MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366
SHA3-384 hash: 0ea7232aecf78327cd7be5cb9b4b587c8451f23daa9ef334bd126abe6253931f733640fbf7df5d2c172b1183b7b70f3e
SHA1 hash: 40d11c93cff728d8dc1d78854f46088c6dbda213
MD5 hash: ffbdfa555d598ee72cbdebd6470aff0b
humanhash: paris-arkansas-ohio-magnesium
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:718 bytes
First seen:2025-11-15 21:15:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3DLi3NNIl5wu0LKJVOY2e6xNMeoSwZtiFvzzvBU:3J3P0NI7KKLFSGHtUO
TLSH T14C0175AC2AE1237B1624DF1CA067C0C970018DC635B15B19E4EA6FF498D9305BE1427E
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://2.56.122.3/arm8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40 Mirai32-bit elf mirai Mozi
http://2.56.122.3/arm5ed8fefaec32f423d47ad8929b6e8f869f3d7043245ba1e99ceacd75bfe3b5f2b Miraielf mirai ua-wget
http://2.56.122.3/arm640547b593a0eefa0a818a539874f66ffa195bb438d5995acf7d06829f707e65f Miraielf mirai ua-wget
http://2.56.122.3/arm776a151de07cea965b0320057263aee27eaa4ec57db4f8db1afc59267e305c1e0 Miraielf mirai ua-wget
http://2.56.122.3/m68k856c35fa5043b8ee8e231651eb9a61aeae031be335679e4f6f37af7974d8f276 Miraielf mirai ua-wget
http://2.56.122.3/mips47438305b91bceec94d75dd203d18fab47d287dacc9282632af9dd4694849c93 Mirai32-bit elf mirai Mozi
http://2.56.122.3/mpsl0d7dd6f504d74271e4883aa266d4ed0c1f74bf84694af0976dc654a6ac3e65d0 Miraielf mirai ua-wget
http://2.56.122.3/ppce489b2d7708986566570ba14dfdfdc83c5d6774f276cd8370a6fdd2f0ad9e9d7 Miraielf mirai ua-wget
http://2.56.122.3/sh4dc08f53196b64a4ad0e6bbd22652f96f39e332dc7cd49eab14515bf9eefb99ef Miraielf mirai ua-wget
http://2.56.122.3/spcc62b9aa9ae196e2bde6dd30bcd5e338e78f25a4ecaa313d1b7c318974716bfae Miraielf mirai ua-wget
http://2.56.122.3/x861bf5f1ecf1b1d84c30ef45537304c3d416ec239c89769f0fa986c67bbc1ee9d4 Mirai32-bit elf mirai Mozi
http://2.56.122.3/x86_648e4cd99dcb2c2ab654079b0051a29580ff9f9bb1c8b59da2430b2197054cc4c4 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6918eda70c70fbf813abf9c1/reports/d7d50e97-ea24-4d19-a9a4-dbbafebbe17d/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-15T19:34:00Z UTC
Last seen:
2025-11-16T01:36:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/664df482-2460-4632-bfab-c6a7dc8468b3
Behavior Graph:
Download SVG
%3 guuid=a23ca7db-1700-0000-9a89-def5200e0000 pid=3616 /usr/bin/sudo guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625 /tmp/sample.bin guuid=a23ca7db-1700-0000-9a89-def5200e0000 pid=3616->guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625 execve guuid=41d991dd-1700-0000-9a89-def52a0e0000 pid=3626 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=41d991dd-1700-0000-9a89-def52a0e0000 pid=3626 execve guuid=3a5d4365-1800-0000-9a89-def5af0f0000 pid=4015 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=3a5d4365-1800-0000-9a89-def5af0f0000 pid=4015 execve guuid=dea38f65-1800-0000-9a89-def5b10f0000 pid=4017 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=dea38f65-1800-0000-9a89-def5b10f0000 pid=4017 clone guuid=ef9e9565-1800-0000-9a89-def5b20f0000 pid=4018 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=ef9e9565-1800-0000-9a89-def5b20f0000 pid=4018 execve guuid=181efc71-1800-0000-9a89-def5e40f0000 pid=4068 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=181efc71-1800-0000-9a89-def5e40f0000 pid=4068 execve guuid=47575a72-1800-0000-9a89-def5e80f0000 pid=4072 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=47575a72-1800-0000-9a89-def5e80f0000 pid=4072 clone guuid=ad566772-1800-0000-9a89-def5e90f0000 pid=4073 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=ad566772-1800-0000-9a89-def5e90f0000 pid=4073 execve guuid=5e7a9e97-1800-0000-9a89-def567100000 pid=4199 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=5e7a9e97-1800-0000-9a89-def567100000 pid=4199 execve guuid=d92cf797-1800-0000-9a89-def56b100000 pid=4203 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=d92cf797-1800-0000-9a89-def56b100000 pid=4203 clone guuid=03430798-1800-0000-9a89-def56c100000 pid=4204 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=03430798-1800-0000-9a89-def56c100000 pid=4204 execve guuid=f440755d-1900-0000-9a89-def572130000 pid=4978 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=f440755d-1900-0000-9a89-def572130000 pid=4978 execve guuid=956bd75d-1900-0000-9a89-def575130000 pid=4981 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=956bd75d-1900-0000-9a89-def575130000 pid=4981 clone guuid=3898e75d-1900-0000-9a89-def576130000 pid=4982 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=3898e75d-1900-0000-9a89-def576130000 pid=4982 execve guuid=97165197-1900-0000-9a89-def539140000 pid=5177 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=97165197-1900-0000-9a89-def539140000 pid=5177 execve guuid=6527a897-1900-0000-9a89-def53b140000 pid=5179 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=6527a897-1900-0000-9a89-def53b140000 pid=5179 clone guuid=325cb597-1900-0000-9a89-def53c140000 pid=5180 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=325cb597-1900-0000-9a89-def53c140000 pid=5180 execve guuid=c3ccb728-1a00-0000-9a89-def577140000 pid=5239 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=c3ccb728-1a00-0000-9a89-def577140000 pid=5239 execve