MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bbcf28e456e57d463a3ad5673fb693e25cf4c4f6207272bca6951762d77f127. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	9bbcf28e456e57d463a3ad5673fb693e25cf4c4f6207272bca6951762d77f127
SHA3-384 hash:	03283aaa206ebd0df98de4cd1d147092c6fb0a52c87facebc9e50dd630c542af2a6169b3e287133e299233a0c47cf8de
SHA1 hash:	d3075ebb82742060dd08723c3e4b94a36f091f2e
MD5 hash:	7479ee4211eff7b9958d236bac9759da
humanhash:	whiskey-two-magnesium-arizona
File name:	c.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	828 bytes
First seen:	2026-01-07 18:31:07 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3J3+qjQUQTNI1FAQgiKTQTiFqQNtonQVnQYhQvxGJv0jQIAQjXAUA:3J3PSNITK/tF4HA
TLSH	T100016B9E01B8E3525B1CDE04B05ED61CBD4199C1B2F0CAC0F855AA79A8DED152258FAA
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://14.225.20.10/csk_arm	3b6510ea58fedbd8be2f9edea9bdf23f2924091ee94a8b72fbabd17fd47ff86e	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_arm5	7e27d70ef08cc6a380ac6e92d312d7d14a0063b8f0043333771923165dd9add5	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_arm6	dba31f9c022880707c1687a193cb1ebf6470ec3daaa642d9566d60874f77dc16	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_arm7	8a807fe858d9a6b452905606c974b345b2fad130fd352bf064ff68d04a958103	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_m68k	7679266043c5ba20bddb70235b099d41f550bdb8586dffe0a30cd55461add399	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_mips	7343d71bb7d0045d816b73fabc1429b8a2a6006e10f68ef0bd250ad9dff904f0	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_mpsl	005f565b1a2472c5c6d34e9ce8ae2058e15b91265e2e55ace274f1386c8bc3b1	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_ppc	3ee5f789d89a5c220552cf24d5c232d4ee7ba29c5707bf449837bcdc41ddc49c	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_spc	048cf68470501740ac2efc1b2c6b193760f99494570b90ba4f1d74b534aec5f6	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_x86	088b1ec37bd2bd85f5ed2371e19cb852049eb8cae03e27cd6b1f270548a8e0ae	Mirai	elf mirai ua-wget
http://14.225.20.10/csk_x86_64	fa49458eeb48ee164b9963f4aebcabc26862899c4dcf26a8979321587221623b	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

mirai

Link:

https://www.filescan.io/uploads/695ea67687e75cdd5af73652/reports/80a45fde-ebc8-4a8e-9db5-d5b19c0ae2b0/overview

Verdict:

Malicious

File Type:

ps1

First seen:

2026-01-07T15:41:00Z UTC

Last seen:

2026-01-09T11:10:00Z UTC

Hits:

~10

Detections:

HEUR:Backdoor.Linux.Mirai.cw HEUR:Backdoor.Linux.Mirai.b HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Backdoor.Linux.Mirai.hv HEUR:Backdoor.Linux.Mirai.h

Link:

https://opentip.kaspersky.com/9bbcf28e456e57d463a3ad5673fb693e25cf4c4f6207272bca6951762d77f127/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/f7b15dfc-ade4-4ace-915c-9e8d63b67222

Behavior Graph:

Download SVG