MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445
SHA3-384 hash: be22d982e298e5c6a24e64e37a0535bd92a70b20667d74baa6593397e922d000db2b37c668c5f9c25c6ee2ec086b9830
SHA1 hash: cbb7c460184ba38cf62de625ec68e4371dd901d4
MD5 hash: a556746cad55b53431c2e79704fb4e85
humanhash: kansas-skylark-delta-muppet
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:661 bytes
First seen:2026-01-01 18:48:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3UUlxjJUUneKlCpJUUTiKl2pJUUcJUU+JUUm9jJUUzFG10jJUUwYhJUUkb4JUb:3J3VxjrlCpkKlk2kApmk1FuR
TLSH T1BD0146EA54F75D53D368CF4DB0BA842D9001D0C97EB2DEA4D83805345DC75496025AB7
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/parm9a9f7624b0dad8817e70e72a007686c91f1a53d2dc254817f9ee6fd19eed0ce6 Miraielf mirai ua-wget
http://158.94.208.27/parmsn/an/aelf
http://158.94.208.27/parm78027c6f089be296b3961b35fd9f4dc03edd64d05288e5e51ded9a3a25c0ab6b3 Miraielf mirai ua-wget
http://158.94.208.27/psh44e49fbeee717728935e64e493d8b0685c0da63b15b10c5c8875f1499e8a89a92 Miraielf mirai ua-wget
http://158.94.208.27/pnpcn/an/aelf
http://158.94.208.27/pmips648a1ad85e1ef2c1306e922cb9fee502490224f527dfbcbd9397c11a1db03cb1 Miraielf mirai ua-wget
http://158.94.208.27/pmpsl46280c6dceff8fe250699ec09396d2170a5ef12e74ffcca4a3c4ccbb839cc1d3 Miraielf mirai ua-wget
http://158.94.208.27/pm68k72bf7021a323e4f8668499f2c124973c6d4744abddab61449824d7b5334249f6 Miraielf mirai ua-wget
http://158.94.208.27/px8681aa3a1cec78008abbe0506a44c20fc80efe006f5c4d84fdec6c8ed9d84521d6 Miraielf mirai ua-wget
http://158.94.208.27/px86_64113bc2274f429d9cd5cb64c14738556807e72c051f5409a5be4857ed5480fb84 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6956c167127d6a14e0cb7221/reports/ca10f740-4c27-46a9-9e57-420e04a3f1c5/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-01T15:53:00Z UTC
Last seen:
2026-01-03T08:32:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/91361031-1037-4fee-8fde-4e8a46a69fc7
Behavior Graph:
Download SVG
%3 guuid=09f37f2a-1900-0000-4abe-edbba40c0000 pid=3236 /usr/bin/sudo guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243 /tmp/sample.bin guuid=09f37f2a-1900-0000-4abe-edbba40c0000 pid=3236->guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243 execve guuid=3792d42c-1900-0000-4abe-edbbad0c0000 pid=3245 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=3792d42c-1900-0000-4abe-edbbad0c0000 pid=3245 execve guuid=c01d023c-1900-0000-4abe-edbbc50c0000 pid=3269 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=c01d023c-1900-0000-4abe-edbbc50c0000 pid=3269 execve guuid=f970553c-1900-0000-4abe-edbbc70c0000 pid=3271 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=f970553c-1900-0000-4abe-edbbc70c0000 pid=3271 clone guuid=1ab9623c-1900-0000-4abe-edbbc80c0000 pid=3272 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=1ab9623c-1900-0000-4abe-edbbc80c0000 pid=3272 execve guuid=0fc10d46-1900-0000-4abe-edbbe00c0000 pid=3296 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=0fc10d46-1900-0000-4abe-edbbe00c0000 pid=3296 execve guuid=75545346-1900-0000-4abe-edbbe20c0000 pid=3298 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=75545346-1900-0000-4abe-edbbe20c0000 pid=3298 clone guuid=5b636046-1900-0000-4abe-edbbe30c0000 pid=3299 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=5b636046-1900-0000-4abe-edbbe30c0000 pid=3299 execve guuid=77178b54-1900-0000-4abe-edbb030d0000 pid=3331 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=77178b54-1900-0000-4abe-edbb030d0000 pid=3331 execve guuid=403f7a55-1900-0000-4abe-edbb040d0000 pid=3332 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=403f7a55-1900-0000-4abe-edbb040d0000 pid=3332 clone guuid=1c7f9555-1900-0000-4abe-edbb050d0000 pid=3333 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=1c7f9555-1900-0000-4abe-edbb050d0000 pid=3333 execve guuid=8dfd6065-1900-0000-4abe-edbb190d0000 pid=3353 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=8dfd6065-1900-0000-4abe-edbb190d0000 pid=3353 execve guuid=f373d065-1900-0000-4abe-edbb1b0d0000 pid=3355 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=f373d065-1900-0000-4abe-edbb1b0d0000 pid=3355 clone guuid=0f58e365-1900-0000-4abe-edbb1c0d0000 pid=3356 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=0f58e365-1900-0000-4abe-edbb1c0d0000 pid=3356 execve guuid=caa1f26d-1900-0000-4abe-edbb320d0000 pid=3378 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=caa1f26d-1900-0000-4abe-edbb320d0000 pid=3378 execve guuid=2cbd2b6e-1900-0000-4abe-edbb330d0000 pid=3379 