MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d
SHA3-384 hash: b63b3ca6c0697ca85c3d8d2ad808e3ab7b7456cba5ce44b259682aaf4f4fe601c2c1c352f5d3e9536ff4577b0288e1cd
SHA1 hash: f20a570fc4c6ed8d39a8781d74170a2398691897
MD5 hash: af9d378a936b4b33606763cca9b2e59d
humanhash: louisiana-mobile-hot-potato
File name:f
Download: download sample
Signature Mirai
Create hunting rule
File size:831 bytes
First seen:2026-01-01 00:57:31 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:/9ZOek933v6hLk933v6nRk933v6M5dM5nk933v6rOOk933v6rFk933vXw:FZTk92k9Wk9vI9k9ok9+k9Pw
TLSH T1B401C0CF10445E3175C845D93AD3542E585046E316E4461DAEDE857358C56187B9CE6C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/splmips013e05a55b7eec9a40a31b246b621f8601d309dcf037e90667c0f22d58d0b318 Miraielf mirai ua-wget
http://130.12.180.64/splmpsl436ba6405d77bebb00b88929146a8cd198d2135482bb725a61c1a229a247f00c Miraielf mirai ua-wget
http://130.12.180.64/splarm741b85b1332d729d82c5acad305910c52db8f5b877a6c4ae1ff1d751074b0a6f Miraielf gafgyt mirai ua-wget
http://130.12.180.64/splarm51c082b839e62da11060d626acb446712ef072d8cb0a2b8bd64b437e1e651c475 Miraielf gafgyt mirai ua-wget
http://130.12.180.64/splarm7c9e85c149dd85cd32cad779a54dc868ac5228612897fb559329b9173630deec6 Miraielf mirai ua-wget
http://130.12.180.64/splarm66a867df1685cdcf043b023c09d53a61e03ae3d406fe7ec5088ee4a46bf83db47 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/69561aca2fb7bb52ca83e921/reports/b31091c9-a95e-4543-be84-69066c3c4fef/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d
Verdict:
Malicious
File Type:
text
First seen:
2025-12-31T23:21:00Z UTC
Last seen:
2026-01-01T05:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cf9a83c5-1ed5-4db6-a676-8d89ebcd1bf8
Behavior Graph:
Download SVG
%3 guuid=fd9927ed-1900-0000-8581-764f030c0000 pid=3075 /usr/bin/sudo guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081 /tmp/sample.bin guuid=fd9927ed-1900-0000-8581-764f030c0000 pid=3075->guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081 execve guuid=3a77cbef-1900-0000-8581-764f0b0c0000 pid=3083 /usr/bin/cp guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=3a77cbef-1900-0000-8581-764f0b0c0000 pid=3083 execve guuid=f68074f4-1900-0000-8581-764f160c0000 pid=3094 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=f68074f4-1900-0000-8581-764f160c0000 pid=3094 clone guuid=23493cf8-1900-0000-8581-764f1f0c0000 pid=3103 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=23493cf8-1900-0000-8581-764f1f0c0000 pid=3103 execve guuid=3d8073f8-1900-0000-8581-764f200c0000 pid=3104 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=3d8073f8-1900-0000-8581-764f200c0000 pid=3104 clone guuid=2ebdecf8-1900-0000-8581-764f240c0000 pid=3108 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=2ebdecf8-1900-0000-8581-764f240c0000 pid=3108 execve guuid=78522bf9-1900-0000-8581-764f250c0000 pid=3109 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=78522bf9-1900-0000-8581-764f250c0000 pid=3109 clone guuid=abe2fcfc-1900-0000-8581-764f320c0000 pid=3122 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=abe2fcfc-1900-0000-8581-764f320c0000 pid=3122 execve guuid=0806b4fd-1900-0000-8581-764f360c0000 pid=3126 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=0806b4fd-1900-0000-8581-764f360c0000 pid=3126 clone guuid=ef547dff-1900-0000-8581-764f3d0c0000 pid=3133 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=ef547dff-1900-0000-8581-764f3d0c0000 pid=3133 execve guuid=1cebccff-1900-0000-8581-764f3f0c0000 pid=3135 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=1cebccff-1900-0000-8581-764f3f0c0000 pid=3135 clone guuid=33b37003-1a00-0000-8581-764f4c0c0000 pid=3148 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=33b37003-1a00-0000-8581-764f4c0c0000 pid=3148 execve guuid=a7b7af03-1a00-0000-8581-764f4e0c0000 pid=3150 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=a7b7af03-1a00-0000-8581-764f4e0c0000 pid=3150 clone guuid=cf8b3604-1a00-0000-8581-764f510c0000 pid=3153 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=cf8b3604-1a00-0000-8581-764f510c0000 pid=3153 execve guuid=ad047d04-1a00-0000-8581-764f520c0000 pid=3154 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=ad047d04-1a00-0000-8581-764f520c0000 pid=3154 clone guuid=74ea5c08-1a00-0000-8581-764f5f0c0000 pid=3167 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=74ea5c08-1a00-0000-8581-764f5f0c0000 