MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9
SHA3-384 hash: ec63ce355b605b53561d88bdcd79ce2f9f6568b0d8007bf611d3064550b7c34b5b42d72038188d06fd0013ea2bf3cfd3
SHA1 hash: 634664f345128b02e3c012b49ef7359f2fba93d8
MD5 hash: aac67cada56bbabbd43781388c15bc27
humanhash: indigo-jupiter-north-saturn
File name:busybox.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:957 bytes
First seen:2025-06-20 11:51:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:jcsVmDcs55DcsZNIqcDcsMKxzDcsAvDcsAGDcsAoUDcsIRv/WREDcsD1xlDcsXg2:jdVmDd55DdFcDdMSzDdAvDdAGDdAoUDo
TLSH T15911B6DE1098B144499DCFC772198A187B44CFE4B4D99FFD6E6C8872A19A9247129F0C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.252.178/bot.arm93eb8e223410f702c1be6d9388205a25066cd8ee5c669e1e0954eed51b61d99c Miraielf mirai ua-wget
http://103.149.252.178/bot.arm567ba445f4d39c217eb3911c0b41ed7e4ca87c175535b1f08501e8d157c2bbd26 Miraielf mirai ua-wget
http://103.149.252.178/bot.arm661f1709d5d81bc6a521d005312751b7cfa5e5efa4a87b36c78d1df6a56166243 Miraielf mirai ua-wget
http://103.149.252.178/bot.arm799145d8a8d2bd7a401a9fac5ffc9413987eb507fd8f35b0be2d1641f285f4baa Miraielf mirai ua-wget
http://103.149.252.178/bot.m68k269ee46bd65dd8c96ad5ea5872ba50f12572714521430f410e73046afc372cee Miraielf mirai ua-wget
http://103.149.252.178/bot.mipse3b227f81a4eb81c43b5764316f3632fd41367cbb0706951b2375f43f906e8ff Miraielf mirai ua-wget
http://103.149.252.178/bot.mpsl9f1f56a03f2046fa18c79a9505f2a9fbb5272549da3eb9507b3495602246be54 Miraielf mirai ua-wget
http://103.149.252.178/bot.powerpcn/an/an/a
http://103.149.252.178/bot.sh4db65c6ad097c998d7cab2fd9bce177aa17f74a8179ac36a67c62f845285612b0 Miraielf mirai ua-wget
http://103.149.252.178/bot.x864427f663b9ef45d01d7925efe57d5670b5e27efc3e35c61abdda4786b681066d Miraielf mirai ua-wget
http://103.149.252.178/bot.x86_64dcf79d68228bb95fe49c4e3a9d0167aaef4abd8946bae55855d825b68b19cc26 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68554b8738813cf1bf1b1672linux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68554b8bcf2af15711132331/reports/53f2b9f3-e1a9-459f-ba95-7b1095d6ef20/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/21b3ea07-7395-4330-9a01-f947c542c243
Behavior Graph:
Download SVG
%3 guuid=949dce44-1900-0000-5b4a-0716dd0b0000 pid=3037 /usr/bin/sudo guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049 /tmp/sample.bin guuid=949dce44-1900-0000-5b4a-0716dd0b0000 pid=3037->guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049 execve guuid=90b16648-1900-0000-5b4a-0716ea0b0000 pid=3050 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=90b16648-1900-0000-5b4a-0716ea0b0000 pid=3050 execve guuid=8af6b890-1900-0000-5b4a-07166a0c0000 pid=3178 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=8af6b890-1900-0000-5b4a-07166a0c0000 pid=3178 execve guuid=0b830491-1900-0000-5b4a-07166b0c0000 pid=3179 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=0b830491-1900-0000-5b4a-07166b0c0000 pid=3179 clone guuid=12e17192-1900-0000-5b4a-0716700c0000 pid=3184 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=12e17192-1900-0000-5b4a-0716700c0000 pid=3184 execve guuid=015602db-1900-0000-5b4a-0716cb0c0000 pid=3275 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=015602db-1900-0000-5b4a-0716cb0c0000 pid=3275 execve guuid=40d242db-1900-0000-5b4a-0716cc0c0000 pid=3276 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=40d242db-1900-0000-5b4a-0716cc0c0000 pid=3276 clone guuid=9b40c0dc-1900-0000-5b4a-0716d10c0000 pid=3281 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=9b40c0dc-1900-0000-5b4a-0716d10c0000 pid=3281 execve