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=2cbd2b6e-1900-0000-4abe-edbb330d0000 pid=3379 clone guuid=985c386e-1900-0000-4abe-edbb350d0000 pid=3381 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=985c386e-1900-0000-4abe-edbb350d0000 pid=3381 execve guuid=70a7547a-1900-0000-4abe-edbb570d0000 pid=3415 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=70a7547a-1900-0000-4abe-edbb570d0000 pid=3415 execve guuid=6dfcc57a-1900-0000-4abe-edbb5a0d0000 pid=3418 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=6dfcc57a-1900-0000-4abe-edbb5a0d0000 pid=3418 clone guuid=7a56da7a-1900-0000-4abe-edbb5b0d0000 pid=3419 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=7a56da7a-1900-0000-4abe-edbb5b0d0000 pid=3419 execve guuid=d32aa985-1900-0000-4abe-edbb800d0000 pid=3456 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=d32aa985-1900-0000-4abe-edbb800d0000 pid=3456 execve guuid=5e0ed985-1900-0000-4abe-edbb820d0000 pid=3458 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=5e0ed985-1900-0000-4abe-edbb820d0000 pid=3458 clone guuid=0ac4e085-1900-0000-4abe-edbb830d0000 pid=3459 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=0ac4e085-1900-0000-4abe-edbb830d0000 pid=3459 execve guuid=271dd093-1900-0000-4abe-edbbb50d0000 pid=3509 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=271dd093-1900-0000-4abe-edbbb50d0000 pid=3509 execve guuid=3f0b4494-1900-0000-4abe-edbbb60d0000 pid=3510 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=3f0b4494-1900-0000-4abe-edbbb60d0000 pid=3510 clone guuid=6e475d94-1900-0000-4abe-edbbb70d0000 pid=3511 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=6e475d94-1900-0000-4abe-edbbb70d0000 pid=3511 execve guuid=0e65899f-1900-0000-4abe-edbbc60d0000 pid=3526 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=0e65899f-1900-0000-4abe-edbbc60d0000 pid=3526 execve guuid=6e71c99f-1900-0000-4abe-edbbc70d0000 pid=3527 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=6e71c99f-1900-0000-4abe-edbbc70d0000 pid=3527 clone guuid=fa09e69f-1900-0000-4abe-edbbc80d0000 pid=3528 /usr/bin/curl net send-data guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=fa09e69f-1900-0000-4abe-edbbc80d0000 pid=3528 execve guuid=97f9f8ab-1900-0000-4abe-edbbe00d0000 pid=3552 /usr/bin/chmod guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=97f9f8ab-1900-0000-4abe-edbbe00d0000 pid=3552 execve guuid=37fe3eac-1900-0000-4abe-edbbe10d0000 pid=3553 /usr/bin/dash guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=37fe3eac-1900-0000-4abe-edbbe10d0000 pid=3553 clone guuid=d7f84aac-1900-0000-4abe-edbbe20d0000 pid=3554 /usr/bin/rm delete-file guuid=bb15952c-1900-0000-4abe-edbbab0c0000 pid=3243->guuid=d7f84aac-1900-0000-4abe-edbbe20d0000 pid=3554 execve b8c32f6f-e0ff-5b69-a443-652e84386a76 158.94.208.27:80 guuid=3792d42c-1900-0000-4abe-edbbad0c0000 pid=3245->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=1ab9623c-1900-0000-4abe-edbbc80c0000 pid=3272->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=5b636046-1900-0000-4abe-edbbe30c0000 pid=3299->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=1c7f9555-1900-0000-4abe-edbb050d0000 pid=3333->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=0f58e365-1900-0000-4abe-edbb1c0d0000 pid=3356->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=985c386e-1900-0000-4abe-edbb350d0000 pid=3381->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=7a56da7a-1900-0000-4abe-edbb5b0d0000 pid=3419->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=0ac4e085-1900-0000-4abe-edbb830d0000 pid=3459->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 82B guuid=6e475d94-1900-0000-4abe-edbbb70d0000 pid=3511->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=fa09e69f-1900-0000-4abe-edbbc80d0000 pid=3528->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 84B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-01 18:48:11 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yepazslwz6vwpnh4lja4gar3mmxbcno5bbviyc3mxupnnaz6orcq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-k7fhnsypg1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c11e0cc976cfab67b4fc5a41c3023b632e1135dd086a8c0b6cbd1ed6833e7445

(this sample)

Mirai

elf 531ca7efe0b460fa89bb5bbba7ae474e19e44727dd7b7207e6d80c6aef604b5a

Mirai

elf 5d4e5eba46e6f90c22cebbafe3e1b082a2d87a4ef0170b6eb4848101dfcd398c

  
URLhaus
https://urlhaus.abuse.ch/url/3747929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 820e0420b0aa169d546e3075eab98543
  
Dropping
SHA256 5d4e5eba46e6f90c22cebbafe3e1b082a2d87a4ef0170b6eb4848101dfcd398c

Comments