MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0
SHA3-384 hash: c6f10c72914a5533ac7ff3363a6a67577799a8e822c777222a4b80d6e16ed4910d30243306f2257492f0c1159fc803f4
SHA1 hash: 505287e4c87d97a026832129b57e145b17acb8a3
MD5 hash: 6ce984cd09ae13c54a4ed12c855f7acb
humanhash: fillet-grey-violet-juliet
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:862 bytes
First seen:2026-01-09 00:40:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3UUMxqQUUCRHQUUzNIjlTBAQUUAiKl2EQUUf1QUUX9qQUUGFG10qQUUF6ZQUUR:3J38xkcNIpfKl9Bq6KmKnHR
TLSH T149118AEA42BA9943972CCD4CB4AB842C6681D1C5FEB3DD89E82C84785CC724A3065F67
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/bins/parm74274cc3016ed06a7b19211372807dbf087efe4fc19643d8615e740890995c20 Miraielf mirai ua-wget
http://158.94.208.27/bins/parm555ef872e61c4b4b37f629c02efca7e2b1cbea444da91af9dd1aaf1675366db3a Miraielf mirai ua-wget
http://158.94.208.27/bins/parm6b5ecd9986333d5dbf1e62c879bf196676deb09fc40c1e55ae641210cad53d978 Miraielf mirai ua-wget
http://158.94.208.27/bins/parm73d39bbd00e38822b51e2c63dd338a5751d6c05634bd6c7293ef1177d1d3f8a14 Miraielf mirai ua-wget
http://158.94.208.27/bins/pm68k374b27b29be2d11caa68c2d48e1b9f9935ac0ae37abe50ee5073942cc65f9e23 Miraielf mirai ua-wget
http://158.94.208.27/bins/pmipsf8a94465e9304bde873bd3c8cd1f939097b7312fc1c7845c8499b274e16bd869 Miraielf mirai ua-wget
http://158.94.208.27/bins/pmpsl4947526318630ed5a8f64b762c62eec0e127a0aafdcba72cf860a26375906109 Miraielf mirai ua-wget
http://158.94.208.27/bins/pppc2c05935c19ede9cccaa1a274c93c7deab438e27f141120642aafd377ae4463bf Miraielf mirai ua-wget
http://158.94.208.27/bins/psh458d58774c2c497deb1f96eb0cadc065dc8699a04c38111d212fcc68808a85cbe Miraielf mirai ua-wget
http://158.94.208.27/bins/pspcb13baeead8922b19bd7a24a12d7fd3a1c7d5e9845012a65fcde792b9527a7b5b Miraielf mirai ua-wget
http://158.94.208.27/bins/px8622e5a9e790fe5bcfd184634d3d779ddea70bcb4e216ac7fe346679c15f2b610c Miraielf mirai ua-wget
http://158.94.208.27/bins/px86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69604ec407ef5fa68e81f75e/reports/253ae6ba-df06-466f-97e9-76fa40f34f89/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-08T21:59:00Z UTC
Last seen:
2026-01-08T22:21:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5cf4d4d7-396c-499b-b6b5-720b5ef4e6b8
Behavior Graph:
Download SVG
%3 guuid=8cde04f2-1b00-0000-e293-d334390d0000 pid=3385 /usr/bin/sudo guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395 /tmp/sample.bin guuid=8cde04f2-1b00-0000-e293-d334390d0000 pid=3385->guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395 execve guuid=17a698f4-1b00-0000-e293-d334450d0000 pid=3397 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=17a698f4-1b00-0000-e293-d334450d0000 pid=3397 execve guuid=3e336700-1c00-0000-e293-d3346c0d0000 pid=3436 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=3e336700-1c00-0000-e293-d3346c0d0000 pid=3436 execve guuid=cbe1d200-1c00-0000-e293-d3346e0d0000 pid=3438 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=cbe1d200-1c00-0000-e293-d3346e0d0000 pid=3438 clone guuid=cf07e400-1c00-0000-e293-d3346f0d0000 pid=3439 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=cf07e400-1c00-0000-e293-d3346f0d0000 pid=3439 execve guuid=2c492d0c-1c00-0000-e293-d3348f0d0000 pid=3471 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=2c492d0c-1c00-0000-e293-d3348f0d0000 pid=3471 execve guuid=9b76770c-1c00-0000-e293-d334910d0000 pid=3473 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=9b76770c-1c00-0000-e293-d334910d0000 pid=3473 clone