MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2
SHA3-384 hash: a5cfc1a55e06a3abc368d2e1223935947b5691a3f378329b601c3820b5295ab0e305d3c61bbf29507848fe6aff78204d
SHA1 hash: 8fd49abfe53c3d08c13ee9b534a30a511deeacb6
MD5 hash: eddc326890820e8884d07bb51208f716
humanhash: hamper-helium-artist-south
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'437 bytes
First seen:2025-08-01 12:39:58 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:X/pBq8z/PFB0P/RcqBCe/JBQPf+EBn9BdTCHSqBpZO8LBQzjB4bzNTBHGGByUz/z:3176CeS/jd+y6e81IeNXyWr
TLSH T11A213CC151D467F39EC88D64BA22A1BCA06C80CA7E2F27D4E59988C963996D3F184A24
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://66.63.187.141/armc7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076 Gafgyt32-bit elf gafgyt Mozi
http://66.63.187.141/arm52153f7f0232ac7e9fb23ee4c50aabb18c7f32ff2653f213796fb55b3229aabf4 Miraielf gafgyt mirai ua-wget
http://66.63.187.141/arm66062592a30f707d9cc1d5ba80dd76140736d28829df170f53a710bf182b83ce9 Miraielf mirai ua-wget
http://66.63.187.141/arm78caac9e05312ee38e05a89b23e920a5901c4c88736db0b345e5184dbef7ce50b Miraielf mirai ua-wget
http://66.63.187.141/m68k6c40414fd73464b551868bd5f995011bee86ae6c28fb12243451c60f10364022 Miraielf mirai ua-wget
http://66.63.187.141/mips7124a65bf24f9edba23f44feeace7c17c40c84a3977c2220d6742e188928612e Mirai32-bit elf gafgyt mirai Mozi
http://66.63.187.141/mpsl2d1cf20f3c60d797308489012c7552b1db022dfbfcf8bb1c71fe360290f597f2 Miraielf mirai ua-wget
http://66.63.187.141/ppcd767a593cb2972e5723c48de6fca9381904325f4abc2f2ef2fd3cfe16bfc3f53 Miraielf mirai ua-wget
http://66.63.187.141/sh45df71bf1f1a1ebf98c9577001b5993daf3485bb73a9a444dadd0ba9c1ad07f00 Miraielf mirai ua-wget
http://66.63.187.141/spc2b359c5ff58e99593a6a50502532be6800160cff3b08a0d6b96a79774f08579d Miraielf mirai ua-wget
http://66.63.187.141/x86c8cd283b2c877dd54bb88007adf05c50549d1cb6ca6b6fedbe6d225e8683288b Mirai32-bit elf gafgyt mirai Mozi
http://66.63.187.141/arca2d0fc472eca4df3beb5008a02ada4c140418c12aaac11b38b4d41a4244ebadb Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/688cb5d273b8ef6f4af9ad19/reports/6770888b-4dc7-4006-acce-731e5db73fc8/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/36cc0fcc-3544-4521-b8d2-853f17a65d38
Behavior Graph:
Download SVG
%3 guuid=d8d94fd1-1900-0000-8e0a-51db670a0000 pid=2663 /usr/bin/sudo guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671 /tmp/sample.bin guuid=d8d94fd1-1900-0000-8e0a-51db670a0000 pid=2663->guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671 execve guuid=4a141ed4-1900-0000-8e0a-51db710a0000 pid=2673 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=4a141ed4-1900-0000-8e0a-51db710a0000 pid=2673 execve guuid=1f437cd4-1900-0000-8e0a-51db720a0000 pid=2674 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=1f437cd4-1900-0000-8e0a-51db720a0000 pid=2674 execve guuid=d632cad4-1900-0000-8e0a-51db730a0000 pid=2675 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=d632cad4-1900-0000-8e0a-51db730a0000 pid=2675 clone guuid=721ad6d4-1900-0000-8e0a-51db750a0000 pid=2677 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=721ad6d4-1900-0000-8e0a-51db750a0000 pid=2677 execve guuid=4fd4f7d4-1900-0000-8e0a-51db760a0000 pid=2678 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=4fd4f7d4-1900-0000-8e0a-51db760a0000 pid=2678 execve guuid=fcb02cd5-1900-0000-8e0a-51db770a0000 pid=2679 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=fcb02cd5-1900-0000-8e0a-51db770a0000 pid=2679 execve guuid=780a5ed5-1900-0000-8e0a-51db790a0000 pid=2681 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=780a5ed5-1900-0000-8e0a-51db790a0000 pid=2681 clone guuid=8f9c89d5-1900-0000-8e0a-51db7b0a0000 pid=2683 