MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0
SHA3-384 hash: e21b227d86a2a7ff89d9dbe2b6b0c19c17b78272ef1bd0ffda2b106e80bc28f3c3220accb3699da580a765b98b67c24b
SHA1 hash: 95854081ac7e0861287a158ec6d0961e50c4baf4
MD5 hash: f9f7e9a7947a6750d2e9aa238abad7f5
humanhash: bakerloo-romeo-emma-nine
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'393 bytes
First seen:2025-07-19 18:15:21 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3rd6ENMdCdYV2f7dPdejGtdeABAoArd6unuauFd6uQ9uQkuQrd6u5uQu/d6uYI:hd0dCdYV2f7dPdejGtdeCX2dvuPFdvrq
TLSH T19F21018D4EAAD04B993C8F36F04BC3AC5A9E95C7B5F0AD61A09D4CF3544D700643AA67
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.32/HBTs/top1miku.arca6ead5ecc5a093af2dd8f9cd7b44db97a3077e888ed6fed6598a68ecad756df0 Miraielf mirai
http://196.251.66.32/HBTs/top1miku.i586ebac11af23f5d447139124bffa1c56429adf2132ea21eba3aed21ecad2423720 Miraielf mirai ua-wget x86
http://196.251.66.32/HBTs/top1miku.x86_64d98f7aaa9e2aa30f86d5f7c88bc2e895bee6adeebc6d87a904bd28e6f9e01810 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.i686386ed38648148fb805047a802ac6c25485bee146667b0a7f0940b388630a0285 Miraielf mirai
http://196.251.66.32/HBTs/top1miku.mipsa77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f Gafgytelf gafgyt mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mipsel2278610b46274d256bef90a582804de656311472aedbb00c1e61a7ce801468f9 Gafgytelf gafgyt mips ua-wget
http://196.251.66.32/HBTs/top1miku.armv4l61074be715c8549eedb1ff4e8f61f3b2ba72918f588b81f33cf285ce1cee3034 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv5lcff95b9961ac1757bcba78d775bf142fb4c9134327f823d63a6f26704be7805e Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv6l2b4fed8258475b2cb9a33688c0755df646c6473ddac66e7f2d27998f367778e6 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv7l4764a1efb1dda2cc50f294de2884f1a67b68acbcf6d3fdb168c26ae59b599028 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.powerpcbeaa0f74467ee44b441389fb674657e93bdb4080452567fb4f7874de7a3b783a Gafgytelf gafgyt PowerPC ua-wget
http://196.251.66.32/HBTs/top1miku.sparcn/an/aelf
http://196.251.66.32/HBTs/top1miku.m68keb6913d816c810b0846bc7bf8dd6a19152cf078b0e4ddac040eda89ae0de8ac1 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.sh4b3f1e7014dfba66c06190cfa803ea2dc947f59a0b6f437f3ec6f9263b34cb4a0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687be0cd8a7d628a81b7c840/reports/ee9632fa-b9df-4b4d-8796-c302ea70730b/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6074b7ee-7ddb-485d-8a28-a4c29c4bcb0e
Behavior Graph:
Download SVG
%3 guuid=371f8ea4-1a00-0000-c20c-e1b37e0b0000 pid=2942 /usr/bin/sudo guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947 /tmp/sample.bin guuid=371f8ea4-1a00-0000-c20c-e1b37e0b0000 pid=2942->guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947 execve guuid=1c0290a6-1a00-0000-c20c-e1b3850b0000 pid=2949 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=1c0290a6-1a00-0000-c20c-e1b3850b0000 pid=2949 execve guuid=7f6fd2b2-1a00-0000-c20c-e1b3980b0000 pid=2968 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=7f6fd2b2-1a00-0000-c20c-e1b3980b0000 pid=2968 execve guuid=902033b3-1a00-0000-c20c-e1b3990b0000 pid=2969 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=902033b3-1a00-0000-c20c-e1b3990b0000 pid=2969 clone guuid=835d41b3-1a00-0000-c20c-e1b39a0b0000 pid=2970 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=835d41b3-1a00-0000-c20c-e1b39a0b0000 pid=2970 execve guuid=b9dcd3bc-1a00-0000-c20c-e1b3af0b0000 pid=2991 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=b9dcd3bc-1a00-0000-c20c-e1b3af0b0000 pid=2991 execve guuid=1a3c4ebd-1a00-0000-c20c-e1b3b10b0000 pid=2993 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=1a3c4ebd-1a00-0000-c20c-e1b3b10b0000 pid=2993 clone guuid=de4d56bd-1a00-0000-c20c-e1b3b20b0000 pid=2994 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=de4d56bd-1a00-0000-c20c-e1b3b20b0000 pid=2994 execve guuid=2d0e35c4-1a00-0000-c20c-e1b3c40b0000 pid=3012 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=2d0e35c4-1a00-0000-c20c-e1b3c40b0000 