MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84
SHA3-384 hash:	3ff5ff671e7ee794f471daf97a8ac048db1976e71f9ada516c75175fc7116cbe01de2b7a4bf7e882aa190bf37c95c946
SHA1 hash:	aa9986b6df86f5b36f36afc45868b26950e3cbb8
MD5 hash:	22086b50a950e8c8a289b43aba5ee4a9
humanhash:	arkansas-timing-king-violet
File name:	t
Download:	download sample
Signature	Mirai Create hunting rule
File size:	796 bytes
First seen:	2025-12-13 08:55:27 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3s6wZjYNX8jYtXNyHe05X8jYPQ8jNSYeJBV8jKpB8jYb+8j6v:3KZjfKX65AStemKpauJE
TLSH	T116012FCD125473EEC5888E0EB6934F9814544ACF5D8B1FCC7A8C5C269784E54B834B68
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.146.122.62/arm	45168bc663329c3b1d883b83a59fe84f08b6e01895c37144ddfa9156bea3eaee	Mirai	32-bit elf mirai Mozi
http://103.146.122.62/arm5	c081b0cb0bf6317b1c5a57c3c6c821afc9656185960865bece92b13f5da8817a	Mirai	elf mirai ua-wget
http://103.146.122.62/arm7	25d009b54cc805f0e3f69e011da81239bfb6422877c1574d62e0fbc988eab49a	Mirai	elf mirai ua-wget
http://103.146.122.62/mips	a04ede576aa16c227ad500289a8c66fdd19fdbff2697ece9a24705418b42b9e0	Mirai	32-bit elf mirai Mozi
http://103.146.122.62/mpsl	25f528c64b08f744661e0a347d6f8152fa9b76e2f62f42c2351539186cc1dcde	Gafgyt	elf gafgyt mirai ua-wget
http://103.146.122.62/arc	b6ee760b9fbfe272a0013850886a8e4e0b4fd824fb44b2a038ce187e8126dece	Mirai	elf mirai ua-wget
http://103.146.122.62/aarch64	69008b5e7815c51d3b6d26bb29ebdd82057ee1c853b0368111bd47a3f145ba5f	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox expand lolbin mirai

Link:

https://www.filescan.io/uploads/693d4d9964bd958a5210eb47/reports/e7888ab9-4fa0-433c-aa9d-582c1ec73374/overview

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Verdict:

Malicious

File Type:

text

First seen:

2025-12-13T06:38:00Z UTC

Last seen:

2025-12-14T00:48:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p

Link:

https://opentip.kaspersky.com/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/98e2c61c-2990-4cfb-858e-eb44b1476a53

Score:

93%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-12-13 08:50:27 UTC

File Type:

Text (Shell)

AV detection:

12 of 38 (31.58%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zafq5nwjfeczp4uthdshrb363sljnlgk3ouvanqpget7cg5dhoca._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251213-nkpplsyqa1/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

(this sample)

Mirai

elf ad0a12ded3a61912d0c59ec08acb4f81a45a965a65d2fb4a4694356c748b7ee4

URLhaus

https://urlhaus.abuse.ch/url/3732882/

Delivery method

Distributed via web download

Dropping

MD5 f8870e4187ee8580c743e3f0cb4de455

Dropping

SHA256 ad0a12ded3a61912d0c59ec08acb4f81a45a965a65d2fb4a4694356c748b7ee4

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample