MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad
SHA3-384 hash: 8a69d7f65c392b978095cddb2abfd42df0e39513baec6bc7873922eeedace2f6786c5b4790aec9f23f28cdb7e978cc0d
SHA1 hash: 60f5f297ced434c12db8de00736a797076c645e2
MD5 hash: 51c372b75a7e84795055d68df13e8504
humanhash: yankee-bluebird-romeo-sixteen
File name:avtech.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:715 bytes
First seen:2025-06-26 10:14:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:NLGEULnWKDbnPZw5ZMoOF7+MB05L73Nvx73NMDNkv73WyTx73WygDNkx:sEUSIbK5zOt+MB0hZpZmkv1ikx
TLSH T1D6014CCE61A2DC619C530CEA7552491DB8CED5D926CB8EC8A1CD0076E49DD087192F59
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.51.126.131/armv5l506a3e39a46d0e6d13ba89dd5a6fe2aa81c5122db15742d4ce509a3c0738ff01 Miraielf gafgyt mirai ua-wget
http://158.51.126.131/armv7l69c12ce6f569adfaa217f1ebd365b727e3d2f882f22ef10169c8dc7ad3a05f4e Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32150.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685d1de2b06783b9ebd7ffe1linux22vpnfull_triage
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/685d1ddc45e80b29f89f4600/reports/0a1e0e9e-ab43-4ba1-a0f8-1187a750f5d2/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/44832c03-4b42-4025-aa99-d85b0b4c3598
Behavior Graph:
Download SVG
%3 guuid=93dbf7fb-1700-0000-9a7a-4937630c0000 pid=3171 /usr/bin/sudo guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174 /tmp/sample.bin guuid=93dbf7fb-1700-0000-9a7a-4937630c0000 pid=3171->guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174 execve guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175 clone guuid=add058ff-1700-0000-9a7a-49376e0c0000 pid=3182 /usr/bin/rm delete-file guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=add058ff-1700-0000-9a7a-49376e0c0000 pid=3182 execve guuid=16c391ff-1700-0000-9a7a-4937700c0000 pid=3184 /usr/bin/rm delete-file guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=16c391ff-1700-0000-9a7a-4937700c0000 pid=3184 execve guuid=bb6dccff-1700-0000-9a7a-4937720c0000 pid=3186 /usr/bin/rm delete-file guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=bb6dccff-1700-0000-9a7a-4937720c0000 pid=3186 execve guuid=16fe0500-1800-0000-9a7a-4937740c0000 pid=3188 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=16fe0500-1800-0000-9a7a-4937740c0000 pid=3188 clone guuid=c04a7100-1800-0000-9a7a-4937770c0000 pid=3191 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=c04a7100-1800-0000-9a7a-4937770c0000 pid=3191 clone guuid=3772b200-1800-0000-9a7a-49377a0c0000 pid=3194 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=3772b200-1800-0000-9a7a-49377a0c0000 pid=3194 clone guuid=142c382d-1800-0000-9a7a-4937a50c0000 pid=3237 /usr/bin/chmod guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=142c382d-1800-0000-9a7a-4937a50c0000 pid=3237 execve guuid=4936be2d-1800-0000-9a7a-4937a60c0000 pid=3238 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=4936be2d-1800-0000-9a7a-4937a60c0000 pid=3238 clone guuid=d656fc2e-1800-0000-9a7a-4937a80c0000 pid=3240 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=d656fc2e-1800-0000-9a7a-4937a80c0000 pid=3240 clone guuid=2d7b325a-1800-0000-9a7a-4937dd0c0000 pid=3293 /usr/bin/chmod guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=2d7b325a-1800-0000-9a7a-4937dd0c0000 pid=3293 execve guuid=8f18a45a-1800-0000-9a7a-4937df0c0000 pid=3295 /usr/bin/dash guuid=2e85bffd-1700-0000-9a7a-4937660c0000 pid=3174->guuid=8f18a45a-1800-0000-9a7a-4937df0c0000 pid=3295 clone guuid=17db22fe-1700-0000-9a7a-4937680c0000 pid=3176 /usr/bin/cat guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175->guuid=17db22fe-1700-0000-9a7a-4937680c0000 pid=3176 execve guuid=089f2efe-1700-0000-9a7a-4937690c0000 pid=3177 /usr/bin/grep guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175->guuid=089f2efe-1700-0000-9a7a-4937690c0000 pid=3177 execve guuid=057a34fe-1700-0000-9a7a-49376a0c0000 pid=3178 /usr/bin/grep guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175->guuid=057a34fe-1700-0000-9a7a-49376a0c0000 pid=3178 execve guuid=a8bc3afe-1700-0000-9a7a-49376b0c0000 pid=3179 /usr/bin/grep guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175->guuid=a8bc3afe-1700-0000-9a7a-49376b0c0000 pid=3179 execve guuid=347640fe-1700-0000-9a7a-49376c0c0000 pid=3180 /usr/bin/cut guuid=77de18fe-1700-0000-9a7a-4937670c0000 pid=3175->guuid=347640fe-1700-0000-9a7a-49376c0c0000 pid=3180 execve guuid=c1000c00-1800-0000-9a7a-4937750c0000 pid=3189 /usr/bin/cp write-file guuid=16fe0500-1800-0000-9a7a-4937740c0000 pid=3188->guuid=c1000c00-1800-0000-9a7a-4937750c0000 pid=3189 execve guuid=ce917700-1800-0000-9a7a-4937780c0000 pid=3192 /usr/bin/chmod guuid=c04a7100-1800-0000-9a7a-4937770c0000 pid=3191->guuid=ce917700-1800-0000-9a7a-4937780c0000 pid=3192 execve guuid=31feb800-1800-0000-9a7a-49377c0c0000 pid=3196 /usr/bin/wget net send-data write-file guuid=3772b200-1800-0000-9a7a-49377a0c0000 pid=3194->guuid=31feb800-1800-0000-9a7a-49377c0c0000 pid=3196 execve 2beca644-24da-5e18-bc49-c06b8c4a111d 158.51.126.131:80 guuid=31feb800-1800-0000-9a7a-49377c0c0000 pid=3196->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=f0450d2f-1800-0000-9a7a-4937a90c0000 pid=3241 /usr/bin/wget net send-data write-file guuid=d656fc2e-1800-0000-9a7a-4937a80c0000 pid=3240->guuid=f0450d2f-1800-0000-9a7a-4937a90c0000 pid=3241 execve guuid=f0450d2f-1800-0000-9a7a-4937a90c0000 pid=3241->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 10:15:53 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zoxn67inb3r5wxnyrozrxljrinbvxekjaz2selirc2aspwo2y2wq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-man5naaq7s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cbaedf7d0d0ee3db5db88bb31bad3143435b91490675222d11168127d9dac6ad

(this sample)

Mirai

elf ee2120946ac5ee74090a094d9d409e22f994ce64e8f6661e2b17b9f11ff990fd

  
URLhaus
https://urlhaus.abuse.ch/url/3569763/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4cfcb3391415ec9d0f08a413aafdbeba
  
Dropping
SHA256 ee2120946ac5ee74090a094d9d409e22f994ce64e8f6661e2b17b9f11ff990fd

Comments