MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922
SHA3-384 hash: d423a74999bde0f4a717fd27b564b3645ce3fb51862e92925c29ac897c5b3326b4bcfad7acb5e8a9f58b4cbfa8f14575
SHA1 hash: d6426116803edaa1d09ba69117b4344789e90bf5
MD5 hash: da028458d3dfc15bcd8f0c5765ddb939
humanhash: lima-lithium-lactose-mockingbird
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'965 bytes
First seen:2025-09-14 12:26:10 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:ftpmbCpReLp4RwpmqcqppdU+p1i4pDEWkpmbvpEd1peDapZNUvpE+:ftpmbCpReLp4Rwpmqcqppm+p1i4pDEty
TLSH T17A4101E525DA728DDF9F0C3D90457EF9148AFA8A3B1F4D68C28A207B74C6D025054EDB
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.armb420bd3eb08be7a46bda86980ce236e01f0e4f537ee66c893eebaa37741bfa6f Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.arm51fdd082f335e9e532f1039faee3748fb6d60315512158aa82a7f9635f5d00cd6 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.arm6a97ca61c136538ec7ddbe8c5d997b024ead03e2de794b43e14ffbcb82eeb0bc2 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.arm79a83ad82689920ca739d3788a5af2c528f9e505936fbe4c219d07b405ebd4b9f Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.sh46bfb2a7b07e99847de1cfb1549d92097a4e8ef3293de9f5951e66af12d86a076 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.ppc8bb4df0aa4feb63db8be0bafa8c55c9604f4b3e208494c8908c8211c35212e77 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.mips792382b8c6c7bb3e464ebb6e04dc0c5288372076d1160294843bb405ca6e983e Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.mpsld4d89cf3cded538c69ce6d967f1f9dabbac7e712793b63363f67b00448c3aa84 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.spcd82bfbab2112ba7bfe20a67c4601647244480344814a4963a4a6005a69cc790d Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.x86b720ebdf7af675e22755b23a9c43d200958d3ae7da661fb85c427ad8f06aeaf3 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.x86_647348d7becd55ee6c4ad7ecb605a8ae9f4c3470d8f083250b72819845c695b181 Miraimirai opendir
http://160.187.246.158/nwfaiehg4ewijfgriehgirehaughrarg.i586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68c6bbc07328794829299d00/reports/5ed36986-ac0e-4ebc-be1a-810b04d79a8d/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-14T10:04:00Z UTC
Last seen:
2025-09-14T10:04:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/31e4a55b-9d37-40f5-b625-616fd5571d18
Behavior Graph:
Download SVG
%3 guuid=2c9e9a0b-1a00-0000-f5e7-570de1090000 pid=2529 /usr/bin/sudo guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534 /tmp/sample.bin guuid=2c9e9a0b-1a00-0000-f5e7-570de1090000 pid=2529->guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534 execve guuid=581fa40e-1a00-0000-f5e7-570de7090000 pid=2535 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=581fa40e-1a00-0000-f5e7-570de7090000 pid=2535 execve guuid=4949f53b-1a00-0000-f5e7-570d600a0000 pid=2656 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=4949f53b-1a00-0000-f5e7-570d600a0000 pid=2656 execve guuid=d2595d3c-1a00-0000-f5e7-570d630a0000 pid=2659 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=d2595d3c-1a00-0000-f5e7-570d630a0000 pid=2659 clone guuid=b5566c3c-1a00-0000-f5e7-570d640a0000 pid=2660 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=b5566c3c-1a00-0000-f5e7-570d640a0000 pid=2660 execve guuid=f3d97864-1a00-0000-f5e7-570dc70a0000 pid=2759 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=f3d97864-1a00-0000-f5e7-570dc70a0000 pid=2759 execve guuid=88b2b664-1a00-0000-f5e7-570dc90a0000 pid=2761 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=88b2b664-1a00-0000-f5e7-570dc90a0000 pid=2761 