MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165
SHA3-384 hash: c86f0e65099008f0c3f15542d7286051c0a7148f9d6f9917e53344f3555ad9e3e5736a53d7e7488571f2172405bf297a
SHA1 hash: 8791a2c8a547a7e17876d39ef3c0bdff1a39a52a
MD5 hash: a95ef7e5252d46e004d337719af1bc7c
humanhash: fish-bacon-harry-nuts
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:930 bytes
First seen:2025-10-05 06:36:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ml+Y7fNI76HKqO+Im7jh1T5qlOTtF8ON7ln:ml+Y7+6HdTIm7lR5Pv8Ohl
TLSH T1AA1146DD17B160A109894DE470618818B02D9BC273608F6E5DAF08F2E9DAF147A37F6C
Magika asm
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.237.253.28/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://185.237.253.28/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://185.237.253.28/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://185.237.253.28/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://185.237.253.28/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://185.237.253.28/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://185.237.253.28/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://185.237.253.28/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://185.237.253.28/systemcl/sh4n/an/an/a
http://185.237.253.28/systemcl/spcn/an/an/a
http://185.237.253.28/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://185.237.253.28/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive exploit mirai
Link:
https://www.filescan.io/uploads/68e21249c74bd2958b15a526/reports/98f89247-44cd-4873-94c6-6d58fd2f7c62/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e5dcffde-aa5d-4f13-bb90-63ce7d10f0ea
Behavior Graph:
Download SVG
%3 guuid=8c53fb62-1a00-0000-6fe7-50d3bb080000 pid=2235 /usr/bin/sudo guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244 /tmp/sample.bin guuid=8c53fb62-1a00-0000-6fe7-50d3bb080000 pid=2235->guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244 execve guuid=8b6f8c66-1a00-0000-6fe7-50d3c6080000 pid=2246 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=8b6f8c66-1a00-0000-6fe7-50d3c6080000 pid=2246 execve guuid=2bd5856b-1a00-0000-6fe7-50d3d2080000 pid=2258 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=2bd5856b-1a00-0000-6fe7-50d3d2080000 pid=2258 execve guuid=410de36b-1a00-0000-6fe7-50d3d3080000 pid=2259 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=410de36b-1a00-0000-6fe7-50d3d3080000 pid=2259 clone guuid=53f9b36c-1a00-0000-6fe7-50d3d5080000 pid=2261 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=53f9b36c-1a00-0000-6fe7-50d3d5080000 pid=2261 execve guuid=6284eb6e-1a00-0000-6fe7-50d3dc080000 pid=2268 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=6284eb6e-1a00-0000-6fe7-50d3dc080000 pid=2268 execve guuid=2a7d6d6f-1a00-0000-6fe7-50d3dd080000 pid=2269 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=2a7d6d6f-1a00-0000-6fe7-50d3dd080000 pid=2269 clone guuid=53e62b70-1a00-0000-6fe7-50d3df080000 pid=2271 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=53e62b70-1a00-0000-6fe7-50d3df080000 pid=2271 execve guuid=d6a00172-1a00-0000-6fe7-50d3e1080000 pid=2273 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=d6a00172-1a00-0000-6fe7-50d3e1080000 pid=2273 execve guuid=832c8872-1a00-0000-6fe7-50d3e2080000 pid=2274 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=832c8872-1a00-0000-6fe7-50d3e2080000 pid=2274 clone guuid=0c077673-1a00-0000-6fe7-50d3e4080000 pid=2276 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=0c077673-1a00-0000-6fe7-50d3e4080000 pid=2276 execve guuid=f9436376-1a00-0000-6fe7-50d3ec080000 pid=2284 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=f9436376-1a00-0000-6fe7-50d3ec080000 pid=2284 execve guuid=747db876-1a00-0000-6fe7-50d3ee080000 