MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec
SHA3-384 hash: 60e296f30bc06f74cf526682a57862c516e6ce84d60f4150467cd7bd3ff624cb30fb745ee0a8af71aaf81a3758f76f40
SHA1 hash: b3cad39774770519078c3c8752b0d596db96738c
MD5 hash: c28718cc2b35425cc52345bdc9ba9a43
humanhash: steak-lamp-bakerloo-hot
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'466 bytes
First seen:2025-12-05 18:14:12 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:e/EBvw01CKBFBv60hzqYTtqBvTm30Tcs1BvG03yBlcdvbEByTvNAUs8c1OMtqBVf:uovw0DB7v60h5cvu0RLvG0ilcG0KUsFA
TLSH T1BD313EE00896173F9EC09917B366506D203A29CB7E3B6DC0E4DB78D5B3586D2B221D1D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/jklarm8320aa20a3bdaad1be8565ca1a860192b890d36910b88553b38f89c680a16756 Miraielf mirai
http://213.209.143.64/jklarm5b5f848a4b5b7ac145233c1935a2351b59bd8e465ce91385813b86f06a3d08e35 Miraielf mirai ua-wget
http://213.209.143.64/jklarm64a1ed3d587aba9a19b28f9095e783b745c67d8762d6e0fbd352331e14d91b802 Miraielf mirai ua-wget
http://213.209.143.64/jklarm77b139cd77bf56c836a767dc29aaf782259e6c4319e2826fa8914265d97f3e412 Miraielf mirai
http://213.209.143.64/jklm68kf5ec140e6a1cfbab60895be253808b102f834de6acb0e7ce082598c1d68e6d7a Miraielf mirai ua-wget
http://213.209.143.64/jklmips40c4ad08ccaa83508475573b3730c5740325e928d95bdd7cc81781ef1b7fd71e Miraielf mirai ua-wget
http://213.209.143.64/jklmpsl997c886f1229b3e65ebf0aeed8384c517a1e853aa5e57366a540d1d17c2dfe97 Miraielf mirai ua-wget
http://213.209.143.64/jklppc72d73a389c28489b50b18d694675be42b3f58db6e067b4d53d33e3cad623c2b0 Miraielf mirai ua-wget
http://213.209.143.64/jklsh4a687ddd518200b3eb0c5bc7179fce12f2a8083668b29285e338da99d17ac7e90 Miraimirai
http://213.209.143.64/jklspc3689f74ca67bd464aa6ea7eb52b8f40677b2c86f7858809682550ca540a2ce59 Miraimirai
http://213.209.143.64/jklx868d53c1599e3023df544bd05d7be7e0ce781ba0283d5519b11b484f22a5282861 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6933214cbc15eab491f57b32/reports/7d4b5ee6-25a3-4af2-bfb2-937c5ad61ac5/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-05T16:05:00Z UTC
Last seen:
2025-12-06T03:37:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2d56239a-00ec-4e0c-aea7-13a41ee09adb
Behavior Graph:
Download SVG
%3 guuid=d1f57520-1900-0000-597d-d7c4fd0e0000 pid=3837 /usr/bin/sudo guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848 /tmp/sample.bin guuid=d1f57520-1900-0000-597d-d7c4fd0e0000 pid=3837->guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848 execve guuid=715ec822-1900-0000-597d-d7c40a0f0000 pid=3850 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=715ec822-1900-0000-597d-d7c40a0f0000 pid=3850 execve guuid=b7f5f422-1900-0000-597d-d7c40b0f0000 pid=3851 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=b7f5f422-1900-0000-597d-d7c40b0f0000 pid=3851 execve guuid=ec0e2023-1900-0000-597d-d7c40d0f0000 pid=3853 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=ec0e2023-1900-0000-597d-d7c40d0f0000 pid=3853 clone guuid=51523a23-1900-0000-597d-d7c40e0f0000 pid=3854 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=51523a23-1900-0000-597d-d7c40e0f0000 pid=3854 execve guuid=b23a5723-1900-0000-597d-d7c4100f0000 pid=3856 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=b23a5723-1900-0000-597d-d7c4100f0000 pid=3856 execve guuid=c0067d23-1900-0000-597d-d7c4110f0000 pid=3857 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=c0067d23-1900-0000-597d-d7c4110f0000 pid=3857 execve guuid=21839f23-1900-0000-597d-d7c4130f0000 