MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c
SHA3-384 hash: acc9dffd0984e24efca4a3ccd06b1acd96e2d8555e15d7477ffdda63d74b4dc2f1e8171bb84f9e01f64a530279c97223
SHA1 hash: ec82f4dece52fea8b53aa622362891c8e2836109
MD5 hash: d92ed30390b949e1b251a3309ef1e33b
humanhash: glucose-king-helium-sweet
File name:tbk
Download: download sample
Signature Mirai
Create hunting rule
File size:1'050 bytes
First seen:2025-09-08 16:34:37 UTC
Last seen:2025-09-09 00:04:30 UTC
File type: sh
MIME type:text/plain
ssdeep 24:IiScySSB0EKxExV7EyCConE0N1EXHE0lEzYKjEKNIym0ElnEIdEyhb:IiPybBKmx+yCCoE0NKXk0azYT6ClEICk
TLSH T1671136DE6C61A441840A7F4461B33734B811E1E123A0AF6DDED41D3687CDE30B2E9BD6
Magika javascript
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://109.205.213.5/resgod.x86b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b Miraielf mirai
http://109.205.213.5/resgod.spc6e0f15c3a92edea0104cd9050dea4f26e61ccccb0c04503c0574a0ea4c6d8c1a Miraielf mirai ua-wget
http://109.205.213.5/resgod.sh4d9c3bdbfc3930340483c07ff809d21b3a70c431b4e93b0938c010a90bd629538 Miraielf mirai
http://109.205.213.5/resgod.ppc79c1d9a2427318b5bfedc8040e8d3bdbd503892b3ad16c641b62886e03efa1f4 Miraielf mirai
http://109.205.213.5/resgod.mpslab2e398b9d039ff05a0e2361e7b8391e1957e0252efab1ff4a37efbadcdc8357 Miraielf mirai
http://109.205.213.5/resgod.mipsa829c07ba77c4fa8e2153e65e68b14ffa0fe8bfb5da8b0643ecd43ad63f20506 Miraielf mirai
http://109.205.213.5/resgod.m68kd062d1cf10cc8da9da71b159e7d7dcf62990cd6bcc32041ed8f7e4151621c6be Miraielf mirai ua-wget
http://109.205.213.5/resgod.arm7ab1a7156179e8ba66177bfe455a2a00e0bdec190e2dda53fe046518853d93a06 Miraielf mirai
http://109.205.213.5/resgod.arm646de942f38760912e646e5832eb6dbc8dc128b8f8e20b678de7e2e34c4ea1300 Miraielf mirai
http://109.205.213.5/resgod.arm5e89328219e412a061745f826ee6ad9be1a56ea91de224f3178a93b63375604b9 Miraielf mirai
http://109.205.213.5/resgod.arm6139cadea1690b3f429e693688a7c024b596d373d592ee6d2e7edb77bc436fe2 Miraielf mirai
http://109.205.213.5/resgod.arc3c1f47cb749115c78ccb72e75eb06e3a0b8f5ec68169c55b0bbf4674b9c35f7a Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c
Verdict:
Malicious
File Type:
text
First seen:
2025-09-08T13:51:00Z UTC
Last seen:
2025-09-08T13:51:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1ac0ba43-047f-420a-9e02-4bb7c9422779
Behavior Graph:
Download SVG
%3 guuid=b68b0247-1b00-0000-759a-f620050b0000 pid=2821 /usr/bin/sudo guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826 /tmp/sample.bin guuid=b68b0247-1b00-0000-759a-f620050b0000 pid=2821->guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826 execve guuid=92311749-1b00-0000-759a-f6200c0b0000 pid=2828 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=92311749-1b00-0000-759a-f6200c0b0000 pid=2828 execve guuid=96595e58-1b00-0000-759a-f6202b0b0000 pid=2859 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=96595e58-1b00-0000-759a-f6202b0b0000 pid=2859 execve guuid=9980f258-1b00-0000-759a-f6202d0b0000 pid=2861 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=9980f258-1b00-0000-759a-f6202d0b0000 pid=2861 clone guuid=6b64fb58-1b00-0000-759a-f6202e0b0000 pid=2862 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=6b64fb58-1b00-0000-759a-f6202e0b0000 pid=2862 execve guuid=1b808b64-1b00-0000-759a-f620500b0000 pid=2896 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=1b808b64-1b00-0000-759a-f620500b0000 pid=2896 execve