pid=3012 execve guuid=045e70c4-1a00-0000-c20c-e1b3c50b0000 pid=3013 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=045e70c4-1a00-0000-c20c-e1b3c50b0000 pid=3013 clone guuid=c5447ac4-1a00-0000-c20c-e1b3c60b0000 pid=3014 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=c5447ac4-1a00-0000-c20c-e1b3c60b0000 pid=3014 execve guuid=145b72cc-1a00-0000-c20c-e1b3d40b0000 pid=3028 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=145b72cc-1a00-0000-c20c-e1b3d40b0000 pid=3028 execve guuid=16ede3cc-1a00-0000-c20c-e1b3d60b0000 pid=3030 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=16ede3cc-1a00-0000-c20c-e1b3d60b0000 pid=3030 clone guuid=1774f0cc-1a00-0000-c20c-e1b3d80b0000 pid=3032 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=1774f0cc-1a00-0000-c20c-e1b3d80b0000 pid=3032 execve guuid=af52d0d6-1a00-0000-c20c-e1b3f40b0000 pid=3060 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=af52d0d6-1a00-0000-c20c-e1b3f40b0000 pid=3060 execve guuid=19af12d7-1a00-0000-c20c-e1b3f60b0000 pid=3062 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=19af12d7-1a00-0000-c20c-e1b3f60b0000 pid=3062 clone guuid=ec2a31d7-1a00-0000-c20c-e1b3f80b0000 pid=3064 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=ec2a31d7-1a00-0000-c20c-e1b3f80b0000 pid=3064 execve guuid=8eb0e8de-1a00-0000-c20c-e1b3100c0000 pid=3088 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=8eb0e8de-1a00-0000-c20c-e1b3100c0000 pid=3088 execve guuid=169128df-1a00-0000-c20c-e1b3120c0000 pid=3090 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=169128df-1a00-0000-c20c-e1b3120c0000 pid=3090 clone guuid=672b31df-1a00-0000-c20c-e1b3130c0000 pid=3091 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=672b31df-1a00-0000-c20c-e1b3130c0000 pid=3091 execve guuid=bccc76e7-1a00-0000-c20c-e1b3260c0000 pid=3110 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=bccc76e7-1a00-0000-c20c-e1b3260c0000 pid=3110 execve guuid=97fbb3e7-1a00-0000-c20c-e1b3280c0000 pid=3112 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=97fbb3e7-1a00-0000-c20c-e1b3280c0000 pid=3112 clone guuid=3283bae7-1a00-0000-c20c-e1b3290c0000 pid=3113 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=3283bae7-1a00-0000-c20c-e1b3290c0000 pid=3113 execve guuid=96c29fee-1a00-0000-c20c-e1b33c0c0000 pid=3132 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=96c29fee-1a00-0000-c20c-e1b33c0c0000 pid=3132 execve guuid=a358d7ee-1a00-0000-c20c-e1b33e0c0000 pid=3134 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=a358d7ee-1a00-0000-c20c-e1b33e0c0000 pid=3134 clone guuid=142dddee-1a00-0000-c20c-e1b33f0c0000 pid=3135 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=142dddee-1a00-0000-c20c-e1b33f0c0000 pid=3135 execve guuid=6bf272f5-1a00-0000-c20c-e1b3530c0000 pid=3155 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=6bf272f5-1a00-0000-c20c-e1b3530c0000 pid=3155 execve guuid=80e9b4f5-1a00-0000-c20c-e1b3550c0000 pid=3157 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=80e9b4f5-1a00-0000-c20c-e1b3550c0000 pid=3157 clone guuid=f557bbf5-1a00-0000-c20c-e1b3560c0000 pid=3158 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=f557bbf5-1a00-0000-c20c-e1b3560c0000 pid=3158 execve guuid=e52e53fc-1a00-0000-c20c-e1b3680c0000 pid=3176 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=e52e53fc-1a00-0000-c20c-e1b3680c0000 pid=3176 execve guuid=2063c9fc-1a00-0000-c20c-e1b3690c0000 pid=3177 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=2063c9fc-1a00-0000-c20c-e1b3690c0000 pid=3177 clone guuid=f185d9fc-1a00-0000-c20c-e1b36b0c0000 pid=3179 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=f185d9fc-1a00-0000-c20c-e1b36b0c0000 pid=3179 execve guuid=86674404-1b00-0000-c20c-e1b3790c0000 pid=3193 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=86674404-1b00-0000-c20c-e1b3790c0000 pid=3193 execve guuid=1525a204-1b00-0000-c20c-e1b37c0c0000 pid=3196 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=1525a204-1b00-0000-c20c-e1b37c0c0000 pid=3196 clone guuid=7699b204-1b00-0000-c20c-e1b37d0c0000 pid=3197 