MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84
SHA3-384 hash:	3ff5ff671e7ee794f471daf97a8ac048db1976e71f9ada516c75175fc7116cbe01de2b7a4bf7e882aa190bf37c95c946
SHA1 hash:	aa9986b6df86f5b36f36afc45868b26950e3cbb8
MD5 hash:	22086b50a950e8c8a289b43aba5ee4a9
humanhash:	arkansas-timing-king-violet
File name:	t
Download:	download sample
Signature	Mirai Create hunting rule
File size:	796 bytes
First seen:	2025-12-13 08:55:27 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3s6wZjYNX8jYtXNyHe05X8jYPQ8jNSYeJBV8jKpB8jYb+8j6v:3KZjfKX65AStemKpauJE
TLSH	T116012FCD125473EEC5888E0EB6934F9814544ACF5D8B1FCC7A8C5C269784E54B834B68
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.146.122.62/arm	32d8f4119792137a9269a36fb23f84aab73f9a932ad897af6655135102e97409	Mirai	32-bit elf mirai Mozi
http://103.146.122.62/arm5	5f139b155ce959a8f2a74f795da448b2a8705f1b00cea3da1ca85b7c977899be	Mirai	elf mirai ua-wget
http://103.146.122.62/arm7	c758c08c9126d55348c337ee1b3a6eb90e68e3ffc1ad5ceb9f969faee80b2c0b	Mirai	elf mirai ua-wget
http://103.146.122.62/mips	e5c711d405d623a59b267cd234e56b4cbdeb15206b7fc37ed394e64f7762e751	Mirai	32-bit elf mirai Mozi
http://103.146.122.62/mpsl	b2495ee300355d0d9e93340929e9a7de0bcffbf95e6aff5b98f09b3f9fe1c7b6	Mirai	elf gafgyt mirai ua-wget
http://103.146.122.62/arc	376195291aabab3e3bb96a19bd4ada7197cc503f1a2cc43e6ff3a7c45a9e9f83	Mirai	elf gafgyt mirai ua-wget
http://103.146.122.62/aarch64	8e2d51bcd5fdc794dc465645e1997dbe577d8244a7b2a4f40c2757760f50b207	Mirai	elf gafgyt mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox expand lolbin mirai

Link:

https://www.filescan.io/uploads/693d4d9964bd958a5210eb47/reports/e7888ab9-4fa0-433c-aa9d-582c1ec73374/overview

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Verdict:

Malicious

File Type:

text

First seen:

2025-12-13T06:38:00Z UTC

Last seen:

2025-12-14T00:48:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p

Link:

https://opentip.kaspersky.com/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/98e2c61c-2990-4cfb-858e-eb44b1476a53

Score:

93%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-12-13 08:50:27 UTC

File Type:

Text (Shell)

AV detection:

12 of 38 (31.58%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zafq5nwjfeczp4uthdshrb363sljnlgk3ouvanqpget7cg5dhoca._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251213-nkpplsyqa1/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c80b0eb6c9290597f29338e478877edc9696accadba950360f3127f11ba33b84

(this sample)

Mirai

elf ad0a12ded3a61912d0c59ec08acb4f81a45a965a65d2fb4a4694356c748b7ee4

URLhaus

https://urlhaus.abuse.ch/url/3732882/

Delivery method

Distributed via web download

Dropping

MD5 f8870e4187ee8580c743e3f0cb4de455

Dropping

SHA256 ad0a12ded3a61912d0c59ec08acb4f81a45a965a65d2fb4a4694356c748b7ee4

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample