MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f
SHA3-384 hash: c2a93ce60cf50fb585d7a4974db49a83b38a3ffd4eb1b20ebc532c79641177668c993105969b16fc4b29eb99d8f84a1f
SHA1 hash: 7cf84c30ab5068c999b29d0610fa4bf2bfb510aa
MD5 hash: 17d7636b04c7b8af36b40283c3766f17
humanhash: yellow-muppet-pizza-idaho
File name:netgear.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:253 bytes
First seen:2025-08-01 12:40:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SuUQN/JPSuUQN/iJPSuUQN/uNNIl56APSuUQN/Sa0LKiJPn:7/R/iR/6NIl56I/H0LKo
TLSH T1C5D02ECE701921D30A808E30F2228CC0D083D2C0A0B3B3C4E086CC3E8DB07A0301CEA8
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://66.63.187.141/armc7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076 Gafgyt32-bit elf gafgyt Mozi
http://66.63.187.141/arm52153f7f0232ac7e9fb23ee4c50aabb18c7f32ff2653f213796fb55b3229aabf4 Miraielf gafgyt mirai ua-wget
http://66.63.187.141/arm66062592a30f707d9cc1d5ba80dd76140736d28829df170f53a710bf182b83ce9 Miraielf mirai ua-wget
http://66.63.187.141/arm78caac9e05312ee38e05a89b23e920a5901c4c88736db0b345e5184dbef7ce50b Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.12003.26047.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/688cb5d673b8ef6f4af9ad1e/reports/17c08071-4a59-4cd5-9fb4-f26ef7517a2a/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6c9f1e40-7530-4d0b-bb70-0688085579bf
Behavior Graph:
Download SVG
%3 guuid=ce31fa57-1a00-0000-02ac-ee58370b0000 pid=2871 /usr/bin/sudo guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882 /tmp/sample.bin guuid=ce31fa57-1a00-0000-02ac-ee58370b0000 pid=2871->guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882 execve guuid=9d15125b-1a00-0000-02ac-ee58440b0000 pid=2884 /usr/bin/wget net send-data write-file guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=9d15125b-1a00-0000-02ac-ee58440b0000 pid=2884 execve guuid=0d4f756b-1a00-0000-02ac-ee58620b0000 pid=2914 /usr/bin/chmod guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=0d4f756b-1a00-0000-02ac-ee58620b0000 pid=2914 execve guuid=bbbbce6b-1a00-0000-02ac-ee58630b0000 pid=2915 /usr/bin/dash guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=bbbbce6b-1a00-0000-02ac-ee58630b0000 pid=2915 clone guuid=23f85d6c-1a00-0000-02ac-ee58670b0000 pid=2919 /usr/bin/wget net send-data write-file guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=23f85d6c-1a00-0000-02ac-ee58670b0000 pid=2919 execve guuid=fcc7f779-1a00-0000-02ac-ee58790b0000 pid=2937 /usr/bin/chmod guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=fcc7f779-1a00-0000-02ac-ee58790b0000 pid=2937 execve guuid=c11d367a-1a00-0000-02ac-ee587b0b0000 pid=2939 /usr/bin/dash guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=c11d367a-1a00-0000-02ac-ee587b0b0000 pid=2939 clone guuid=7531be7a-1a00-0000-02ac-ee587e0b0000 pid=2942 /usr/bin/wget net send-data write-file guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=7531be7a-1a00-0000-02ac-ee587e0b0000 pid=2942 execve guuid=e6f9bd88-1a00-0000-02ac-ee588d0b0000 pid=2957 /usr/bin/chmod guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=e6f9bd88-1a00-0000-02ac-ee588d0b0000 pid=2957 execve guuid=d744fd88-1a00-0000-02ac-ee588e0b0000 pid=2958 /usr/bin/dash guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=d744fd88-1a00-0000-02ac-ee588e0b0000 pid=2958 clone guuid=25de8d89-1a00-0000-02ac-ee58900b0000 pid=2960 /usr/bin/wget net send-data write-file guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=25de8d89-1a00-0000-02ac-ee58900b0000 pid=2960 execve guuid=57d6a998-1a00-0000-02ac-ee58a60b0000 pid=2982 /usr/bin/chmod guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=57d6a998-1a00-0000-02ac-ee58a60b0000 pid=2982 execve guuid=d87be498-1a00-0000-02ac-ee58a70b0000 pid=2983 /usr/bin/dash guuid=b776cf5a-1a00-0000-02ac-ee58420b0000 pid=2882->guuid=d87be498-1a00-0000-02ac-ee58a70b0000 pid=2983 clone a4f1e28a-5799-5623-8429-fc4b4fdc9ca8 66.63.187.141:80 guuid=9d15125b-1a00-0000-02ac-ee58440b0000 pid=2884->a4f1e28a-5799-5623-8429-fc4b4fdc9ca8 send: 131B guuid=23f85d6c-1a00-0000-02ac-ee58670b0000 pid=2919->a4f1e28a-5799-5623-8429-fc4b4fdc9ca8 send: 132B guuid=7531be7a-1a00-0000-02ac-ee587e0b0000 pid=2942->a4f1e28a-5799-5623-8429-fc4b4fdc9ca8 send: 132B guuid=25de8d89-1a00-0000-02ac-ee58900b0000 pid=2960->a4f1e28a-5799-5623-8429-fc4b4fdc9ca8 send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-08-01 12:29:40 UTC
File Type:
Text (JavaScript)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ylit3ui4qbu7pu46cd6mglv3miqhsis3ilt23gcoy4endgfnlnpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250801-pwjheaaq5t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c2d13dd11c8069f7d39e10fcc32ebb622079225b42e7ad984ec708d198ad5b5f

(this sample)

Gafgyt

elf c7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076

  
URLhaus
https://urlhaus.abuse.ch/url/3594262/
  
Delivery method
Distributed via web download
  
Dropping
MD5 90bbcab4a058c792954a141e5c33d1a2
  
Dropping
SHA256 c7ce30048cff8cd281aae097b739ac1ec446aaa0eb48a746a6f03420e4b28076

Comments