pid=3859 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=21839f23-1900-0000-597d-d7c4130f0000 pid=3859 clone guuid=3c6eae23-1900-0000-597d-d7c4140f0000 pid=3860 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=3c6eae23-1900-0000-597d-d7c4140f0000 pid=3860 execve guuid=c17fd623-1900-0000-597d-d7c4150f0000 pid=3861 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=c17fd623-1900-0000-597d-d7c4150f0000 pid=3861 execve guuid=08d2ff23-1900-0000-597d-d7c4170f0000 pid=3863 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=08d2ff23-1900-0000-597d-d7c4170f0000 pid=3863 execve guuid=05612a24-1900-0000-597d-d7c4190f0000 pid=3865 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=05612a24-1900-0000-597d-d7c4190f0000 pid=3865 clone guuid=d4bf3624-1900-0000-597d-d7c41a0f0000 pid=3866 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=d4bf3624-1900-0000-597d-d7c41a0f0000 pid=3866 execve guuid=17525824-1900-0000-597d-d7c41b0f0000 pid=3867 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=17525824-1900-0000-597d-d7c41b0f0000 pid=3867 execve guuid=875d7f24-1900-0000-597d-d7c41d0f0000 pid=3869 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=875d7f24-1900-0000-597d-d7c41d0f0000 pid=3869 execve guuid=f425a724-1900-0000-597d-d7c41f0f0000 pid=3871 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=f425a724-1900-0000-597d-d7c41f0f0000 pid=3871 clone guuid=283fb924-1900-0000-597d-d7c4200f0000 pid=3872 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=283fb924-1900-0000-597d-d7c4200f0000 pid=3872 execve guuid=61f8e224-1900-0000-597d-d7c4220f0000 pid=3874 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=61f8e224-1900-0000-597d-d7c4220f0000 pid=3874 execve guuid=f95a0425-1900-0000-597d-d7c4230f0000 pid=3875 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=f95a0425-1900-0000-597d-d7c4230f0000 pid=3875 execve guuid=0a712d25-1900-0000-597d-d7c4240f0000 pid=3876 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=0a712d25-1900-0000-597d-d7c4240f0000 pid=3876 clone guuid=68ef3925-1900-0000-597d-d7c4250f0000 pid=3877 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=68ef3925-1900-0000-597d-d7c4250f0000 pid=3877 execve guuid=a9765f25-1900-0000-597d-d7c4260f0000 pid=3878 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=a9765f25-1900-0000-597d-d7c4260f0000 pid=3878 execve guuid=e7bb8825-1900-0000-597d-d7c4270f0000 pid=3879 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=e7bb8825-1900-0000-597d-d7c4270f0000 pid=3879 execve guuid=670db225-1900-0000-597d-d7c4280f0000 pid=3880 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=670db225-1900-0000-597d-d7c4280f0000 pid=3880 clone guuid=23ecc025-1900-0000-597d-d7c4290f0000 pid=3881 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=23ecc025-1900-0000-597d-d7c4290f0000 pid=3881 execve guuid=17d0e525-1900-0000-597d-d7c42a0f0000 pid=3882 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=17d0e525-1900-0000-597d-d7c42a0f0000 pid=3882 execve guuid=99d40e26-1900-0000-597d-d7c42b0f0000 pid=3883 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=99d40e26-1900-0000-597d-d7c42b0f0000 pid=3883 execve guuid=53423226-1900-0000-597d-d7c42d0f0000 pid=3885 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=53423226-1900-0000-597d-d7c42d0f0000 pid=3885 clone guuid=d42c5a26-1900-0000-597d-d7c4300f0000 pid=3888 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=d42c5a26-1900-0000-597d-d7c4300f0000 pid=3888 execve