guuid=f91f7e0c-1c00-0000-e293-d334920d0000 pid=3474 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=f91f7e0c-1c00-0000-e293-d334920d0000 pid=3474 execve guuid=21f59a17-1c00-0000-e293-d334a60d0000 pid=3494 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=21f59a17-1c00-0000-e293-d334a60d0000 pid=3494 execve guuid=0a420b18-1c00-0000-e293-d334a70d0000 pid=3495 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=0a420b18-1c00-0000-e293-d334a70d0000 pid=3495 clone guuid=1e271c18-1c00-0000-e293-d334a80d0000 pid=3496 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=1e271c18-1c00-0000-e293-d334a80d0000 pid=3496 execve guuid=c83be925-1c00-0000-e293-d334bb0d0000 pid=3515 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=c83be925-1c00-0000-e293-d334bb0d0000 pid=3515 execve guuid=a6aa6726-1c00-0000-e293-d334bc0d0000 pid=3516 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=a6aa6726-1c00-0000-e293-d334bc0d0000 pid=3516 clone guuid=a2777826-1c00-0000-e293-d334bd0d0000 pid=3517 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=a2777826-1c00-0000-e293-d334bd0d0000 pid=3517 execve guuid=4978ad36-1c00-0000-e293-d334d90d0000 pid=3545 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=4978ad36-1c00-0000-e293-d334d90d0000 pid=3545 execve guuid=2ccd2837-1c00-0000-e293-d334db0d0000 pid=3547 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=2ccd2837-1c00-0000-e293-d334db0d0000 pid=3547 clone guuid=df203b37-1c00-0000-e293-d334dc0d0000 pid=3548 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=df203b37-1c00-0000-e293-d334dc0d0000 pid=3548 execve guuid=91c9dd44-1c00-0000-e293-d334ff0d0000 pid=3583 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=91c9dd44-1c00-0000-e293-d334ff0d0000 pid=3583 execve guuid=b93c2c45-1c00-0000-e293-d334000e0000 pid=3584 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=b93c2c45-1c00-0000-e293-d334000e0000 pid=3584 clone guuid=acb93b45-1c00-0000-e293-d334010e0000 pid=3585 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=acb93b45-1c00-0000-e293-d334010e0000 pid=3585 execve guuid=dd891052-1c00-0000-e293-d334200e0000 pid=3616 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=dd891052-1c00-0000-e293-d334200e0000 pid=3616 execve guuid=7a689d52-1c00-0000-e293-d334220e0000 pid=3618 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=7a689d52-1c00-0000-e293-d334220e0000 pid=3618 clone guuid=235caa52-1c00-0000-e293-d334230e0000 pid=3619 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=235caa52-1c00-0000-e293-d334230e0000 pid=3619 execve guuid=13106a5e-1c00-0000-e293-d334400e0000 pid=3648 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=13106a5e-1c00-0000-e293-d334400e0000 pid=3648 execve guuid=2764aa5e-1c00-0000-e293-d334420e0000 pid=3650 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=2764aa5e-1c00-0000-e293-d334420e0000 pid=3650 clone guuid=b258b05e-1c00-0000-e293-d334430e0000 pid=3651 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=b258b05e-1c00-0000-e293-d334430e0000 pid=3651 execve guuid=3d7f496d-1c00-0000-e293-d334630e0000 pid=3683 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=3d7f496d-1c00-0000-e293-d334630e0000 pid=3683 execve guuid=446aa46d-1c00-0000-e293-d334640e0000 pid=3684 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=446aa46d-1c00-0000-e293-d334640e0000 pid=3684 clone guuid=800bac6d-1c00-0000-e293-d334650e0000 pid=3685 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=800bac6d-1c00-0000-e293-d334650e0000 pid=3685 execve guuid=ba64fb7b-1c00-0000-e293-d3347a0e0000 pid=3706 