guuid=624dcc64-1b00-0000-759a-f620520b0000 pid=2898 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=624dcc64-1b00-0000-759a-f620520b0000 pid=2898 clone guuid=e59de064-1b00-0000-759a-f620540b0000 pid=2900 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=e59de064-1b00-0000-759a-f620540b0000 pid=2900 execve guuid=be81866f-1b00-0000-759a-f6206a0b0000 pid=2922 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=be81866f-1b00-0000-759a-f6206a0b0000 pid=2922 execve guuid=4d340270-1b00-0000-759a-f6206b0b0000 pid=2923 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=4d340270-1b00-0000-759a-f6206b0b0000 pid=2923 clone guuid=f6591570-1b00-0000-759a-f6206c0b0000 pid=2924 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=f6591570-1b00-0000-759a-f6206c0b0000 pid=2924 execve guuid=86af037b-1b00-0000-759a-f6207a0b0000 pid=2938 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=86af037b-1b00-0000-759a-f6207a0b0000 pid=2938 execve guuid=296b627b-1b00-0000-759a-f6207c0b0000 pid=2940 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=296b627b-1b00-0000-759a-f6207c0b0000 pid=2940 clone guuid=e5d06d7b-1b00-0000-759a-f6207e0b0000 pid=2942 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=e5d06d7b-1b00-0000-759a-f6207e0b0000 pid=2942 execve guuid=c8343986-1b00-0000-759a-f620910b0000 pid=2961 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=c8343986-1b00-0000-759a-f620910b0000 pid=2961 execve guuid=8d8af786-1b00-0000-759a-f620920b0000 pid=2962 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=8d8af786-1b00-0000-759a-f620920b0000 pid=2962 clone guuid=84860c87-1b00-0000-759a-f620930b0000 pid=2963 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=84860c87-1b00-0000-759a-f620930b0000 pid=2963 execve guuid=03d13f93-1b00-0000-759a-f620a50b0000 pid=2981 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=03d13f93-1b00-0000-759a-f620a50b0000 pid=2981 execve guuid=bdd4ac93-1b00-0000-759a-f620a60b0000 pid=2982 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=bdd4ac93-1b00-0000-759a-f620a60b0000 pid=2982 clone guuid=c2c6b993-1b00-0000-759a-f620a70b0000 pid=2983 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=c2c6b993-1b00-0000-759a-f620a70b0000 pid=2983 execve guuid=6a8ce19e-1b00-0000-759a-f620b80b0000 pid=3000 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=6a8ce19e-1b00-0000-759a-f620b80b0000 pid=3000 execve guuid=8c5d1f9f-1b00-0000-759a-f620ba0b0000 pid=3002 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=8c5d1f9f-1b00-0000-759a-f620ba0b0000 pid=3002 clone guuid=a7e22c9f-1b00-0000-759a-f620bb0b0000 pid=3003 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=a7e22c9f-1b00-0000-759a-f620bb0b0000 pid=3003 execve guuid=7cbcc8aa-1b00-0000-759a-f620c80b0000 pid=3016 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=7cbcc8aa-1b00-0000-759a-f620c80b0000 pid=3016 execve guuid=aca814ab-1b00-0000-759a-f620c90b0000 pid=3017 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=aca814ab-1b00-0000-759a-f620c90b0000 pid=3017 clone guuid=6f5b23ab-1b00-0000-759a-f620ca0b0000 pid=3018 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=6f5b23ab-1b00-0000-759a-f620ca0b0000 pid=3018 execve guuid=c59ffeb5-1b00-0000-759a-f620e50b0000 pid=3045 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=c59ffeb5-1b00-0000-759a-f620e50b0000 pid=3045 execve guuid=33694db6-1b00-0000-759a-f620e70b0000 pid=3047 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=33694db6-1b00-0000-759a-f620e70b0000 