MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577
SHA3-384 hash: 865cb93ab745edf5f20a99cd700a5285348b9a1c5bb9831acdf1b8b83d74a26541bfde246f1749aa8e4eb098d881da2c
SHA1 hash: 46dfc4578a75f357168e1a7939f6b30c0810b350
MD5 hash: 6080a41b5ca19b7e6de48c0a4d4526b4
humanhash: west-social-ack-coffee
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:325 bytes
First seen:2026-05-01 18:42:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:3J3DdihdLVqpDdih7Fa0LKiSGSDdih3kI8Ddih3HWXL7DdihDanIHn:3J3u90pu7c0LKWSuz8u6uRHn
TLSH T1C9E04FE8A07127839510AF00F867C2599503EAD814E11A24A5A5346DC7BC2003D6025E
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://208.84.100.209/arm58bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80 Miraielf mirai ua-wget
http://208.84.100.209/arm7f94e7cf6e5f9005f3579e5373d049e417297e4cc267c41e2c63d2a2126552b5c Miraielf mirai ua-wget
http://208.84.100.209/mipscd12071a4e39313ed81a386235286ea95a3ce8551087a8058f231995ea217f54 Miraielf mips mirai ua-wget
http://208.84.100.209/mipsel404407084230856208e5d1ab6ce7bdcd36addc5b05759fe4edc65238a01823f9 Miraielf mirai ua-wget
http://208.84.100.209/x862e6ff09733af439cf1b67b91d5919942527efe946729e36c096413a44c37d024 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69f4f43ddf14f1cb2ac7cf02/reports/3a22df18-cc44-4083-aa4e-4274184e0d06/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-01T15:50:00Z UTC
Last seen:
2026-05-02T00:23:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/eb01576b-3316-4a26-810a-d9f2ad927446
Behavior Graph:
Download SVG
%3 guuid=a9d861c1-1800-0000-3555-50d6f30c0000 pid=3315 /usr/bin/sudo guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320 /tmp/sample.bin guuid=a9d861c1-1800-0000-3555-50d6f30c0000 pid=3315->guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320 execve guuid=49804fc3-1800-0000-3555-50d6f90c0000 pid=3321 /usr/bin/curl net send-data guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=49804fc3-1800-0000-3555-50d6f90c0000 pid=3321 execve guuid=3469cbe5-1800-0000-3555-50d6300d0000 pid=3376 /usr/bin/chmod guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=3469cbe5-1800-0000-3555-50d6300d0000 pid=3376 execve guuid=a9ed10e6-1800-0000-3555-50d6310d0000 pid=3377 /usr/bin/dash guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=a9ed10e6-1800-0000-3555-50d6310d0000 pid=3377 clone guuid=e7551ee6-1800-0000-3555-50d6330d0000 pid=3379 /usr/bin/curl net send-data guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=e7551ee6-1800-0000-3555-50d6330d0000 pid=3379 execve guuid=d7117205-1900-0000-3555-50d6730d0000 pid=3443 /usr/bin/chmod guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=d7117205-1900-0000-3555-50d6730d0000 pid=3443 execve guuid=0091db05-1900-0000-3555-50d6750d0000 pid=3445 /usr/bin/dash guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=0091db05-1900-0000-3555-50d6750d0000 pid=3445 clone guuid=96e5ec05-1900-0000-3555-50d6760d0000 pid=3446 /usr/bin/curl net send-data guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=96e5ec05-1900-0000-3555-50d6760d0000 pid=3446 execve guuid=d0416725-1900-0000-3555-50d6bc0d0000 pid=3516 /usr/bin/chmod guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=d0416725-1900-0000-3555-50d6bc0d0000 pid=3516 execve guuid=92c0aa25-1900-0000-3555-50d6be0d0000 pid=3518 /usr/bin/dash guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=92c0aa25-1900-0000-3555-50d6be0d0000 pid=3518 clone guuid=ad85b325-1900-0000-3555-50d6bf0d0000 pid=3519 /usr/bin/curl net send-data guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=ad85b325-1900-0000-3555-50d6bf0d0000 pid=3519 execve guuid=9780b942-1900-0000-3555-50d6000e0000 pid=3584 /usr/bin/chmod guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=9780b942-1900-0000-3555-50d6000e0000 pid=3584 execve guuid=64ff3443-1900-0000-3555-50d6020e0000 pid=3586 /usr/bin/dash guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=64ff3443-1900-0000-3555-50d6020e0000 pid=3586 clone guuid=481d4043-1900-0000-3555-50d6030e0000 pid=3587 /usr/bin/curl net send-data guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=481d4043-1900-0000-3555-50d6030e0000 pid=3587 execve guuid=befcf761-1900-0000-3555-50d6520e0000 pid=3666 /usr/bin/chmod guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=befcf761-1900-0000-3555-50d6520e0000 pid=3666 execve guuid=bd226862-1900-0000-3555-50d6540e0000 pid=3668 /usr/bin/dash guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=bd226862-1900-0000-3555-50d6540e0000 pid=3668 clone guuid=33c77662-1900-0000-3555-50d6550e0000 pid=3669 /usr/bin/rm delete-file guuid=6ac51ec3-1800-0000-3555-50d6f80c0000 pid=3320->guuid=33c77662-1900-0000-3555-50d6550e0000 pid=3669 execve d7b17489-721c-5937-8627-980c00fecda3 208.84.100.209:80 guuid=49804fc3-1800-0000-3555-50d6f90c0000 pid=3321->d7b17489-721c-5937-8627-980c00fecda3 send: 82B guuid=e7551ee6-1800-0000-3555-50d6330d0000 pid=3379->d7b17489-721c-5937-8627-980c00fecda3 send: 82B guuid=96e5ec05-1900-0000-3555-50d6760d0000 pid=3446->d7b17489-721c-5937-8627-980c00fecda3 send: 82B guuid=ad85b325-1900-0000-3555-50d6bf0d0000 pid=3519->d7b17489-721c-5937-8627-980c00fecda3 send: 84B guuid=481d4043-1900-0000-3555-50d6030e0000 pid=3587->d7b17489-721c-5937-8627-980c00fecda3 send: 81B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-05-01 18:43:53 UTC
File Type:
Text (Shell)
AV detection:
6 of 23 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uxyq7iqdi7ij7caick5wup3n3w7jp6czhbz5kfvrwgagd2i5iv3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260501-xc174sbt7v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a5f10fa20347d09f880812bb6a3f6dddbe97f8593873d516b1b18061e91d4577

(this sample)

Mirai

elf 8bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80

  
URLhaus
https://urlhaus.abuse.ch/url/3828588/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b5b808c18cfed0634f394d35376e90be
  
Dropping
SHA256 8bbf0d368ac691acc6c185edcadf658e332120f218fc421dcc140fa29cd24e80

Comments