MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6
SHA3-384 hash: e8b25364d5ab950f710edd3514cc573d3ab40798cb233707d4f18a3cccfa7ecfbbfd93c2b4781042106372242cd7b3cb
SHA1 hash: 7c2b38df7ca1b13e58bf4c6aaf58655376a39975
MD5 hash: 98935bc730ef0e9acfb984aa757e6779
humanhash: rugby-angel-eleven-iowa
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:684 bytes
First seen:2026-02-17 13:58:46 UTC
Last seen:2026-02-18 03:40:49 UTC
File type: sh
MIME type:text/plain
ssdeep 12:bCjTfjTDbGj2Ij2tdJjRkkjRktjgHk5jgHkthFGjbogjbLc0LK27:b2H/bSzsdt3igHMgHghsT3fK27
TLSH T131011EA864B2AE57E366CF04B9A237ADA019A1DC7CE6DFE4D02D1C59485B301B315B00
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.69/mips8da7611d1eea41efa82bf6e4c76f502677a4464f63f608536255a1c56140e59d Miraielf geofenced mips mirai ua-wget USA
http://158.94.208.69/mpsle0c583ba57d7db5e75a042c850a8c82091026915e8de232c8143cde9e5bcc34d Miraielf geofenced mips mirai ua-wget USA
http://158.94.208.69/arm45205d6ba7f178eef4f5bf57bed13f771baf0746d2508e936f0c065436daaeb2f Miraiarm elf geofenced mirai ua-wget USA
http://158.94.208.69/arm507dda2df14aba27bd8442744ce6833e521176a95805429b4195b9a534045d072 Miraiarm elf geofenced mirai ua-wget USA
http://158.94.208.69/arm7d58f2346469f40aabffd75c02c953fa036ea71bae80441cca37f2482d1f0635a Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6994742c981ff1d38a58ce56/reports/89c488f2-f079-44c8-ae99-7a0fb8e4c3b9/overview
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/26ad90ac-c512-4030-843f-f061818b3db2
Behavior Graph:
Download SVG
%3 guuid=fdef1e34-1800-0000-f00f-03e2910c0000 pid=3217 /usr/bin/sudo guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223 /tmp/sample.bin guuid=fdef1e34-1800-0000-f00f-03e2910c0000 pid=3217->guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223 execve guuid=7c8ca237-1800-0000-f00f-03e2980c0000 pid=3224 /usr/bin/rm delete-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=7c8ca237-1800-0000-f00f-03e2980c0000 pid=3224 execve guuid=70e9ae38-1800-0000-f00f-03e29b0c0000 pid=3227 /usr/bin/curl net send-data write-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=70e9ae38-1800-0000-f00f-03e29b0c0000 pid=3227 execve guuid=049e8855-1800-0000-f00f-03e2b50c0000 pid=3253 /usr/bin/chmod guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=049e8855-1800-0000-f00f-03e2b50c0000 pid=3253 execve guuid=cfb2df55-1800-0000-f00f-03e2b60c0000 pid=3254 /usr/bin/dash guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=cfb2df55-1800-0000-f00f-03e2b60c0000 pid=3254 clone guuid=a98da656-1800-0000-f00f-03e2b80c0000 pid=3256 /usr/bin/curl net send-data write-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=a98da656-1800-0000-f00f-03e2b80c0000 pid=3256 execve guuid=0ce71f68-1800-0000-f00f-03e2de0c0000 pid=3294 /usr/bin/chmod guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=0ce71f68-1800-0000-f00f-03e2de0c0000 pid=3294 execve guuid=9f2c5f68-1800-0000-f00f-03e2df0c0000 pid=3295 /usr/bin/dash guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=9f2c5f68-1800-0000-f00f-03e2df0c0000 pid=3295 clone guuid=5b9c1669-1800-0000-f00f-03e2e30c0000 pid=3299 /usr/bin/curl net send-data write-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=5b9c1669-1800-0000-f00f-03e2e30c0000 pid=3299 execve guuid=7ae45a79-1800-0000-f00f-03e2040d0000 pid=3332 /usr/bin/chmod guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=7ae45a79-1800-0000-f00f-03e2040d0000 pid=3332 execve guuid=6733037a-1800-0000-f00f-03e2050d0000 pid=3333 /usr/bin/dash guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=6733037a-1800-0000-f00f-03e2050d0000 pid=3333 clone guuid=e604077b-1800-0000-f00f-03e2070d0000 pid=3335 /usr/bin/curl net send-data write-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=e604077b-1800-0000-f00f-03e2070d0000 pid=3335 execve guuid=65e5138d-1800-0000-f00f-03e21a0d0000 pid=3354 /usr/bin/chmod guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=65e5138d-1800-0000-f00f-03e21a0d0000 pid=3354 execve guuid=dc53938d-1800-0000-f00f-03e21c0d0000 pid=3356 /usr/bin/dash guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=dc53938d-1800-0000-f00f-03e21c0d0000 pid=3356 clone guuid=7576bc8e-1800-0000-f00f-03e21e0d0000 pid=3358 /usr/bin/curl net send-data write-file guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=7576bc8e-1800-0000-f00f-03e21e0d0000 pid=3358 execve guuid=af57bca2-1800-0000-f00f-03e2410d0000 pid=3393 /usr/bin/chmod guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=af57bca2-1800-0000-f00f-03e2410d0000 pid=3393 execve guuid=9fdd38a3-1800-0000-f00f-03e2430d0000 pid=3395 /usr/bin/dash guuid=57970637-1800-0000-f00f-03e2970c0000 pid=3223->guuid=9fdd38a3-1800-0000-f00f-03e2430d0000 pid=3395 clone 4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 158.94.208.69:80 guuid=70e9ae38-1800-0000-f00f-03e29b0c0000 pid=3227->4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 send: 81B guuid=a98da656-1800-0000-f00f-03e2b80c0000 pid=3256->4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 send: 81B guuid=5b9c1669-1800-0000-f00f-03e2e30c0000 pid=3299->4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 send: 81B guuid=e604077b-1800-0000-f00f-03e2070d0000 pid=3335->4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 send: 81B guuid=7576bc8e-1800-0000-f00f-03e21e0d0000 pid=3358->4df1c8e6-9b24-5aa9-8764-26a4593ed2a5 send: 81B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-02-16 23:17:37 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xboyhnyu7zf424i2w5zicjmhrdof4h2rh6kybw74622k23a22xla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260217-rafwhab15f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b85d83b714fe4bcd711ab77281258788dc5e1f513f9580dbfcf6b4ad6c1ad5d6

(this sample)

Mirai

elf 3cbaec0997d87e1ec3ce721af23ae6d3f02135af8966f9c5f6c807108c8cfd34

  
URLhaus
https://urlhaus.abuse.ch/url/3718736/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c2a76f69b508c488420941f0bb9460f1
  
Dropping
SHA256 3cbaec0997d87e1ec3ce721af23ae6d3f02135af8966f9c5f6c807108c8cfd34

Comments