MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc
SHA3-384 hash: 5fd0b28c9fae76e3c05e5761b1f62942dad53ba31b217d7a34f7642a2e6013782bbeb8aaf1a0c6ba8d8325498a0e1938
SHA1 hash: 799b244ab4fbbe26736588a46e8e56cb1dd545d3
MD5 hash: 0c86801efbcdf70f0a6049f236372873
humanhash: mockingbird-alanine-video-golf
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:728 bytes
First seen:2025-12-23 03:02:28 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3nx9JnxiWmonxQNIxBhnxhaa+lLKYAnxnJPpnxKicsrJnxYMxnx2kdHozgnx81:3J3nfpURMiNIxTGRK/1JPJoa1iwckRob
TLSH T1820184CD109DF513738C8F64B197D15859A0D8E22A774961EFB48872C4E820177BC3F5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.127/ntarm4n/an/aelf ua-wget
http://130.12.180.127/ntarm5e5e9346a47bce22519a79482111400fa4d1cb57614773f44d27c47574d1fa442 Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntarm64822e668692794fad83477e8ba761b11c25d57428ee6665f0f0cef3e7ba4873a Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntarm781aad7c6c7e13e69d0759539801b14a00e44d1363adf39ba5ecddb1874709e91 Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.127/ntm68k93b5e35d52129a8f694081b56cd71ca7bd3f53481c32b80e4d653a6039a90af6 Miraielf geofenced m68k mirai ua-wget USA
http://130.12.180.127/ntsh4b7f840ae5abdf8f07a1ec90a5841a7f875ccec5c064482eee8f935d12f9c8fa6 Miraielf geofenced mirai SuperH ua-wget USA
http://130.12.180.127/ntmips67d445a8aafcd3e7c47746cfcda4ad4a92f00fe2b67fb4f4564d9a5b6f219491 Miraielf geofenced mips mirai ua-wget USA
http://130.12.180.127/ntmpsla97f2be659972982b61aee906b13d8ea4e9e16a2d1284c33f8ed99d8ea41ff59 Miraielf geofenced mips mirai ua-wget USA
http://130.12.180.127/ntppc562f58604b6c7b9a5a7f174b53301b48afc8fab79fff7de2086ea8943978b735 Miraielf geofenced mirai PowerPC ua-wget USA
http://130.12.180.127/ntx868198e09fd8d9e79cd05d5b00f01c4199706fc156a45ac0bf74f251c8f36d385e Miraielf geofenced mirai ua-wget USA x86
http://130.12.180.127/ntspcff07e6e405b5008d7f2227624d592cd35a30b45bcdf0ee2a91ef6d9f7aff9c73 Miraielf geofenced mirai sparc ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/694a067184afa5547b5c7b46/reports/30223d3d-1dfa-4106-a3a1-90f6b8c57150/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-23T00:09:00Z UTC
Last seen:
2025-12-23T00:37:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b47501c9-fd32-4001-8fc1-3b2b6aebd644
Behavior Graph:
Download SVG
%3 guuid=41b8aa17-1a00-0000-0bf1-fb73c6070000 pid=1990 /usr/bin/sudo guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993 /tmp/sample.bin guuid=41b8aa17-1a00-0000-0bf1-fb73c6070000 pid=1990->guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993 execve guuid=e247691c-1a00-0000-0bf1-fb73cb070000 pid=1995 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=e247691c-1a00-0000-0bf1-fb73cb070000 pid=1995 execve guuid=07f33326-1a00-0000-0bf1-fb73d7070000 pid=2007 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=07f33326-1a00-0000-0bf1-fb73d7070000 pid=2007 execve guuid=1f34a926-1a00-0000-0bf1-fb73d9070000 pid=2009 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=1f34a926-1a00-0000-0bf1-fb73d9070000 pid=2009 clone guuid=6752b326-1a00-0000-0bf1-fb73da070000 pid=2010 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=6752b326-1a00-0000-0bf1-fb73da070000 pid=2010 execve guuid=f6354e2c-1a00-0000-0bf1-fb73e5070000 pid=2021 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=f6354e2c-1a00-0000-0bf1-fb73e5070000 pid=2021 execve guuid=e312892c-1a00-0000-0bf1-fb73e6070000 pid=2022 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=e312892c-1a00-0000-0bf1-fb73e6070000 pid=2022 clone guuid=71c3942c-1a00-0000-0bf1-fb73e7070000 pid=2023 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=71c3942c-1a00-0000-0bf1-fb73e7070000 pid=2023 execve guuid=e2dc7e33-1a00-0000-0bf1-fb73ef070000 pid=2031 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=e2dc7e33-1a00-0000-0bf1-fb73ef070000 pid=2031 execve guuid=d5dcea33-1a00-0000-0bf1-fb73f1070000 pid=2033 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=d5dcea33-1a00-0000-0bf1-fb73f1070000 pid=2033 clone guuid=7d80f333-1a00-0000-0bf1-fb73f2070000 pid=2034 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=7d80f333-1a00-0000-0bf1-fb73f2070000 pid=2034 execve guuid=66a03c3a-1a00-0000-0bf1-fb73fe070000 pid=2046 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=66a03c3a-1a00-0000-0bf1-fb73fe070000 pid=2046 execve guuid=dd6c8e3a-1a00-0000-0bf1-fb73ff070000 pid=2047 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=dd6c8e3a-1a00-0000-0bf1-fb73ff070000 pid=2047 clone guuid=c11e9e3a-1a00-0000-0bf1-fb7300080000 pid=2048 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=c11e9e3a-1a00-0000-0bf1-fb7300080000 pid=2048 execve guuid=22006a40-1a00-0000-0bf1-fb730b080000 pid=2059 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=22006a40-1a00-0000-0bf1-fb730b080000 pid=2059 execve guuid=cd4dbf40-1a00-0000-0bf1-fb730c080000 pid=2060 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=cd4dbf40-1a00-0000-0bf1-fb730c080000 pid=2060 clone