pid=2286 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=747db876-1a00-0000-6fe7-50d3ee080000 pid=2286 clone guuid=2b608777-1a00-0000-6fe7-50d3f2080000 pid=2290 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=2b608777-1a00-0000-6fe7-50d3f2080000 pid=2290 execve guuid=d2cbb379-1a00-0000-6fe7-50d3f8080000 pid=2296 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=d2cbb379-1a00-0000-6fe7-50d3f8080000 pid=2296 execve guuid=4262137a-1a00-0000-6fe7-50d3fa080000 pid=2298 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=4262137a-1a00-0000-6fe7-50d3fa080000 pid=2298 clone guuid=c8c2a57a-1a00-0000-6fe7-50d3fe080000 pid=2302 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=c8c2a57a-1a00-0000-6fe7-50d3fe080000 pid=2302 execve guuid=8390667c-1a00-0000-6fe7-50d302090000 pid=2306 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=8390667c-1a00-0000-6fe7-50d302090000 pid=2306 execve guuid=8d19aa7c-1a00-0000-6fe7-50d304090000 pid=2308 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=8d19aa7c-1a00-0000-6fe7-50d304090000 pid=2308 clone guuid=d978467d-1a00-0000-6fe7-50d306090000 pid=2310 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=d978467d-1a00-0000-6fe7-50d306090000 pid=2310 execve guuid=4bee9581-1a00-0000-6fe7-50d311090000 pid=2321 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=4bee9581-1a00-0000-6fe7-50d311090000 pid=2321 execve guuid=23fb0782-1a00-0000-6fe7-50d312090000 pid=2322 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=23fb0782-1a00-0000-6fe7-50d312090000 pid=2322 clone guuid=098b0383-1a00-0000-6fe7-50d315090000 pid=2325 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=098b0383-1a00-0000-6fe7-50d315090000 pid=2325 execve guuid=670dc284-1a00-0000-6fe7-50d318090000 pid=2328 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=670dc284-1a00-0000-6fe7-50d318090000 pid=2328 execve guuid=d1400f85-1a00-0000-6fe7-50d31b090000 pid=2331 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=d1400f85-1a00-0000-6fe7-50d31b090000 pid=2331 clone guuid=7503d986-1a00-0000-6fe7-50d31f090000 pid=2335 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=7503d986-1a00-0000-6fe7-50d31f090000 pid=2335 execve guuid=c581df8c-1a00-0000-6fe7-50d328090000 pid=2344 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=c581df8c-1a00-0000-6fe7-50d328090000 pid=2344 execve guuid=61841e8d-1a00-0000-6fe7-50d329090000 pid=2345 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=61841e8d-1a00-0000-6fe7-50d329090000 pid=2345 clone guuid=eff5c68e-1a00-0000-6fe7-50d32e090000 pid=2350 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=eff5c68e-1a00-0000-6fe7-50d32e090000 pid=2350 execve guuid=655ef290-1a00-0000-6fe7-50d335090000 pid=2357 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=655ef290-1a00-0000-6fe7-50d335090000 pid=2357 execve guuid=89e06591-1a00-0000-6fe7-50d337090000 pid=2359 /usr/bin/dash guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=89e06591-1a00-0000-6fe7-50d337090000 pid=2359 clone guuid=01f32e92-1a00-0000-6fe7-50d339090000 pid=2361 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=01f32e92-1a00-0000-6fe7-50d339090000 pid=2361 execve guuid=4f22be96-1a00-0000-6fe7-50d33c090000 pid=2364 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=4f22be96-1a00-0000-6fe7-50d33c090000 pid=2364 execve guuid=7bb81697-1a00-0000-6fe7-50d33d090000 pid=2365 /home/sandbox/x86 net guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=7bb81697-1a00-0000-6fe7-50d33d090000 pid=2365 execve guuid=7f3b2ea9-1a00-0000-6fe7-50d346090000 pid=2374 /usr/bin/busybox net send-data write-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=7f3b2ea9-1a00-0000-6fe7-50d346090000 pid=2374 execve