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=8f9c89d5-1900-0000-8e0a-51db7b0a0000 pid=2683 execve guuid=e0eeaed5-1900-0000-8e0a-51db7c0a0000 pid=2684 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=e0eeaed5-1900-0000-8e0a-51db7c0a0000 pid=2684 execve guuid=1656e1d5-1900-0000-8e0a-51db7d0a0000 pid=2685 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=1656e1d5-1900-0000-8e0a-51db7d0a0000 pid=2685 execve guuid=c67402d6-1900-0000-8e0a-51db7f0a0000 pid=2687 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=c67402d6-1900-0000-8e0a-51db7f0a0000 pid=2687 clone guuid=8db33cd6-1900-0000-8e0a-51db810a0000 pid=2689 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=8db33cd6-1900-0000-8e0a-51db810a0000 pid=2689 execve guuid=3ff95cd6-1900-0000-8e0a-51db820a0000 pid=2690 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=3ff95cd6-1900-0000-8e0a-51db820a0000 pid=2690 execve guuid=b08c88d6-1900-0000-8e0a-51db840a0000 pid=2692 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=b08c88d6-1900-0000-8e0a-51db840a0000 pid=2692 execve guuid=ca66b9d6-1900-0000-8e0a-51db860a0000 pid=2694 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=ca66b9d6-1900-0000-8e0a-51db860a0000 pid=2694 clone guuid=db90c1d6-1900-0000-8e0a-51db870a0000 pid=2695 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=db90c1d6-1900-0000-8e0a-51db870a0000 pid=2695 execve guuid=5a29e2d6-1900-0000-8e0a-51db880a0000 pid=2696 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=5a29e2d6-1900-0000-8e0a-51db880a0000 pid=2696 execve guuid=12c907d7-1900-0000-8e0a-51db8a0a0000 pid=2698 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=12c907d7-1900-0000-8e0a-51db8a0a0000 pid=2698 execve guuid=92452fd7-1900-0000-8e0a-51db8b0a0000 pid=2699 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=92452fd7-1900-0000-8e0a-51db8b0a0000 pid=2699 clone guuid=0afd36d7-1900-0000-8e0a-51db8c0a0000 pid=2700 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=0afd36d7-1900-0000-8e0a-51db8c0a0000 pid=2700 execve guuid=15485ad7-1900-0000-8e0a-51db8d0a0000 pid=2701 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=15485ad7-1900-0000-8e0a-51db8d0a0000 pid=2701 execve guuid=ccd77ad7-1900-0000-8e0a-51db8f0a0000 pid=2703 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=ccd77ad7-1900-0000-8e0a-51db8f0a0000 pid=2703 execve guuid=75de95d7-1900-0000-8e0a-51db900a0000 pid=2704 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=75de95d7-1900-0000-8e0a-51db900a0000 pid=2704 clone guuid=0c529cd7-1900-0000-8e0a-51db910a0000 pid=2705 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=0c529cd7-1900-0000-8e0a-51db910a0000 pid=2705 execve guuid=0cf3bdd7-1900-0000-8e0a-51db930a0000 pid=2707 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=0cf3bdd7-1900-0000-8e0a-51db930a0000 pid=2707 execve guuid=7fdbdfd7-1900-0000-8e0a-51db940a0000 pid=2708 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=7fdbdfd7-1900-0000-8e0a-51db940a0000 pid=2708 execve guuid=f42708d8-1900-0000-8e0a-51db960a0000 pid=2710 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=f42708d8-1900-0000-8e0a-51db960a0000 pid=2710 clone guuid=b0d614d8-1900-0000-8e0a-51db970a0000 pid=2711 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=b0d614d8-1900-0000-8e0a-51db970a0000 pid=2711 execve guuid=d6d63ad8-1900-0000-8e0a-51db990a0000 pid=2713 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=d6d63ad8-1900-0000-8e0a-51db990a0000 pid=2713 execve guuid=49e463d8-1900-0000-8e0a-51db9a0a0000 pid=2714 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=49e463d8-1900-0000-8e0a-51db9a0a0000 pid=2714 execve guuid=f89085d8-1900-0000-8e0a-51db9c0a0000 pid=2716 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=f89085d8-1900-0000-8e0a-51db9c0a0000 