guuid=d8c40021-1a00-0000-5b4a-07163f0d0000 pid=3391 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=d8c40021-1a00-0000-5b4a-07163f0d0000 pid=3391 execve guuid=e0345421-1a00-0000-5b4a-0716410d0000 pid=3393 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=e0345421-1a00-0000-5b4a-0716410d0000 pid=3393 clone guuid=d3b3f522-1a00-0000-5b4a-0716470d0000 pid=3399 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=d3b3f522-1a00-0000-5b4a-0716470d0000 pid=3399 execve guuid=dffff767-1a00-0000-5b4a-0716e20d0000 pid=3554 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=dffff767-1a00-0000-5b4a-0716e20d0000 pid=3554 execve guuid=06435968-1a00-0000-5b4a-0716e40d0000 pid=3556 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=06435968-1a00-0000-5b4a-0716e40d0000 pid=3556 clone guuid=9aa4a669-1a00-0000-5b4a-0716e80d0000 pid=3560 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=9aa4a669-1a00-0000-5b4a-0716e80d0000 pid=3560 execve guuid=f48659ae-1a00-0000-5b4a-0716680e0000 pid=3688 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=f48659ae-1a00-0000-5b4a-0716680e0000 pid=3688 execve guuid=6783b9ae-1a00-0000-5b4a-0716690e0000 pid=3689 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=6783b9ae-1a00-0000-5b4a-0716690e0000 pid=3689 clone guuid=1187fcaf-1a00-0000-5b4a-07166b0e0000 pid=3691 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=1187fcaf-1a00-0000-5b4a-07166b0e0000 pid=3691 execve guuid=f871abf4-1a00-0000-5b4a-0716440f0000 pid=3908 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=f871abf4-1a00-0000-5b4a-0716440f0000 pid=3908 execve guuid=6e2ef4f4-1a00-0000-5b4a-0716460f0000 pid=3910 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=6e2ef4f4-1a00-0000-5b4a-0716460f0000 pid=3910 clone guuid=986287f6-1a00-0000-5b4a-07164f0f0000 pid=3919 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=986287f6-1a00-0000-5b4a-07164f0f0000 pid=3919 execve guuid=033ccf3a-1b00-0000-5b4a-07163c100000 pid=4156 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=033ccf3a-1b00-0000-5b4a-07163c100000 pid=4156 execve guuid=96aa373b-1b00-0000-5b4a-071640100000 pid=4160 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=96aa373b-1b00-0000-5b4a-071640100000 pid=4160 clone guuid=e9199f3c-1b00-0000-5b4a-071644100000 pid=4164 /usr/bin/busybox net send-data guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=e9199f3c-1b00-0000-5b4a-071644100000 pid=4164 execve guuid=d91b3f58-1b00-0000-5b4a-07169f100000 pid=4255 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=d91b3f58-1b00-0000-5b4a-07169f100000 pid=4255 execve guuid=8d4e8258-1b00-0000-5b4a-0716a0100000 pid=4256 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=8d4e8258-1b00-0000-5b4a-0716a0100000 pid=4256 clone guuid=dc298958-1b00-0000-5b4a-0716a1100000 pid=4257 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=dc298958-1b00-0000-5b4a-0716a1100000 pid=4257 execve guuid=816145a3-1b00-0000-5b4a-0716bc110000 pid=4540 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=816145a3-1b00-0000-5b4a-0716bc110000 pid=4540 execve guuid=ae4ab9a3-1b00-0000-5b4a-0716bf110000 pid=4543 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=ae4ab9a3-1b00-0000-5b4a-0716bf110000 pid=4543 clone guuid=ca9d85a5-1b00-0000-5b4a-0716ca110000 pid=4554 /usr/bin/busybox net send-data write-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=ca9d85a5-1b00-0000-5b4a-0716ca110000 pid=4554 execve guuid=fcdcc0dc-1b00-0000-5b4a-071654120000 pid=4692 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=fcdcc0dc-1b00-0000-5b4a-071654120000 pid=4692 execve guuid=2c6209dd-1b00-0000-5b4a-071655120000 