000-344a-5b28530b0000 pid=2899 clone 59a44c65-0739-58c2-b090-c9afea904369 91.92.241.94:80 guuid=52878884-1a00-0000-344a-5b28b30a0000 pid=2739->59a44c65-0739-58c2-b090-c9afea904369 send: 80B guuid=a277f198-1a00-0000-344a-5b28d40a0000 pid=2772->59a44c65-0739-58c2-b090-c9afea904369 send: 80B guuid=024a96a8-1a00-0000-344a-5b28f60a0000 pid=2806->59a44c65-0739-58c2-b090-c9afea904369 send: 80B guuid=8cf2d8b7-1a00-0000-344a-5b28120b0000 pid=2834->59a44c65-0739-58c2-b090-c9afea904369 send: 80B guuid=8a41c2c7-1a00-0000-344a-5b28300b0000 pid=2864->59a44c65-0739-58c2-b090-c9afea904369 send: 80B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-03-25 03:33:31 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=grtc6amvvdpcur43bnc3tqx64tig4tbagvzuqo5xzqobqeuiuqpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260325-d386vsex4r/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 34662f0195a8de2a479b0b45b9c2fee4d06e4c203573483bb7cc1c181288a41f

(this sample)

Mirai

elf 515fa150dd501477994d59e301e24a5bc61f121709f92a209ce2d5c4ff1c4f1e

  
URLhaus
https://urlhaus.abuse.ch/url/3804522/
  
Delivery method
Distributed via web download
  
Dropping
MD5 454d1bcee0f66cb8d99065a8ae44b027
  
Dropping
SHA256 515fa150dd501477994d59e301e24a5bc61f121709f92a209ce2d5c4ff1c4f1e

Comments