guuid=08361c29-1a00-0000-9a89-def578140000 pid=5240 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=08361c29-1a00-0000-9a89-def578140000 pid=5240 clone guuid=89742b29-1a00-0000-9a89-def579140000 pid=5241 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=89742b29-1a00-0000-9a89-def579140000 pid=5241 execve guuid=b5e55ea9-1a00-0000-9a89-def581140000 pid=5249 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=b5e55ea9-1a00-0000-9a89-def581140000 pid=5249 execve guuid=dacafda9-1a00-0000-9a89-def582140000 pid=5250 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=dacafda9-1a00-0000-9a89-def582140000 pid=5250 clone guuid=9ace09aa-1a00-0000-9a89-def583140000 pid=5251 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=9ace09aa-1a00-0000-9a89-def583140000 pid=5251 execve guuid=5c8b5c26-1b00-0000-9a89-def584140000 pid=5252 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=5c8b5c26-1b00-0000-9a89-def584140000 pid=5252 execve guuid=1bf3f126-1b00-0000-9a89-def585140000 pid=5253 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=1bf3f126-1b00-0000-9a89-def585140000 pid=5253 clone guuid=eb141627-1b00-0000-9a89-def586140000 pid=5254 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=eb141627-1b00-0000-9a89-def586140000 pid=5254 execve guuid=6516145c-1b00-0000-9a89-def587140000 pid=5255 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=6516145c-1b00-0000-9a89-def587140000 pid=5255 execve guuid=652fa35c-1b00-0000-9a89-def588140000 pid=5256 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=652fa35c-1b00-0000-9a89-def588140000 pid=5256 clone guuid=e6541e5d-1b00-0000-9a89-def589140000 pid=5257 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=e6541e5d-1b00-0000-9a89-def589140000 pid=5257 execve guuid=9060a685-1b00-0000-9a89-def58a140000 pid=5258 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=9060a685-1b00-0000-9a89-def58a140000 pid=5258 execve guuid=ef280286-1b00-0000-9a89-def58b140000 pid=5259 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=ef280286-1b00-0000-9a89-def58b140000 pid=5259 clone guuid=69c20f86-1b00-0000-9a89-def58c140000 pid=5260 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=69c20f86-1b00-0000-9a89-def58c140000 pid=5260 execve guuid=0575d593-1b00-0000-9a89-def58e140000 pid=5262 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=0575d593-1b00-0000-9a89-def58e140000 pid=5262 execve guuid=b13a1294-1b00-0000-9a89-def590140000 pid=5264 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=b13a1294-1b00-0000-9a89-def590140000 pid=5264 clone guuid=17131c94-1b00-0000-9a89-def592140000 pid=5266 /usr/bin/curl net send-data guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=17131c94-1b00-0000-9a89-def592140000 pid=5266 execve guuid=c29bfeb4-1b00-0000-9a89-def59d140000 pid=5277 /usr/bin/chmod guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=c29bfeb4-1b00-0000-9a89-def59d140000 pid=5277 execve guuid=887144b5-1b00-0000-9a89-def59e140000 pid=5278 /usr/bin/dash guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=887144b5-1b00-0000-9a89-def59e140000 pid=5278 clone guuid=262b56b5-1b00-0000-9a89-def59f140000 pid=5279 /usr/bin/rm delete-file guuid=64c158dd-1700-0000-9a89-def5290e0000 pid=3625->guuid=262b56b5-1b00-0000-9a89-def59f140000 pid=5279 execve 546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe 2.56.122.3:80 guuid=41d991dd-1700-0000-9a89-def52a0e0000 pid=3626->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=ef9e9565-1800-0000-9a89-def5b20f0000 pid=4018->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=ad566772-1800-0000-9a89-def5e90f0000 pid=4073->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=03430798-1800-0000-9a89-def56c100000 pid=4204->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=3898e75d-1900-0000-9a89-def576130000 pid=4982->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=325cb597-1900-0000-9a89-def53c140000 pid=5180->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=89742b29-1a00-0000-9a89-def579140000 pid=5241->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 78B guuid=9ace09aa-1a00-0000-9a89-def583140000 pid=5251->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=eb141627-1b00-0000-9a89-def586140000 pid=5254->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=e6541e5d-1b00-0000-9a89-def589140000 pid=5257->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=69c20f86-1b00-0000-9a89-def58c140000 pid=5260->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=17131c94-1b00-0000-9a89-def592140000 pid=5266->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 80B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-15 21:16:27 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uo4mivhti7mexubs6rfg43cxaadg2xerg2wmgxk2mbs5fe23unta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251115-z4l9daslat/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a3b8c454f347d84bd032f44a6e6c5700066d5c9136acc35d5a6065d2935ba366

(this sample)

Mirai

elf 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

  
URLhaus
https://urlhaus.abuse.ch/url/3709524/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3709552/
  
Dropping
MD5 e0ecce9a58fa9cd38f425847c1f99734
  
Dropping
SHA256 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

Comments