MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80
SHA3-384 hash: c1ba8a30c9325da3c042f2c8787dfe450f4717f0c5c9e9e93dcf691661b994840baa5a57c2bebc882243a11459cf6f08
SHA1 hash: 0d65df791f768a3cf32f11362b8817b99f93f36b
MD5 hash: c922de0efb612a12f20b0c9d9ccd7503
humanhash: beer-lemon-ten-network
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:960 bytes
First seen:2026-01-10 18:47:10 UTC
Last seen:2026-01-11 21:58:02 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3UUfwxUUPxUU1kxUUDc+HxUUAAAxUUEAxUUuOsxUUAjCxUUApxUUE1ZxUU+/ph:3J3Rp2q0/ZAytBiexn
TLSH T1761133AC91F56547D73C5E09F0AE92589885D6C53EF7CE50E42C1CB258871017065F67
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/armv4l6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954 Miraielf mirai ua-wget
http://158.94.208.27/armv5lb9180c611ddf84ffbb1eedb68a12c188b684bc40867ab11e78738e417e07acaa Miraielf mirai ua-wget
http://158.94.208.27/armv6l758b1a7d6126ebf7a706f0db37fe92bddd6d8bec9cf18c7e8c68ce480f697ce6 Miraielf mirai ua-wget
http://158.94.208.27/armv7l9398f4ee9fbbd3a0545c1dad7f32828a54e63dee3d9429ede67cb9b0ea6ff304 Miraielf mirai ua-wget
http://158.94.208.27/i58637aa2c17037a3840080cf58523875ea9c690ed7151bdb93d8173ff4527d2c9f0 Miraielf mirai ua-wget
http://158.94.208.27/i686b914b60bd6ed779eeee07d42598e861352e3cbb8e2377d13920d95b9d78aef10 Miraielf mirai ua-wget
http://158.94.208.27/m68kb898eecac207321d32c8c9427b0ade7f408bab1b4db1292da972ab84a17d8b7e Miraielf mirai ua-wget
http://158.94.208.27/mips1cb169f9b7afe6d1169ea0cc5334cd86f2d9b4ad6992520d3ebebd9c5046a75f Miraielf mirai ua-wget
http://158.94.208.27/mipsel041a575f6849cb644373776a1e90252551a2a4305843b07b2b61d46007b42a13 Miraielf mirai ua-wget
http://158.94.208.27/powerpcc9758e8673f82badfaceb99df6f38b837e4b567f8e6aae5fd9c4b628540633dd Miraielf mirai ua-wget
http://158.94.208.27/powerpc-440fp021681aab424f1cb19bc0d332cd98b8816753355a91b51fb960c44ac3a78add4 Miraielf mirai ua-wget
http://158.94.208.27/sh42980a32ffc3407a8aa51b5600936f840a4041c1cb07c4f23a288e502ff91e2f9 Miraielf mirai ua-wget
http://158.94.208.27/sparc30efb0c3c09e70adc0c067a1109f8d81d9165859717f16f045fcd93dbc0ea664 Miraielf mirai ua-wget
http://158.94.208.27/x86_64b45624c3b4cf4ecc07e00097427b19dc0e0bc83e25e3afe50a5ce74e903aac76 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69629ec530368802bb7f6aae/reports/e0362366-78a3-413f-b815-8a1b9c9ba0e7/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-10T14:31:00Z UTC
Last seen:
2026-01-12T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9bd13c8f-3d83-4d69-bcfd-9a5193f87662
Behavior Graph:
Download SVG
%3 guuid=068b80fd-1900-0000-7f74-5e84500e0000 pid=3664 /usr/bin/sudo guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669 /tmp/sample.bin guuid=068b80fd-1900-0000-7f74-5e84500e0000 pid=3664->guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669 execve guuid=8eabdeff-1900-0000-7f74-5e84560e0000 pid=3670 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=8eabdeff-1900-0000-7f74-5e84560e0000 pid=3670 execve guuid=6269a515-1a00-0000-7f74-5e849f0e0000 pid=3743 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=6269a515-1a00-0000-7f74-5e849f0e0000 pid=3743 execve guuid=6d9ff815-1a00-0000-7f74-5e84a00e0000 pid=3744 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=6d9ff815-1a00-0000-7f74-5e84a00e0000 pid=3744 clone guuid=2fc61216-1a00-0000-7f74-5e84a20e0000 pid=3746 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=2fc61216-1a00-0000-7f74-5e84a20e0000 pid=3746 execve guuid=5849ad29-1a00-0000-7f74-5e84e20e0000 pid=3810 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=5849ad29-1a00-0000-7f74-5e84e20e0000 pid=3810 execve guuid=d3d93a2a-1a00-0000-7f74-5e84e40e0000 pid=3812 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=d3d93a2a-1a00-0000-7f74-5e84e40e0000 pid=3812 clone guuid=8ce64e2a-1a00-0000-7f74-5e84e50e0000 pid=3813 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=8ce64e2a-1a00-0000-7f74-5e84e50e0000 pid=3813 execve guuid=ce467a42-1a00-0000-7f74-5e842f0f0000 pid=3887 