pid=4693 /home/sandbox/bot.x86 delete-file net guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=2c6209dd-1b00-0000-5b4a-071655120000 pid=4693 execve guuid=86e450dd-1b00-0000-5b4a-071657120000 pid=4695 /usr/bin/busybox net guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=86e450dd-1b00-0000-5b4a-071657120000 pid=4695 execve guuid=f05f54e0-1b00-0000-5b4a-071659120000 pid=4697 /usr/bin/chmod guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=f05f54e0-1b00-0000-5b4a-071659120000 pid=4697 execve guuid=aebd8fe0-1b00-0000-5b4a-07165a120000 pid=4698 /usr/bin/dash guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=aebd8fe0-1b00-0000-5b4a-07165a120000 pid=4698 clone guuid=7be99be0-1b00-0000-5b4a-07165b120000 pid=4699 /usr/bin/rm delete-file guuid=67292048-1900-0000-5b4a-0716e90b0000 pid=3049->guuid=7be99be0-1b00-0000-5b4a-07165b120000 pid=4699 execve b95ce511-3591-5114-995b-9ce77bb440cb 103.149.252.178:80 guuid=90b16648-1900-0000-5b4a-0716ea0b0000 pid=3050->b95ce511-3591-5114-995b-9ce77bb440cb send: 85B guuid=12e17192-1900-0000-5b4a-0716700c0000 pid=3184->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=9b40c0dc-1900-0000-5b4a-0716d10c0000 pid=3281->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=d3b3f522-1a00-0000-5b4a-0716470d0000 pid=3399->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=9aa4a669-1a00-0000-5b4a-0716e80d0000 pid=3560->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=1187fcaf-1a00-0000-5b4a-07166b0e0000 pid=3691->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=986287f6-1a00-0000-5b4a-07164f0f0000 pid=3919->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=e9199f3c-1b00-0000-5b4a-071644100000 pid=4164->b95ce511-3591-5114-995b-9ce77bb440cb send: 89B guuid=dc298958-1b00-0000-5b4a-0716a1100000 pid=4257->b95ce511-3591-5114-995b-9ce77bb440cb send: 85B guuid=ca9d85a5-1b00-0000-5b4a-0716ca110000 pid=4554->b95ce511-3591-5114-995b-9ce77bb440cb send: 85B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=2c6209dd-1b00-0000-5b4a-071655120000 pid=4693->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=98f747dd-1b00-0000-5b4a-071656120000 pid=4694 /home/sandbox/bot.x86 dns net send-data zombie guuid=2c6209dd-1b00-0000-5b4a-071655120000 pid=4693->guuid=98f747dd-1b00-0000-5b4a-071656120000 pid=4694 clone guuid=98f747dd-1b00-0000-5b4a-071656120000 pid=4694->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 31B 677ce3b8-4421-5add-bafd-dad229dad2e0 voucher.io.vn:47925 guuid=98f747dd-1b00-0000-5b4a-071656120000 pid=4694->677ce3b8-4421-5add-bafd-dad229dad2e0 send: 14B guuid=128b54dd-1b00-0000-5b4a-071658120000 pid=4696 /home/sandbox/bot.x86 guuid=98f747dd-1b00-0000-5b4a-071656120000 pid=4694->guuid=128b54dd-1b00-0000-5b4a-071658120000 pid=4696 clone b9a7a8d8-6d90-5690-84ac-a4b8984305ee voucher.io.vn:80 guuid=86e450dd-1b00-0000-5b4a-071657120000 pid=4695->b9a7a8d8-6d90-5690-84ac-a4b8984305ee con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-20 11:52:26 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykr7vafy6rzecc224xrwzc43iuo6ahxo2ey7famceqnlhudrs74q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250620-n1xp6agq4y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c2a3fa80b8f472410b5ae5e36c8b9b451de01eeed131f28182241ab3d07197f9

(this sample)

Mirai

elf 954e7d8fa1f392c67571519103a4373dfb924b3f79943bf0a1d54d79089cca1a

  
URLhaus
https://urlhaus.abuse.ch/url/3562359/
  
Delivery method
Distributed via web download
  
Dropping
MD5 eb00c0586aa43a9523c032a094eac5f6
  
Dropping
SHA256 954e7d8fa1f392c67571519103a4373dfb924b3f79943bf0a1d54d79089cca1a

Comments