MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9
SHA3-384 hash: f74df3d30f007e144e3e27bfd48a6d2572f584a12ea5482d16b7bb6a7dea78ab9f82470f93e052ecb2d9127a5a6022ca
SHA1 hash: 805a2d8d8d1098a4e9aab8eb6781779ee5336ed7
MD5 hash: eba54b8635ec2e25c296a33f9b6bcb37
humanhash: diet-november-eleven-mobile
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:694 bytes
First seen:2026-02-16 12:00:00 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:bCj8dz0j8dzibGjZdzZljZdzZadJjRbdznjRbdzqjgHbdzyjgHbdz6hFGjUdzvgJ:b28dzY8dzibSZdzZxZdzZadt1dzj1dzH
TLSH T111015E9A2096AFF3219ADF04FA6677DD601A6EFC30400FA4D05F3C9A6F58241B905700
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://113.30.152.240/mips9eebcd36b43db42e9158f2fa7eba07457494a97b8d1cd110e69cc5c4d9681867 Miraielf mirai ua-wget
http://113.30.152.240/mpslff38c4c73fbe1c98624a3dba227f51f7c61d10e75a6e0c3ff36b8926a4edb30e Miraielf mirai ua-wget
http://113.30.152.240/arm488683bda10a8e51d73a72f596a3f05ed6b44aa1a56fc758db66cdc55fdbda4c4 Miraielf mirai ua-wget
http://113.30.152.240/arm57fbd8b70c4ec11802a8a4e9b857278bf81e4f57ad278f3309a87726f2b79fce6 Miraielf mirai ua-wget
http://113.30.152.240/arm71aef13d73030381aa47352985a403bb649d93020e2822fa5b7a3230a8f03c9cc Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 busybox mirai obfuscated
Link:
https://www.filescan.io/uploads/699306e1930564ff3ca37fa4/reports/04dcae61-e549-49dd-a21c-3e6f4a508979/overview
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/dd22192f-69d3-49e7-b16c-8729b6d64975
Behavior Graph:
Download SVG
%3 guuid=9080ca22-1700-0000-c663-d9a4c20c0000 pid=3266 /usr/bin/sudo guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272 /tmp/sample.bin guuid=9080ca22-1700-0000-c663-d9a4c20c0000 pid=3266->guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272 execve guuid=95558a25-1700-0000-c663-d9a4ca0c0000 pid=3274 /usr/bin/rm delete-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=95558a25-1700-0000-c663-d9a4ca0c0000 pid=3274 execve guuid=4bec2d26-1700-0000-c663-d9a4cd0c0000 pid=3277 /usr/bin/curl net send-data write-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=4bec2d26-1700-0000-c663-d9a4cd0c0000 pid=3277 execve guuid=78d33332-1700-0000-c663-d9a4f40c0000 pid=3316 /usr/bin/chmod guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=78d33332-1700-0000-c663-d9a4f40c0000 pid=3316 execve guuid=6c136c32-1700-0000-c663-d9a4f50c0000 pid=3317 /usr/bin/dash guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=6c136c32-1700-0000-c663-d9a4f50c0000 pid=3317 clone guuid=011e1433-1700-0000-c663-d9a4f90c0000 pid=3321 /usr/bin/curl net send-data write-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=011e1433-1700-0000-c663-d9a4f90c0000 pid=3321 execve guuid=44df223d-1700-0000-c663-d9a40e0d0000 pid=3342 /usr/bin/chmod guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=44df223d-1700-0000-c663-d9a40e0d0000 pid=3342 execve guuid=5e375a3d-1700-0000-c663-d9a40f0d0000 pid=3343 /usr/bin/dash guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=5e375a3d-1700-0000-c663-d9a40f0d0000 pid=3343 clone guuid=2163d53d-1700-0000-c663-d9a4120d0000 pid=3346 /usr/bin/curl net send-data write-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=2163d53d-1700-0000-c663-d9a4120d0000 pid=3346 execve guuid=5d47d446-1700-0000-c663-d9a4260d0000 pid=3366 /usr/bin/chmod guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=5d47d446-1700-0000-c663-d9a4260d0000 pid=3366 execve guuid=dcee2b47-1700-0000-c663-d9a4270d0000 pid=3367 /usr/bin/dash guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=dcee2b47-1700-0000-c663-d9a4270d0000 pid=3367 clone guuid=1a652448-1700-0000-c663-d9a42c0d0000 pid=3372 /usr/bin/curl net send-data write-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=1a652448-1700-0000-c663-d9a42c0d0000 pid=3372 execve guuid=421bb051-1700-0000-c663-d9a4370d0000 pid=3383 /usr/bin/chmod guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=421bb051-1700-0000-c663-d9a4370d0000 pid=3383 execve guuid=42fe2852-1700-0000-c663-d9a4380d0000 pid=3384 /usr/bin/dash guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=42fe2852-1700-0000-c663-d9a4380d0000 pid=3384 clone guuid=38d02f53-1700-0000-c663-d9a43c0d0000 pid=3388 /usr/bin/curl net send-data write-file guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=38d02f53-1700-0000-c663-d9a43c0d0000 pid=3388 execve guuid=b3c0f99b-1700-0000-c663-d9a4e60d0000 pid=3558 /usr/bin/chmod guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=b3c0f99b-1700-0000-c663-d9a4e60d0000 pid=3558 execve guuid=3565759c-1700-0000-c663-d9a4e80d0000 pid=3560 /usr/bin/dash guuid=42ec4725-1700-0000-c663-d9a4c80c0000 pid=3272->guuid=3565759c-1700-0000-c663-d9a4e80d0000 pid=3560 clone 3b21a8fd-0037-5b3b-b199-25d5d098cfce 113.30.152.240:80 guuid=4bec2d26-1700-0000-c663-d9a4cd0c0000 pid=3277->3b21a8fd-0037-5b3b-b199-25d5d098cfce send: 82B guuid=011e1433-1700-0000-c663-d9a4f90c0000 pid=3321->3b21a8fd-0037-5b3b-b199-25d5d098cfce send: 82B guuid=2163d53d-1700-0000-c663-d9a4120d0000 pid=3346->3b21a8fd-0037-5b3b-b199-25d5d098cfce send: 82B guuid=1a652448-1700-0000-c663-d9a42c0d0000 pid=3372->3b21a8fd-0037-5b3b-b199-25d5d098cfce send: 82B guuid=38d02f53-1700-0000-c663-d9a43c0d0000 pid=3388->3b21a8fd-0037-5b3b-b199-25d5d098cfce send: 82B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-16 12:00:43 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l734r7jioum6v2bxanfqe5rikqdmgdfsyd773bf2jnti6vpl4deq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260216-n6k9badt9d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5ff7c8fd287519eae837034b0276285406c30cb2c0fffd84ba4b668f55ebe0c9

(this sample)

Mirai

elf d2f9f8e1cdc434d24e04c798032bb46c3423c050161c55cdc0e5c1b11b46d464

  
URLhaus
https://urlhaus.abuse.ch/url/3718736/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1376c786f14aad14a051d125857cd996
  
Dropping
SHA256 d2f9f8e1cdc434d24e04c798032bb46c3423c050161c55cdc0e5c1b11b46d464

Comments