pid=2716 clone guuid=cf6d8ad8-1900-0000-8e0a-51db9d0a0000 pid=2717 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=cf6d8ad8-1900-0000-8e0a-51db9d0a0000 pid=2717 execve guuid=159cacd8-1900-0000-8e0a-51db9e0a0000 pid=2718 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=159cacd8-1900-0000-8e0a-51db9e0a0000 pid=2718 execve guuid=8331d1d8-1900-0000-8e0a-51db9f0a0000 pid=2719 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=8331d1d8-1900-0000-8e0a-51db9f0a0000 pid=2719 execve guuid=4444f5d8-1900-0000-8e0a-51dba10a0000 pid=2721 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=4444f5d8-1900-0000-8e0a-51dba10a0000 pid=2721 clone guuid=0d33fbd8-1900-0000-8e0a-51dba20a0000 pid=2722 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=0d33fbd8-1900-0000-8e0a-51dba20a0000 pid=2722 execve guuid=ffe623d9-1900-0000-8e0a-51dba30a0000 pid=2723 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=ffe623d9-1900-0000-8e0a-51dba30a0000 pid=2723 execve guuid=347a48d9-1900-0000-8e0a-51dba50a0000 pid=2725 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=347a48d9-1900-0000-8e0a-51dba50a0000 pid=2725 execve guuid=a3776bd9-1900-0000-8e0a-51dba60a0000 pid=2726 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=a3776bd9-1900-0000-8e0a-51dba60a0000 pid=2726 clone guuid=ccf576d9-1900-0000-8e0a-51dba70a0000 pid=2727 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=ccf576d9-1900-0000-8e0a-51dba70a0000 pid=2727 execve guuid=8ec19bd9-1900-0000-8e0a-51dba80a0000 pid=2728 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=8ec19bd9-1900-0000-8e0a-51dba80a0000 pid=2728 execve guuid=72d2bdd9-1900-0000-8e0a-51dbaa0a0000 pid=2730 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=72d2bdd9-1900-0000-8e0a-51dbaa0a0000 pid=2730 execve guuid=c07be0d9-1900-0000-8e0a-51dbab0a0000 pid=2731 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=c07be0d9-1900-0000-8e0a-51dbab0a0000 pid=2731 clone guuid=4f0ce5d9-1900-0000-8e0a-51dbac0a0000 pid=2732 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=4f0ce5d9-1900-0000-8e0a-51dbac0a0000 pid=2732 execve guuid=acbc0eda-1900-0000-8e0a-51dbae0a0000 pid=2734 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=acbc0eda-1900-0000-8e0a-51dbae0a0000 pid=2734 execve guuid=17fc30da-1900-0000-8e0a-51dbaf0a0000 pid=2735 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=17fc30da-1900-0000-8e0a-51dbaf0a0000 pid=2735 execve guuid=36a354da-1900-0000-8e0a-51dbb00a0000 pid=2736 /usr/bin/dash guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=36a354da-1900-0000-8e0a-51dbb00a0000 pid=2736 clone guuid=46045cda-1900-0000-8e0a-51dbb10a0000 pid=2737 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=46045cda-1900-0000-8e0a-51dbb10a0000 pid=2737 execve guuid=dbb17cda-1900-0000-8e0a-51dbb30a0000 pid=2739 /usr/bin/busybox guuid=cb4ae0d3-1900-0000-8e0a-51db6f0a0000 pid=2671->guuid=dbb17cda-1900-0000-8e0a-51dbb30a0000 pid=2739 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-01 12:31:34 UTC
File Type:
Text (Shell)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qdmeqqnrmbdz7aaruttvd7wy7fenfemqkmwgpcp6mexzbbj5qxja._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/250801-pwjheaaq41/
Behaviour
System Network Configuration Discovery
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 80d84841b160479f8011a4e751fed8f948d29190532c6789fe612f90853d85d2

(this sample)

Gafgyt

elf c7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076

  
URLhaus
https://urlhaus.abuse.ch/url/3594258/
  
Delivery method
Distributed via web download
  
Dropping
MD5 90bbcab4a058c792954a141e5c33d1a2
  
Dropping
SHA256 c7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076

Comments