MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706
SHA3-384 hash: 6adc2f44266e7fe2217631cc9abb41cddeac2a29e01ad457a50e8468fecd92c0c41c0cabf987ef01d6fd17cfe353d15f
SHA1 hash: 5a740814107c1c7f5ab685e5ab71bb392b8ef914
MD5 hash: 0c35f57774b505c076496b5d12bbc985
humanhash: golf-cola-juliet-fanta
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:421 bytes
First seen:2025-12-05 18:14:21 UTC
Last seen:2025-12-06 02:33:12 UTC
File type: sh
MIME type:text/plain
ssdeep 6:St5/nfiD/Ft5/pFGNIvLKaFt5/laLU+yAFt5/rHGLqFt5/wk2fbFt5/Mj0:Ahf8hSNITNhlaLBfhxhA7hMA
TLSH T1A6E0EDBE08AADF2BC1049E41A0692437A13797DB9772CA04BEC8B52679D89103233E56
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/splarm716363496c05fe7ba8373d58f349a1dc8d037ac665942ead0fec348dd9df7a500 Miraicensys elf mirai ua-wget
http://213.209.143.64/splarm62e8928cc1c43c7074aaf2e7863e4fd5243705477345f40df4c51beeec9022497 Miraielf mirai ua-wget
http://213.209.143.64/splarm574667b2147b1c66d8d72fa2ea8a92e8403617f2d8cdb26e17b30a5da51aa0d58 Miraielf mirai ua-wget
http://213.209.143.64/splarmb63742c8030b3522e94c94dc5f646ffc03fb813b16376ff2ac479c8b9f1e5ef9 Miraielf mirai ua-wget
http://213.209.143.64/splmips7057cc44a140433a4b662626a7bc81638ff06db4bbbcbf0d80fe11650a17a132 Miraielf mirai ua-wget
http://213.209.143.64/splmpsl2d7050a46a7f2cbf557a6b5e03b0ec750d8eff591c5eba7060307c063ab1e2e0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
23
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6933211cbba50eaf042365f1/reports/43672994-362d-4be5-8c49-048946d7c60f/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T17:46:00Z UTC
Last seen:
2025-12-06T02:00:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3f92ec55-65c8-40e4-b84e-46b12be445a7
Behavior Graph:
Download SVG
%3 guuid=772480f2-1900-0000-46e0-a7eb480e0000 pid=3656 /usr/bin/sudo guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660 /tmp/sample.bin guuid=772480f2-1900-0000-46e0-a7eb480e0000 pid=3656->guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660 execve guuid=852666f5-1900-0000-46e0-a7eb4d0e0000 pid=3661 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=852666f5-1900-0000-46e0-a7eb4d0e0000 pid=3661 execve guuid=7c092afc-1900-0000-46e0-a7eb570e0000 pid=3671 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=7c092afc-1900-0000-46e0-a7eb570e0000 pid=3671 execve guuid=b67c7afc-1900-0000-46e0-a7eb580e0000 pid=3672 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=b67c7afc-1900-0000-46e0-a7eb580e0000 pid=3672 clone guuid=f7fff6fd-1900-0000-46e0-a7eb600e0000 pid=3680 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=f7fff6fd-1900-0000-46e0-a7eb600e0000 pid=3680 execve guuid=a0982c03-1a00-0000-46e0-a7eb700e0000 pid=3696 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=a0982c03-1a00-0000-46e0-a7eb700e0000 pid=3696 execve guuid=1eab8603-1a00-0000-46e0-a7eb730e0000 pid=3699 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=1eab8603-1a00-0000-46e0-a7eb730e0000 pid=3699 clone guuid=1f692505-1a00-0000-46e0-a7eb7b0e0000 pid=3707 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=1f692505-1a00-0000-46e0-a7eb7b0e0000 pid=3707 execve guuid=04556309-1a00-0000-46e0-a7eb940e0000 pid=3732 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=04556309-1a00-0000-46e0-a7eb940e0000 pid=3732 execve guuid=d5839809-1a00-0000-46e0-a7eb950e0000 pid=3733 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=d5839809-1a00-0000-46e0-a7eb950e0000 pid=3733 clone guuid=f9d2ca0a-1a00-0000-46e0-a7eb9e0e0000 pid=3742 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=f9d2ca0a-1a00-0000-46e0-a7eb9e0e0000 pid=3742 execve guuid=1d75020f-1a00-0000-46e0-a7ebae0e0000 pid=3758 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=1d75020f-1a00-0000-46e0-a7ebae0e0000 pid=3758 execve guuid=e4f7400f-1a00-0000-46e0-a7ebb00e0000 pid=3760 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=e4f7400f-1a00-0000-46e0-a7ebb00e0000 pid=3760 clone guuid=d741c60f-1a00-0000-46e0-a7ebb40e0000 pid=3764 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=d741c60f-1a00-0000-46e0-a7ebb40e0000 pid=3764 execve guuid=84e17214-1a00-0000-46e0-a7ebc40e0000 pid=3780 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=84e17214-1a00-0000-46e0-a7ebc40e0000 pid=3780 execve guuid=6153a914-1a00-0000-46e0-a7ebca0e0000 pid=3786 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=6153a914-1a00-0000-46e0-a7ebca0e0000 pid=3786 clone guuid=f7d94f15-1a00-0000-46e0-a7ebcd0e0000 pid=3789 /usr/bin/wget net send-data write-file guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=f7d94f15-1a00-0000-46e0-a7ebcd0e0000 pid=3789 execve guuid=beebac19-1a00-0000-46e0-a7ebe50e0000 pid=3813 /usr/bin/chmod guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=beebac19-1a00-0000-46e0-a7ebe50e0000 pid=3813 execve guuid=81f8fe19-1a00-0000-46e0-a7ebe80e0000 pid=3816 /usr/bin/dash guuid=7efd19f5-1900-0000-46e0-a7eb4c0e0000 pid=3660->guuid=81f8fe19-1a00-0000-46e0-a7ebe80e0000 pid=3816 clone b3bc708e-8ccc-5219-9688-8bb7f25e7035 213.209.143.64:80 guuid=852666f5-1900-0000-46e0-a7eb4d0e0000 pid=3661->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=f7fff6fd-1900-0000-46e0-a7eb600e0000 pid=3680->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=1f692505-1a00-0000-46e0-a7eb7b0e0000 pid=3707->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=f9d2ca0a-1a00-0000-46e0-a7eb9e0e0000 pid=3742->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 135B guuid=d741c60f-1a00-0000-46e0-a7ebb40e0000 pid=3764->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=f7d94f15-1a00-0000-46e0-a7ebcd0e0000 pid=3789->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:17:27 UTC
File Type:
Text (Shell)
AV detection:
7 of 37 (18.92%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kz3po3gsdovyzhoiincgte4ha7u5rtzm6c4kywvqi7ytznany4da._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-ww4lxawqc1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5676f76cd21bab8c9dc8434469938707e9d8cf2cf0b8ac5ab047f13cb40dc706

(this sample)

Mirai

elf 4cb082a8c97e22c41d2bdace84f90f8ee158ddb0312f442bbe6f883516e3b640

  
URLhaus
https://urlhaus.abuse.ch/url/3726328/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726420/
  
Dropping
MD5 1821b583ce3dcdaaa872aabcff014bd1
  
Dropping
SHA256 4cb082a8c97e22c41d2bdace84f90f8ee158ddb0312f442bbe6f883516e3b640

Comments