MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9
SHA3-384 hash:	1a3aa44c4592d802417f19abdd143add703a0db0f04c02f146ec5ee83859ff717ac35c90199d288e0629541e86b6d2ac
SHA1 hash:	7d41ec916c400b7a852823f5248871511bfe076b
MD5 hash:	bda31a5a948d30f0ab0c88fb73bc771e
humanhash:	july-enemy-item-west
File name:	curl.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	858 bytes
First seen:	2025-06-20 11:01:48 UTC
Last seen:	2025-06-21 09:32:29 UTC
File type:	sh
MIME type:	text/plain
ssdeep	24:3J3McsVkcs5PcsZNIqKcsMKxhcsAFcsAEcsAoycsIRv/WRCcsD1xTcsXmcsBf:qdVkd5PdFKdMShdAFdAEdAoydIlWcdLw
TLSH	T1F611CE9C1095724A5B2DCFCBB35D8B086A40CAE4B4FDDAB5FA344832849F110B028B1B
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

63

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68553fd696ffdc312d1b16a1linux22vpnfull_triage

Tags:

downloader trojan agent

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68553fdacf2af15711131b69/reports/f35f2345-7fb9-4146-b204-1121c1d724d3/overview

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/f7136f30-ee07-4b52-b99f-2b1c7bbbb54c

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9/

Neiki Malicious

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9

ReversingLabs TitaniumCloud Linux.Worm.Mirai

Threat name:

Linux.Worm.Mirai

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-06-20 11:03:20 UTC

File Type:

Text (Shell)

AV detection:

13 of 24 (54.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xodegsih3sdaogxyciv3o74bvupd5zutiol2uq7xpl3cvgeea24q._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250620-m5dmeahk61/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/bb86434907dc86071af8122bb77f81ad1e3ee6934397aa43f77af62a988406b9