clone guuid=796dc364-1a00-0000-f5e7-570dca0a0000 pid=2762 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=796dc364-1a00-0000-f5e7-570dca0a0000 pid=2762 execve guuid=1cc7ada1-1a00-0000-f5e7-570d360b0000 pid=2870 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=1cc7ada1-1a00-0000-f5e7-570d360b0000 pid=2870 execve guuid=3795eba1-1a00-0000-f5e7-570d380b0000 pid=2872 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=3795eba1-1a00-0000-f5e7-570d380b0000 pid=2872 clone guuid=6260f1a1-1a00-0000-f5e7-570d390b0000 pid=2873 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=6260f1a1-1a00-0000-f5e7-570d390b0000 pid=2873 execve guuid=fa4f1ed7-1a00-0000-f5e7-570d840b0000 pid=2948 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=fa4f1ed7-1a00-0000-f5e7-570d840b0000 pid=2948 execve guuid=8ebd6fd7-1a00-0000-f5e7-570d850b0000 pid=2949 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=8ebd6fd7-1a00-0000-f5e7-570d850b0000 pid=2949 clone guuid=17cd83d7-1a00-0000-f5e7-570d860b0000 pid=2950 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=17cd83d7-1a00-0000-f5e7-570d860b0000 pid=2950 execve guuid=2eed5b0e-1b00-0000-f5e7-570df40b0000 pid=3060 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=2eed5b0e-1b00-0000-f5e7-570df40b0000 pid=3060 execve guuid=0130a30e-1b00-0000-f5e7-570df50b0000 pid=3061 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=0130a30e-1b00-0000-f5e7-570df50b0000 pid=3061 clone guuid=9887b00e-1b00-0000-f5e7-570df70b0000 pid=3063 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=9887b00e-1b00-0000-f5e7-570df70b0000 pid=3063 execve guuid=3ef6c938-1b00-0000-f5e7-570d470c0000 pid=3143 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=3ef6c938-1b00-0000-f5e7-570d470c0000 pid=3143 execve guuid=910e0839-1b00-0000-f5e7-570d490c0000 pid=3145 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=910e0839-1b00-0000-f5e7-570d490c0000 pid=3145 clone guuid=35d11539-1b00-0000-f5e7-570d4a0c0000 pid=3146 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=35d11539-1b00-0000-f5e7-570d4a0c0000 pid=3146 execve guuid=18bb3461-1b00-0000-f5e7-570d790c0000 pid=3193 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=18bb3461-1b00-0000-f5e7-570d790c0000 pid=3193 execve guuid=f1e29c61-1b00-0000-f5e7-570d7a0c0000 pid=3194 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=f1e29c61-1b00-0000-f5e7-570d7a0c0000 pid=3194 clone guuid=7239b061-1b00-0000-f5e7-570d7b0c0000 pid=3195 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=7239b061-1b00-0000-f5e7-570d7b0c0000 pid=3195 execve guuid=02e68d9a-1b00-0000-f5e7-570dbc0c0000 pid=3260 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=02e68d9a-1b00-0000-f5e7-570dbc0c0000 pid=3260 execve guuid=7921539b-1b00-0000-f5e7-570dbe0c0000 pid=3262 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=7921539b-1b00-0000-f5e7-570dbe0c0000 pid=3262 clone guuid=fc1a689b-1b00-0000-f5e7-570dbf0c0000 pid=3263 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=fc1a689b-1b00-0000-f5e7-570dbf0c0000 pid=3263 execve guuid=acebc8d0-1b00-0000-f5e7-570d140d0000 pid=3348 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=acebc8d0-1b00-0000-f5e7-570d140d0000 pid=3348 execve guuid=2d77e6d1-1b00-0000-f5e7-570d150d0000 pid=3349 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=2d77e6d1-1b00-0000-f5e7-570d150d0000 pid=3349 clone guuid=5ac7f8d1-1b00-0000-f5e7-570d160d0000 pid=3350 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=5ac7f8d1-1b00-0000-f5e7-570d160d0000 pid=3350 execve guuid=1960c200-1c00-0000-f5e7-570d700d0000 pid=3440 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=1960c200-1c00-0000-f5e7-570d700d0000 