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=ce467a42-1a00-0000-7f74-5e842f0f0000 pid=3887 execve guuid=2615ea42-1a00-0000-7f74-5e84330f0000 pid=3891 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=2615ea42-1a00-0000-7f74-5e84330f0000 pid=3891 clone guuid=2693ff42-1a00-0000-7f74-5e84340f0000 pid=3892 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=2693ff42-1a00-0000-7f74-5e84340f0000 pid=3892 execve guuid=bfec9f54-1a00-0000-7f74-5e846c0f0000 pid=3948 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=bfec9f54-1a00-0000-7f74-5e846c0f0000 pid=3948 execve guuid=2ee6e654-1a00-0000-7f74-5e846e0f0000 pid=3950 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=2ee6e654-1a00-0000-7f74-5e846e0f0000 pid=3950 clone guuid=4a1df454-1a00-0000-7f74-5e846f0f0000 pid=3951 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=4a1df454-1a00-0000-7f74-5e846f0f0000 pid=3951 execve guuid=7db34866-1a00-0000-7f74-5e84960f0000 pid=3990 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=7db34866-1a00-0000-7f74-5e84960f0000 pid=3990 execve guuid=0d4ac766-1a00-0000-7f74-5e84970f0000 pid=3991 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=0d4ac766-1a00-0000-7f74-5e84970f0000 pid=3991 clone guuid=70a0e166-1a00-0000-7f74-5e84980f0000 pid=3992 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=70a0e166-1a00-0000-7f74-5e84980f0000 pid=3992 execve guuid=3ad9147a-1a00-0000-7f74-5e84cd0f0000 pid=4045 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=3ad9147a-1a00-0000-7f74-5e84cd0f0000 pid=4045 execve guuid=45935f7a-1a00-0000-7f74-5e84ce0f0000 pid=4046 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=45935f7a-1a00-0000-7f74-5e84ce0f0000 pid=4046 clone guuid=ed8d657a-1a00-0000-7f74-5e84cf0f0000 pid=4047 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=ed8d657a-1a00-0000-7f74-5e84cf0f0000 pid=4047 execve guuid=b9a3978b-1a00-0000-7f74-5e84fe0f0000 pid=4094 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=b9a3978b-1a00-0000-7f74-5e84fe0f0000 pid=4094 execve guuid=d37e118c-1a00-0000-7f74-5e8402100000 pid=4098 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=d37e118c-1a00-0000-7f74-5e8402100000 pid=4098 clone guuid=d38f2b8c-1a00-0000-7f74-5e8403100000 pid=4099 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=d38f2b8c-1a00-0000-7f74-5e8403100000 pid=4099 execve guuid=3dc81d9d-1a00-0000-7f74-5e843b100000 pid=4155 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=3dc81d9d-1a00-0000-7f74-5e843b100000 pid=4155 execve guuid=2ee1749d-1a00-0000-7f74-5e843d100000 pid=4157 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=2ee1749d-1a00-0000-7f74-5e843d100000 pid=4157 clone guuid=d88d869d-1a00-0000-7f74-5e843e100000 pid=4158 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=d88d869d-1a00-0000-7f74-5e843e100000 pid=4158 execve guuid=536d60af-1a00-0000-7f74-5e8465100000 pid=4197 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=536d60af-1a00-0000-7f74-5e8465100000 pid=4197 execve guuid=b65eedaf-1a00-0000-7f74-5e8468100000 pid=4200 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=b65eedaf-1a00-0000-7f74-5e8468100000 pid=4200 clone guuid=02ca05b0-1a00-0000-7f74-5e8469100000 pid=4201 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=02ca05b0-1a00-0000-7f74-5e8469100000 pid=4201 execve guuid=66c2e1c4-1a00-0000-7f74-5e84b6100000 pid=4278 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=66c2e1c4-1a00-0000-7f74-5e84b6100000 pid=4278 execve guuid=0cf342c5-1a00-0000-7f74-5e84ba100000 pid=4282 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=0cf342c5-1a00-0000-7f74-5e84ba100000 pid=4282 clone guuid=7afc4cc5-1a00-0000-7f74-5e84bc100000 pid=4284 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=7afc4cc5-1a00-0000-7f74-5e84bc100000 pid=4284 execve guuid=28354fd8-1a00-0000-7f74-5e84f1100000 pid=4337 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=28354fd8-1a00-0000-7f74-5e84f1100000 pid=4337 execve guuid=4fb7dbd8-1a00-0000-7f74-5e84f5100000 pid=4341 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=4fb7dbd8-1a00-0000-7f74-5e84f5100000 