guuid=24c6cf40-1a00-0000-0bf1-fb730d080000 pid=2061 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=24c6cf40-1a00-0000-0bf1-fb730d080000 pid=2061 execve guuid=4e367a46-1a00-0000-0bf1-fb7318080000 pid=2072 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=4e367a46-1a00-0000-0bf1-fb7318080000 pid=2072 execve guuid=2f7bb946-1a00-0000-0bf1-fb7319080000 pid=2073 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=2f7bb946-1a00-0000-0bf1-fb7319080000 pid=2073 clone guuid=112dc946-1a00-0000-0bf1-fb731b080000 pid=2075 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=112dc946-1a00-0000-0bf1-fb731b080000 pid=2075 execve guuid=e04a604b-1a00-0000-0bf1-fb7322080000 pid=2082 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=e04a604b-1a00-0000-0bf1-fb7322080000 pid=2082 execve guuid=bdeaac4b-1a00-0000-0bf1-fb7324080000 pid=2084 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=bdeaac4b-1a00-0000-0bf1-fb7324080000 pid=2084 clone guuid=6ccbbb4b-1a00-0000-0bf1-fb7326080000 pid=2086 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=6ccbbb4b-1a00-0000-0bf1-fb7326080000 pid=2086 execve guuid=25796550-1a00-0000-0bf1-fb7330080000 pid=2096 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=25796550-1a00-0000-0bf1-fb7330080000 pid=2096 execve guuid=0169aa50-1a00-0000-0bf1-fb7332080000 pid=2098 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=0169aa50-1a00-0000-0bf1-fb7332080000 pid=2098 clone guuid=10a1b050-1a00-0000-0bf1-fb7333080000 pid=2099 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=10a1b050-1a00-0000-0bf1-fb7333080000 pid=2099 execve guuid=ecdd5458-1a00-0000-0bf1-fb7343080000 pid=2115 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=ecdd5458-1a00-0000-0bf1-fb7343080000 pid=2115 execve guuid=f7dfa758-1a00-0000-0bf1-fb7345080000 pid=2117 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=f7dfa758-1a00-0000-0bf1-fb7345080000 pid=2117 clone guuid=976cb758-1a00-0000-0bf1-fb7346080000 pid=2118 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=976cb758-1a00-0000-0bf1-fb7346080000 pid=2118 execve guuid=625b815d-1a00-0000-0bf1-fb7352080000 pid=2130 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=625b815d-1a00-0000-0bf1-fb7352080000 pid=2130 execve guuid=3ae8cf5d-1a00-0000-0bf1-fb7353080000 pid=2131 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=3ae8cf5d-1a00-0000-0bf1-fb7353080000 pid=2131 clone guuid=c299d85d-1a00-0000-0bf1-fb7354080000 pid=2132 /usr/bin/curl net send-data guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=c299d85d-1a00-0000-0bf1-fb7354080000 pid=2132 execve guuid=057e5a64-1a00-0000-0bf1-fb735f080000 pid=2143 /usr/bin/chmod guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=057e5a64-1a00-0000-0bf1-fb735f080000 pid=2143 execve guuid=3992b664-1a00-0000-0bf1-fb7361080000 pid=2145 /usr/bin/dash guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=3992b664-1a00-0000-0bf1-fb7361080000 pid=2145 clone guuid=26fbc664-1a00-0000-0bf1-fb7363080000 pid=2147 /usr/bin/rm delete-file guuid=c44af81b-1a00-0000-0bf1-fb73c9070000 pid=1993->guuid=26fbc664-1a00-0000-0bf1-fb7363080000 pid=2147 execve 5e5f7305-15b5-5488-9f49-ae1b177ec723 130.12.180.127:80 guuid=e247691c-1a00-0000-0bf1-fb73cb070000 pid=1995->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=6752b326-1a00-0000-0bf1-fb73da070000 pid=2010->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=71c3942c-1a00-0000-0bf1-fb73e7070000 pid=2023->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=7d80f333-1a00-0000-0bf1-fb73f2070000 pid=2034->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=c11e9e3a-1a00-0000-0bf1-fb7300080000 pid=2048->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=24c6cf40-1a00-0000-0bf1-fb730d080000 pid=2061->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=112dc946-1a00-0000-0bf1-fb731b080000 pid=2075->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=6ccbbb4b-1a00-0000-0bf1-fb7326080000 pid=2086->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 84B guuid=10a1b050-1a00-0000-0bf1-fb7333080000 pid=2099->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=976cb758-1a00-0000-0bf1-fb7346080000 pid=2118->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B guuid=c299d85d-1a00-0000-0bf1-fb7354080000 pid=2132->5e5f7305-15b5-5488-9f49-ae1b177ec723 send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 03:03:14 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nelgpcsk3u62qspnkidu3wur6vhfdbb6dcb6uordssakoev32c6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-djtxtsvnh1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6916678a4add3da849ed52074dda91f54e51843e1883ea3a239480a712bbd0bc

(this sample)

Mirai

elf 8bb6df5f2c61a955dcbc98b25150d0ae232bc52bb2a0ebc748b87b39778eb5ce

Mirai

elf e5e9346a47bce22519a79482111400fa4d1cb57614773f44d27c47574d1fa442

  
URLhaus
https://urlhaus.abuse.ch/url/3740756/
  
Delivery method
Distributed via web download
  
Dropping
MD5 74d55af8860ba46c47a93381f52ad543
  
Dropping
SHA256 e5e9346a47bce22519a79482111400fa4d1cb57614773f44d27c47574d1fa442

Comments