guuid=89cd8d26-1900-0000-597d-d7c4310f0000 pid=3889 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=89cd8d26-1900-0000-597d-d7c4310f0000 pid=3889 execve guuid=c718c626-1900-0000-597d-d7c4320f0000 pid=3890 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=c718c626-1900-0000-597d-d7c4320f0000 pid=3890 execve guuid=2290f126-1900-0000-597d-d7c4360f0000 pid=3894 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=2290f126-1900-0000-597d-d7c4360f0000 pid=3894 clone guuid=18f80e27-1900-0000-597d-d7c4370f0000 pid=3895 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=18f80e27-1900-0000-597d-d7c4370f0000 pid=3895 execve guuid=3c053127-1900-0000-597d-d7c4380f0000 pid=3896 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=3c053127-1900-0000-597d-d7c4380f0000 pid=3896 execve guuid=3d4c6727-1900-0000-597d-d7c4390f0000 pid=3897 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=3d4c6727-1900-0000-597d-d7c4390f0000 pid=3897 execve guuid=43fb8f27-1900-0000-597d-d7c43b0f0000 pid=3899 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=43fb8f27-1900-0000-597d-d7c43b0f0000 pid=3899 clone guuid=b072af27-1900-0000-597d-d7c43d0f0000 pid=3901 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=b072af27-1900-0000-597d-d7c43d0f0000 pid=3901 execve guuid=94b0d027-1900-0000-597d-d7c43e0f0000 pid=3902 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=94b0d027-1900-0000-597d-d7c43e0f0000 pid=3902 execve guuid=ecd8fa27-1900-0000-597d-d7c4420f0000 pid=3906 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=ecd8fa27-1900-0000-597d-d7c4420f0000 pid=3906 execve guuid=4e171828-1900-0000-597d-d7c4430f0000 pid=3907 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=4e171828-1900-0000-597d-d7c4430f0000 pid=3907 clone guuid=2f251d28-1900-0000-597d-d7c4440f0000 pid=3908 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=2f251d28-1900-0000-597d-d7c4440f0000 pid=3908 execve guuid=81674028-1900-0000-597d-d7c4450f0000 pid=3909 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=81674028-1900-0000-597d-d7c4450f0000 pid=3909 execve guuid=c8ef6028-1900-0000-597d-d7c4470f0000 pid=3911 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=c8ef6028-1900-0000-597d-d7c4470f0000 pid=3911 execve guuid=b5138728-1900-0000-597d-d7c44a0f0000 pid=3914 /usr/bin/dash guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=b5138728-1900-0000-597d-d7c44a0f0000 pid=3914 clone guuid=917e9b28-1900-0000-597d-d7c44b0f0000 pid=3915 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=917e9b28-1900-0000-597d-d7c44b0f0000 pid=3915 execve guuid=ceb8bc28-1900-0000-597d-d7c44c0f0000 pid=3916 /usr/bin/busybox guuid=e6959122-1900-0000-597d-d7c4080f0000 pid=3848->guuid=ceb8bc28-1900-0000-597d-d7c44c0f0000 pid=3916 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:16:12 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2llrusa5pxohrtq7gu5g23djm44wdgfmehx2omfc43thfjrqdwa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/251205-wwt3gatmdq/
Behaviour
System Network Configuration Discovery
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8e96b8d240ebeee3c670f9a9d36b634b39cb0cc5610f7d3985173733953180ec

(this sample)

Mirai

elf 4dec401b7d01d16b35bb30a691ba7325fea19d25509a954d86c7e635272aa50e

  
URLhaus
https://urlhaus.abuse.ch/url/3726311/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3726460/
  
Dropping
MD5 002529cf15b51d667748cc9d4cbee5d5
  
Dropping
SHA256 4dec401b7d01d16b35bb30a691ba7325fea19d25509a954d86c7e635272aa50e

Comments