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=7699b204-1b00-0000-c20c-e1b37d0c0000 pid=3197 execve guuid=7341e808-1b00-0000-c20c-e1b3890c0000 pid=3209 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=7341e808-1b00-0000-c20c-e1b3890c0000 pid=3209 execve guuid=3f566909-1b00-0000-c20c-e1b38a0c0000 pid=3210 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=3f566909-1b00-0000-c20c-e1b38a0c0000 pid=3210 clone guuid=72ce7709-1b00-0000-c20c-e1b38b0c0000 pid=3211 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=72ce7709-1b00-0000-c20c-e1b38b0c0000 pid=3211 execve guuid=f8eb4f16-1b00-0000-c20c-e1b38c0c0000 pid=3212 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=f8eb4f16-1b00-0000-c20c-e1b38c0c0000 pid=3212 execve guuid=65eb3617-1b00-0000-c20c-e1b38d0c0000 pid=3213 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=65eb3617-1b00-0000-c20c-e1b38d0c0000 pid=3213 clone guuid=d8cd5e17-1b00-0000-c20c-e1b38e0c0000 pid=3214 /usr/bin/curl net send-data guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=d8cd5e17-1b00-0000-c20c-e1b38e0c0000 pid=3214 execve guuid=2667561e-1b00-0000-c20c-e1b39d0c0000 pid=3229 /usr/bin/chmod guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=2667561e-1b00-0000-c20c-e1b39d0c0000 pid=3229 execve guuid=dd16a51e-1b00-0000-c20c-e1b39f0c0000 pid=3231 /usr/bin/dash guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=dd16a51e-1b00-0000-c20c-e1b39f0c0000 pid=3231 clone guuid=ec69b61e-1b00-0000-c20c-e1b3a00c0000 pid=3232 /usr/bin/rm delete-file guuid=5e3e57a6-1a00-0000-c20c-e1b3830b0000 pid=2947->guuid=ec69b61e-1b00-0000-c20c-e1b3a00c0000 pid=3232 execve b4463e29-c6ee-5341-9c75-3bf4da178e37 196.251.66.32:80 guuid=1c0290a6-1a00-0000-c20c-e1b3850b0000 pid=2949->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 94B guuid=835d41b3-1a00-0000-c20c-e1b39a0b0000 pid=2970->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 95B guuid=de4d56bd-1a00-0000-c20c-e1b3b20b0000 pid=2994->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=c5447ac4-1a00-0000-c20c-e1b3c60b0000 pid=3014->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 95B guuid=1774f0cc-1a00-0000-c20c-e1b3d80b0000 pid=3032->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 95B guuid=ec2a31d7-1a00-0000-c20c-e1b3f80b0000 pid=3064->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=672b31df-1a00-0000-c20c-e1b3130c0000 pid=3091->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=3283bae7-1a00-0000-c20c-e1b3290c0000 pid=3113->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=142dddee-1a00-0000-c20c-e1b33f0c0000 pid=3135->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=f557bbf5-1a00-0000-c20c-e1b3560c0000 pid=3158->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 97B guuid=f185d9fc-1a00-0000-c20c-e1b36b0c0000 pid=3179->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 98B guuid=7699b204-1b00-0000-c20c-e1b37d0c0000 pid=3197->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 96B guuid=72ce7709-1b00-0000-c20c-e1b38b0c0000 pid=3211->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 95B guuid=d8cd5e17-1b00-0000-c20c-e1b38e0c0000 pid=3214->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 94B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0/
Verdict:
Malicious
Threat:
Downloader.Bash/Bashdlod
Link:
https://tip.neiki.dev/file/3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0
Threat name:
Document-HTML.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-19 18:15:35 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hs7fxa25462uiecozrel5ut4o3etdsfodyp34h3pp6zklyzv5kqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250719-wv7l6sytfv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3cbe5b835de7b544104ecc48bed27c76c931c8ae1e1fbe1f6f7fb2a5e335eaa0

(this sample)

Mirai

elf a6ead5ecc5a093af2dd8f9cd7b44db97a3077e888ed6fed6598a68ecad756df0

  
URLhaus
https://urlhaus.abuse.ch/url/3579514/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b578ed98a64b1204065a8ff7d2ece4fb
  
Dropping
SHA256 a6ead5ecc5a093af2dd8f9cd7b44db97a3077e888ed6fed6598a68ecad756df0

Comments