guuid=448cb7ad-1a00-0000-6fe7-50d355090000 pid=2389 /usr/bin/chmod guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=448cb7ad-1a00-0000-6fe7-50d355090000 pid=2389 execve guuid=04e8fead-1a00-0000-6fe7-50d357090000 pid=2391 /home/sandbox/x86_64 net guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=04e8fead-1a00-0000-6fe7-50d357090000 pid=2391 execve guuid=42b804bd-1a00-0000-6fe7-50d37e090000 pid=2430 /usr/bin/rm delete-file guuid=845f4666-1a00-0000-6fe7-50d3c4080000 pid=2244->guuid=42b804bd-1a00-0000-6fe7-50d37e090000 pid=2430 execve 82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 185.237.253.28:80 guuid=8b6f8c66-1a00-0000-6fe7-50d3c6080000 pid=2246->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 89B guuid=53f9b36c-1a00-0000-6fe7-50d3d5080000 pid=2261->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=53e62b70-1a00-0000-6fe7-50d3df080000 pid=2271->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=0c077673-1a00-0000-6fe7-50d3e4080000 pid=2276->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=2b608777-1a00-0000-6fe7-50d3f2080000 pid=2290->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=c8c2a57a-1a00-0000-6fe7-50d3fe080000 pid=2302->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=d978467d-1a00-0000-6fe7-50d306090000 pid=2310->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 90B guuid=098b0383-1a00-0000-6fe7-50d315090000 pid=2325->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 89B guuid=7503d986-1a00-0000-6fe7-50d31f090000 pid=2335->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 89B guuid=eff5c68e-1a00-0000-6fe7-50d32e090000 pid=2350->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 89B guuid=01f32e92-1a00-0000-6fe7-50d339090000 pid=2361->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=7bb81697-1a00-0000-6fe7-50d33d090000 pid=2365->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a3581fa9-1a00-0000-6fe7-50d344090000 pid=2372 /home/sandbox/x86 guuid=7bb81697-1a00-0000-6fe7-50d33d090000 pid=2365->guuid=a3581fa9-1a00-0000-6fe7-50d344090000 pid=2372 clone guuid=c6dc24a9-1a00-0000-6fe7-50d345090000 pid=2373 /home/sandbox/x86 net send-data zombie guuid=7bb81697-1a00-0000-6fe7-50d33d090000 pid=2365->guuid=c6dc24a9-1a00-0000-6fe7-50d345090000 pid=2373 clone guuid=c6dc24a9-1a00-0000-6fe7-50d345090000 pid=2373->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=c6dc24a9-1a00-0000-6fe7-50d345090000 pid=2373->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=7f3b2ea9-1a00-0000-6fe7-50d346090000 pid=2374->82b1dfb3-ca2e-5d74-9b1e-c4cd1c52da22 send: 92B guuid=04e8fead-1a00-0000-6fe7-50d357090000 pid=2391->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ad28f6bc-1a00-0000-6fe7-50d37c090000 pid=2428 /home/sandbox/x86_64 guuid=04e8fead-1a00-0000-6fe7-50d357090000 pid=2391->guuid=ad28f6bc-1a00-0000-6fe7-50d37c090000 pid=2428 clone guuid=cac6fbbc-1a00-0000-6fe7-50d37d090000 pid=2429 /home/sandbox/x86_64 net send-data zombie guuid=04e8fead-1a00-0000-6fe7-50d357090000 pid=2391->guuid=cac6fbbc-1a00-0000-6fe7-50d37d090000 pid=2429 clone guuid=cac6fbbc-1a00-0000-6fe7-50d37d090000 pid=2429->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cac6fbbc-1a00-0000-6fe7-50d37d090000 pid=2429->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-04 23:24:10 UTC
File Type:
Text (Shell)
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y42jyhd4xpbdafzqyvaqt3hquzylcflqivot3wyitm4r4jfu4fsq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251005-hd166s1whw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c7349c1c7cbbc2301730c54109ecf0a670b11570455d3ddb089b391e24b4e165

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3657443/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments