MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da
SHA3-384 hash: c28df4bbb88d8aba08ccea08f5c91b410f04faa16e11cf431e10ab947b513786e4ba744d49a039a5d5d8bcf616d1d724
SHA1 hash: 44b1d17ec0cd707e561ab7afb368428e08c3ebab
MD5 hash: 4ed283bb0b0788af39858bbac97f26e3
humanhash: chicken-eighteen-uncle-december
File name:fc
Download: download sample
Signature Mirai
Create hunting rule
File size:363 bytes
First seen:2025-09-14 11:38:25 UTC
Last seen:2025-09-15 11:27:11 UTC
File type: sh
MIME type:text/plain
ssdeep 6:Ur1mDoS/T4ehFGaREmDoSyFIFw3KLFeKaREmDoSUHFehLeiDnSVICaKLKiZ4n:UJmMS/TLBREmMSt7YhREmMSUUUWSVIC0
TLSH T137E020B3158C74F5F7E99511FB13D78555BE50C70D135D22D834D3965CA0C2408D4E60
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.209.216/arm75a469ba94c55f39fdf0656a0a1b98c988d699569397587d8e1141a0d928b9eea Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.75195731.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68c6aa74dbc6f5a29c4442ad/reports/12d54530-16c6-4a69-a157-b76737d024d0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/db0ddfae-9bc0-44d5-9ecc-a7b0648c355b
Behavior Graph:
Download SVG
%3 guuid=06babf0f-1f00-0000-6068-35c9190b0000 pid=2841 /usr/bin/sudo guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846 /tmp/sample.bin guuid=06babf0f-1f00-0000-6068-35c9190b0000 pid=2841->guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846 execve guuid=cb9b3e13-1f00-0000-6068-35c91f0b0000 pid=2847 /usr/sbin/xtables-nft-multi guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=cb9b3e13-1f00-0000-6068-35c91f0b0000 pid=2847 execve guuid=f80c0b21-1f00-0000-6068-35c9480b0000 pid=2888 /usr/sbin/xtables-nft-multi guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=f80c0b21-1f00-0000-6068-35c9480b0000 pid=2888 execve guuid=40c3f527-1f00-0000-6068-35c95b0b0000 pid=2907 /usr/sbin/xtables-nft-multi guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=40c3f527-1f00-0000-6068-35c95b0b0000 pid=2907 execve guuid=3336d732-1f00-0000-6068-35c96e0b0000 pid=2926 /usr/sbin/xtables-nft-multi guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=3336d732-1f00-0000-6068-35c96e0b0000 pid=2926 execve guuid=cd418535-1f00-0000-6068-35c9700b0000 pid=2928 /usr/bin/wget net send-data write-file guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=cd418535-1f00-0000-6068-35c9700b0000 pid=2928 execve guuid=b5b9df44-1f00-0000-6068-35c9860b0000 pid=2950 /usr/bin/chmod guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=b5b9df44-1f00-0000-6068-35c9860b0000 pid=2950 execve guuid=274d4345-1f00-0000-6068-35c9870b0000 pid=2951 /usr/bin/dash guuid=b21df712-1f00-0000-6068-35c91e0b0000 pid=2846->guuid=274d4345-1f00-0000-6068-35c9870b0000 pid=2951 clone 09d65e53-632c-52c6-b821-8fe0f69e747e 158.94.209.216:80 guuid=cd418535-1f00-0000-6068-35c9700b0000 pid=2928->09d65e53-632c-52c6-b821-8fe0f69e747e send: 133B
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da/
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-09-14 11:31:06 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ybqgjdjyhiewi4idngwuzaglru56cwb46mhuz24ziebgefrcm3na._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250914-qscq5atpz2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c060648d383a0964710369ad4c80cb8d3be1583cf30f4ceb99410262162266da

(this sample)

Mirai

elf 0375cfe0d5d4ae6a433b68e6446ee89c8abb024182d52a1c89eb24f7ea46f136

  
URLhaus
https://urlhaus.abuse.ch/url/3623701/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e0e099ca0bac0eecb7766957b8af1631
  
Dropping
SHA256 0375cfe0d5d4ae6a433b68e6446ee89c8abb024182d52a1c89eb24f7ea46f136

Comments