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=ba64fb7b-1c00-0000-e293-d3347a0e0000 pid=3706 execve guuid=055c447c-1c00-0000-e293-d3347c0e0000 pid=3708 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=055c447c-1c00-0000-e293-d3347c0e0000 pid=3708 clone guuid=9c83537c-1c00-0000-e293-d3347d0e0000 pid=3709 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=9c83537c-1c00-0000-e293-d3347d0e0000 pid=3709 execve guuid=c6dfcc86-1c00-0000-e293-d334a00e0000 pid=3744 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=c6dfcc86-1c00-0000-e293-d334a00e0000 pid=3744 execve guuid=1e2f3787-1c00-0000-e293-d334a20e0000 pid=3746 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=1e2f3787-1c00-0000-e293-d334a20e0000 pid=3746 clone guuid=ccaf4387-1c00-0000-e293-d334a30e0000 pid=3747 /usr/bin/curl net send-data guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=ccaf4387-1c00-0000-e293-d334a30e0000 pid=3747 execve guuid=d0840d8f-1c00-0000-e293-d334c40e0000 pid=3780 /usr/bin/chmod guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=d0840d8f-1c00-0000-e293-d334c40e0000 pid=3780 execve guuid=87918a8f-1c00-0000-e293-d334c70e0000 pid=3783 /usr/bin/dash guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=87918a8f-1c00-0000-e293-d334c70e0000 pid=3783 clone guuid=55fd9b8f-1c00-0000-e293-d334c80e0000 pid=3784 /usr/bin/rm delete-file guuid=f05d5ef4-1b00-0000-e293-d334430d0000 pid=3395->guuid=55fd9b8f-1c00-0000-e293-d334c80e0000 pid=3784 execve b8c32f6f-e0ff-5b69-a443-652e84386a76 158.94.208.27:80 guuid=17a698f4-1b00-0000-e293-d334450d0000 pid=3397->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 86B guuid=cf07e400-1c00-0000-e293-d3346f0d0000 pid=3439->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=f91f7e0c-1c00-0000-e293-d334920d0000 pid=3474->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=1e271c18-1c00-0000-e293-d334a80d0000 pid=3496->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=a2777826-1c00-0000-e293-d334bd0d0000 pid=3517->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=df203b37-1c00-0000-e293-d334dc0d0000 pid=3548->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=acb93b45-1c00-0000-e293-d334010e0000 pid=3585->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 87B guuid=235caa52-1c00-0000-e293-d334230e0000 pid=3619->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 86B guuid=b258b05e-1c00-0000-e293-d334430e0000 pid=3651->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 86B guuid=800bac6d-1c00-0000-e293-d334650e0000 pid=3685->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 86B guuid=9c83537c-1c00-0000-e293-d3347d0e0000 pid=3709->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 86B guuid=ccaf4387-1c00-0000-e293-d334a30e0000 pid=3747->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0
Threat name:
Document-HTML.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-09 00:40:59 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mtkclh4ohcjwwi6p6r2mvmvj5j7dtyp5npplxoxi7r53etnhrpia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260109-a1p4esgv6b/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 64d4259f8e38936b23cff474cab2a9ea7e39e1fd6bdebbbae8fc7bb24da78bd0

(this sample)

Mirai

elf f81ccaf08eb38ce38873b1538bb50a98141cb576a8c85da5eec0fd2377c84b0b

Mirai

elf 46f64bc18582fbf0fc364191d3f564b332e5f86733f3d9e25705cfc8c9e54183

  
URLhaus
https://urlhaus.abuse.ch/url/3747929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 881b337ec29e04f4af66ddf20fb32e63
  
Dropping
SHA256 46f64bc18582fbf0fc364191d3f564b332e5f86733f3d9e25705cfc8c9e54183

Comments