pid=3167 execve guuid=8698a008-1a00-0000-8581-764f600c0000 pid=3168 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=8698a008-1a00-0000-8581-764f600c0000 pid=3168 clone guuid=4a7d240a-1a00-0000-8581-764f640c0000 pid=3172 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=4a7d240a-1a00-0000-8581-764f640c0000 pid=3172 execve guuid=a099650a-1a00-0000-8581-764f650c0000 pid=3173 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=a099650a-1a00-0000-8581-764f650c0000 pid=3173 clone guuid=430e290e-1a00-0000-8581-764f700c0000 pid=3184 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=430e290e-1a00-0000-8581-764f700c0000 pid=3184 execve guuid=de9f6e0e-1a00-0000-8581-764f710c0000 pid=3185 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=de9f6e0e-1a00-0000-8581-764f710c0000 pid=3185 clone guuid=14761510-1a00-0000-8581-764f740c0000 pid=3188 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=14761510-1a00-0000-8581-764f740c0000 pid=3188 execve guuid=40407910-1a00-0000-8581-764f760c0000 pid=3190 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=40407910-1a00-0000-8581-764f760c0000 pid=3190 clone guuid=85883714-1a00-0000-8581-764f7e0c0000 pid=3198 /usr/bin/chmod guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=85883714-1a00-0000-8581-764f7e0c0000 pid=3198 execve guuid=f23f7814-1a00-0000-8581-764f7f0c0000 pid=3199 /usr/bin/dash guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=f23f7814-1a00-0000-8581-764f7f0c0000 pid=3199 clone guuid=efda4615-1a00-0000-8581-764f830c0000 pid=3203 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=efda4615-1a00-0000-8581-764f830c0000 pid=3203 execve guuid=405e8f15-1a00-0000-8581-764f850c0000 pid=3205 /usr/bin/rm delete-file guuid=4fb384ef-1900-0000-8581-764f090c0000 pid=3081->guuid=405e8f15-1a00-0000-8581-764f850c0000 pid=3205 execve guuid=354e85f4-1900-0000-8581-764f170c0000 pid=3095 /usr/bin/busybox net send-data write-file guuid=f68074f4-1900-0000-8581-764f160c0000 pid=3094->guuid=354e85f4-1900-0000-8581-764f170c0000 pid=3095 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=354e85f4-1900-0000-8581-764f170c0000 pid=3095->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=18453af9-1900-0000-8581-764f270c0000 pid=3111 /usr/bin/busybox net send-data write-file guuid=78522bf9-1900-0000-8581-764f250c0000 pid=3109->guuid=18453af9-1900-0000-8581-764f270c0000 pid=3111 execve guuid=18453af9-1900-0000-8581-764f270c0000 pid=3111->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=3c58d4ff-1900-0000-8581-764f400c0000 pid=3136 /usr/bin/busybox net send-data write-file guuid=1cebccff-1900-0000-8581-764f3f0c0000 pid=3135->guuid=3c58d4ff-1900-0000-8581-764f400c0000 pid=3136 execve guuid=3c58d4ff-1900-0000-8581-764f400c0000 pid=3136->f22fee75-ab34-540d-95fe-696883c6f4ad send: 82B guuid=c0ca8704-1a00-0000-8581-764f530c0000 pid=3155 /usr/bin/busybox net send-data write-file guuid=ad047d04-1a00-0000-8581-764f520c0000 pid=3154->guuid=c0ca8704-1a00-0000-8581-764f530c0000 pid=3155 execve guuid=c0ca8704-1a00-0000-8581-764f530c0000 pid=3155->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=c26b6f0a-1a00-0000-8581-764f660c0000 pid=3174 /usr/bin/busybox net send-data write-file guuid=a099650a-1a00-0000-8581-764f650c0000 pid=3173->guuid=c26b6f0a-1a00-0000-8581-764f660c0000 pid=3174 execve guuid=c26b6f0a-1a00-0000-8581-764f660c0000 pid=3174->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B guuid=ea148210-1a00-0000-8581-764f770c0000 pid=3191 /usr/bin/busybox net send-data write-file guuid=40407910-1a00-0000-8581-764f760c0000 pid=3190->guuid=ea148210-1a00-0000-8581-764f770c0000 pid=3191 execve guuid=ea148210-1a00-0000-8581-764f770c0000 pid=3191->f22fee75-ab34-540d-95fe-696883c6f4ad send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-01 01:10:52 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rxb3iqzbuixwqunryq6kjgsn4rkrngvnnta642kpvyeszyxahfgq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-n5ep5sg19g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8dc3b44321a22f6851b1c43ca49a4de455169aad6cc1ee694fae092ce2e0394d

(this sample)

Mirai

elf 6a723606451bad90ad32d966dbc3aac92576faeef65e1f390dc493642551da58

  
URLhaus
https://urlhaus.abuse.ch/url/3740356/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f38937ffa8d7e34c256aa4a5fb825496
  
Dropping
SHA256 6a723606451bad90ad32d966dbc3aac92576faeef65e1f390dc493642551da58

Comments