pid=4341 clone guuid=deeff3d8-1a00-0000-7f74-5e84f6100000 pid=4342 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=deeff3d8-1a00-0000-7f74-5e84f6100000 pid=4342 execve guuid=aaed91ea-1a00-0000-7f74-5e8428110000 pid=4392 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=aaed91ea-1a00-0000-7f74-5e8428110000 pid=4392 execve guuid=82a5f4ea-1a00-0000-7f74-5e8429110000 pid=4393 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=82a5f4ea-1a00-0000-7f74-5e8429110000 pid=4393 clone guuid=dcb602eb-1a00-0000-7f74-5e842a110000 pid=4394 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=dcb602eb-1a00-0000-7f74-5e842a110000 pid=4394 execve guuid=d92674ff-1a00-0000-7f74-5e846b110000 pid=4459 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=d92674ff-1a00-0000-7f74-5e846b110000 pid=4459 execve guuid=df20f7ff-1a00-0000-7f74-5e846d110000 pid=4461 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=df20f7ff-1a00-0000-7f74-5e846d110000 pid=4461 clone guuid=cefb0700-1b00-0000-7f74-5e846e110000 pid=4462 /usr/bin/curl net send-data guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=cefb0700-1b00-0000-7f74-5e846e110000 pid=4462 execve guuid=5c5e0a23-1b00-0000-7f74-5e84bf110000 pid=4543 /usr/bin/chmod guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=5c5e0a23-1b00-0000-7f74-5e84bf110000 pid=4543 execve guuid=43ea5f23-1b00-0000-7f74-5e84c0110000 pid=4544 /usr/bin/dash guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=43ea5f23-1b00-0000-7f74-5e84c0110000 pid=4544 clone guuid=6e698023-1b00-0000-7f74-5e84c1110000 pid=4545 /usr/bin/rm delete-file guuid=7f5595ff-1900-0000-7f74-5e84550e0000 pid=3669->guuid=6e698023-1b00-0000-7f74-5e84c1110000 pid=4545 execve b8c32f6f-e0ff-5b69-a443-652e84386a76 158.94.208.27:80 guuid=8eabdeff-1900-0000-7f74-5e84560e0000 pid=3670->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B guuid=2fc61216-1a00-0000-7f74-5e84a20e0000 pid=3746->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B guuid=8ce64e2a-1a00-0000-7f74-5e84e50e0000 pid=3813->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B guuid=2693ff42-1a00-0000-7f74-5e84340f0000 pid=3892->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B guuid=4a1df454-1a00-0000-7f74-5e846f0f0000 pid=3951->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=70a0e166-1a00-0000-7f74-5e84980f0000 pid=3992->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=ed8d657a-1a00-0000-7f74-5e84cf0f0000 pid=4047->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=d38f2b8c-1a00-0000-7f74-5e8403100000 pid=4099->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=d88d869d-1a00-0000-7f74-5e843e100000 pid=4158->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B guuid=02ca05b0-1a00-0000-7f74-5e8469100000 pid=4201->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 84B guuid=7afc4cc5-1a00-0000-7f74-5e84bc100000 pid=4284->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 90B guuid=deeff3d8-1a00-0000-7f74-5e84f6100000 pid=4342->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 80B guuid=dcb602eb-1a00-0000-7f74-5e842a110000 pid=4394->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=cefb0700-1b00-0000-7f74-5e846e110000 pid=4462->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80
Threat name:
Document-HTML.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-10 18:47:34 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4fytimohuj26gbac5z7pn466ulwwgef5dgwy4uq2zs4lxf7tsaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260110-xff2caaw4d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3f0b89a18e3d13af18201773f7b79ef5176b1885e8cd6c7290d665c5dcbf9c80

(this sample)

Mirai

elf 6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954

  
URLhaus
https://urlhaus.abuse.ch/url/3747929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 254c9606b9e52a6705c485f99eac565c
  
Dropping
SHA256 6c388fd0fb424d6c7eaf86abb617ff9bea68325989e3b9b7a0365e4ef6b62954
  
URLhaus
https://urlhaus.abuse.ch/url/3755879/

Comments