pid=3047 clone guuid=0d7a5bb6-1b00-0000-759a-f620e80b0000 pid=3048 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=0d7a5bb6-1b00-0000-759a-f620e80b0000 pid=3048 execve guuid=17ee05c1-1b00-0000-759a-f620060c0000 pid=3078 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=17ee05c1-1b00-0000-759a-f620060c0000 pid=3078 execve guuid=077f50c1-1b00-0000-759a-f620070c0000 pid=3079 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=077f50c1-1b00-0000-759a-f620070c0000 pid=3079 clone guuid=ecb671c1-1b00-0000-759a-f620090c0000 pid=3081 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=ecb671c1-1b00-0000-759a-f620090c0000 pid=3081 execve guuid=22c029cc-1b00-0000-759a-f620280c0000 pid=3112 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=22c029cc-1b00-0000-759a-f620280c0000 pid=3112 execve guuid=749e6acc-1b00-0000-759a-f6202a0c0000 pid=3114 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=749e6acc-1b00-0000-759a-f6202a0c0000 pid=3114 clone guuid=95b572cc-1b00-0000-759a-f6202b0c0000 pid=3115 /usr/bin/wget net send-data guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=95b572cc-1b00-0000-759a-f6202b0c0000 pid=3115 execve guuid=646fb2d7-1b00-0000-759a-f620420c0000 pid=3138 /usr/bin/chmod guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=646fb2d7-1b00-0000-759a-f620420c0000 pid=3138 execve guuid=9c428ad8-1b00-0000-759a-f620450c0000 pid=3141 /usr/bin/dash guuid=3b91d148-1b00-0000-759a-f6200a0b0000 pid=2826->guuid=9c428ad8-1b00-0000-759a-f620450c0000 pid=3141 clone 9df19bce-d755-5940-91ff-d0e847757959 109.205.213.5:80 guuid=92311749-1b00-0000-759a-f6200c0b0000 pid=2828->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=6b64fb58-1b00-0000-759a-f6202e0b0000 pid=2862->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=e59de064-1b00-0000-759a-f620540b0000 pid=2900->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=f6591570-1b00-0000-759a-f6206c0b0000 pid=2924->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=e5d06d7b-1b00-0000-759a-f6207e0b0000 pid=2942->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=84860c87-1b00-0000-759a-f620930b0000 pid=2963->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=c2c6b993-1b00-0000-759a-f620a70b0000 pid=2983->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=a7e22c9f-1b00-0000-759a-f620bb0b0000 pid=3003->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=6f5b23ab-1b00-0000-759a-f620ca0b0000 pid=3018->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=0d7a5bb6-1b00-0000-759a-f620e80b0000 pid=3048->9df19bce-d755-5940-91ff-d0e847757959 send: 139B guuid=ecb671c1-1b00-0000-759a-f620090c0000 pid=3081->9df19bce-d755-5940-91ff-d0e847757959 send: 138B guuid=95b572cc-1b00-0000-759a-f6202b0c0000 pid=3115->9df19bce-d755-5940-91ff-d0e847757959 send: 138B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-08 17:14:10 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpwn7e2tj57k3mgacno52wg3cigt3bd2clkrer4e5iwxni2flboa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3becdf93534f7eadb0c0135ddd58db120d3d847a12d5124784ea2d76a345585c

(this sample)

Mirai

elf b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

  
URLhaus
https://urlhaus.abuse.ch/url/3620255/
  
Delivery method
Distributed via web download
  
Dropping
MD5 663e52546a0f5939ef042ca709302382
  
Dropping
SHA256 b0ff5d417b98975a78c034c4c9ed42cd68813c8c3415ea894b7687e06c10cf3b

Comments