pid=3440 execve guuid=f1922b01-1c00-0000-f5e7-570d720d0000 pid=3442 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=f1922b01-1c00-0000-f5e7-570d720d0000 pid=3442 clone guuid=09793401-1c00-0000-f5e7-570d730d0000 pid=3443 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=09793401-1c00-0000-f5e7-570d730d0000 pid=3443 execve guuid=65c9242c-1c00-0000-f5e7-570dc20d0000 pid=3522 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=65c9242c-1c00-0000-f5e7-570dc20d0000 pid=3522 execve guuid=1d6ad02c-1c00-0000-f5e7-570dc40d0000 pid=3524 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=1d6ad02c-1c00-0000-f5e7-570dc40d0000 pid=3524 clone guuid=b662f42c-1c00-0000-f5e7-570dc50d0000 pid=3525 /usr/bin/curl net send-data guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=b662f42c-1c00-0000-f5e7-570dc50d0000 pid=3525 execve guuid=524f6d49-1c00-0000-f5e7-570dfd0d0000 pid=3581 /usr/bin/chmod guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=524f6d49-1c00-0000-f5e7-570dfd0d0000 pid=3581 execve guuid=402bbf49-1c00-0000-f5e7-570dff0d0000 pid=3583 /usr/bin/dash guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=402bbf49-1c00-0000-f5e7-570dff0d0000 pid=3583 clone guuid=fc4ecb49-1c00-0000-f5e7-570d000e0000 pid=3584 /usr/bin/rm delete-file guuid=9349330e-1a00-0000-f5e7-570de6090000 pid=2534->guuid=fc4ecb49-1c00-0000-f5e7-570d000e0000 pid=3584 execve 08ff71dc-b89e-5c28-b49f-b103aa0759b3 160.187.246.158:80 guuid=581fa40e-1a00-0000-f5e7-570de7090000 pid=2535->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 115B guuid=b5566c3c-1a00-0000-f5e7-570d640a0000 pid=2660->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B guuid=796dc364-1a00-0000-f5e7-570dca0a0000 pid=2762->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B guuid=6260f1a1-1a00-0000-f5e7-570d390b0000 pid=2873->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B guuid=17cd83d7-1a00-0000-f5e7-570d860b0000 pid=2950->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 115B guuid=9887b00e-1b00-0000-f5e7-570df70b0000 pid=3063->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 115B guuid=35d11539-1b00-0000-f5e7-570d4a0c0000 pid=3146->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B guuid=7239b061-1b00-0000-f5e7-570d7b0c0000 pid=3195->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B guuid=fc1a689b-1b00-0000-f5e7-570dbf0c0000 pid=3263->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 115B guuid=5ac7f8d1-1b00-0000-f5e7-570d160d0000 pid=3350->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 115B guuid=09793401-1c00-0000-f5e7-570d730d0000 pid=3443->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 118B guuid=b662f42c-1c00-0000-f5e7-570dc50d0000 pid=3525->08ff71dc-b89e-5c28-b49f-b103aa0759b3 send: 116B
Score:
93%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-14 12:57:50 UTC
File Type:
Text
AV detection:
11 of 38 (28.95%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtwp2p3ikfkimhkst4kj5ml65zh63lmswx7mcy74fqqpex7gbera._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250914-p5m7ystlw2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bcecfd3f685154861d529f149eb17eee4fedad92b5fec163fc2c20f25fe60922

(this sample)

Mirai

elf 0729e6598e04e70a3d468aef8efb9cdf343b1b12663254bc65e6a5152dd1e127

Mirai

elf b420bd3eb08be7a46bda86980ce236e01f0e4f537ee66c893eebaa37741bfa6f

  
URLhaus
https://urlhaus.abuse.ch/url/3623975/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d53fb35dda049c0fd5d0ea404bd2305a
  
Dropping
SHA256 b420bd3eb08be7a46bda86980ce236e01f0e4f537ee66c893eebaa37741bfa6f

Comments