MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03
SHA3-384 hash: 81e8af6f752e9bee79b1948a69f79fc728d41a39a81223b7587e16dafcef8450cbb5cf8d1f907345f0794fc1d75c871a
SHA1 hash: 15c8e7d60afad8da5a0061f8cde7f7dafd7369e5
MD5 hash: 8ec922dd4bf613ce60cfead7c1efe7f0
humanhash: cold-sink-glucose-october
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'143 bytes
First seen:2025-08-11 17:43:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3FENv+dJNnia8ZLQkDj+JyMl8OGkUMPXioWxzodHA:i+dJNia8ZLQkDj+Jy6QkpPXioWxzodg
TLSH T1F421D58D12A9D2D25E1ECD26B0DA41697D4CC1C031749EB5F29A89B198C870230BCFF5
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.55.60/HBTs/top1miku.arcn/an/aopendir ua-wget
http://160.191.55.60/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/top1miku.i686n/an/aopendir ua-wget
http://160.191.55.60/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.systemd-jdn/an/aopendir ua-wget
http://160.191.55.60/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraimirai opendir ua-wget
http://160.191.55.60/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraimirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/689a2bfd397fd3ce6fa4f88b/reports/4e9cb13c-b5f4-422e-a5ae-361b2cad40e7/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/76fc7a62-adc6-4124-bac0-2df7d23ef517
Behavior Graph:
Download SVG
%3 guuid=40100cc2-1600-0000-f479-15edd00c0000 pid=3280 /usr/bin/sudo guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285 /tmp/sample.bin guuid=40100cc2-1600-0000-f479-15edd00c0000 pid=3280->guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285 execve guuid=34f1fcc3-1600-0000-f479-15edd60c0000 pid=3286 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=34f1fcc3-1600-0000-f479-15edd60c0000 pid=3286 execve guuid=3bd6aee4-1600-0000-f479-15ed0e0d0000 pid=3342 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=3bd6aee4-1600-0000-f479-15ed0e0d0000 pid=3342 execve guuid=2b3908e5-1600-0000-f479-15ed0f0d0000 pid=3343 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=2b3908e5-1600-0000-f479-15ed0f0d0000 pid=3343 clone guuid=833d37e5-1600-0000-f479-15ed110d0000 pid=3345 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=833d37e5-1600-0000-f479-15ed110d0000 pid=3345 execve guuid=ee8e8227-1700-0000-f479-15ed8b0d0000 pid=3467 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=ee8e8227-1700-0000-f479-15ed8b0d0000 pid=3467 execve guuid=5bc73d28-1700-0000-f479-15ed8d0d0000 pid=3469 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=5bc73d28-1700-0000-f479-15ed8d0d0000 pid=3469 clone guuid=1f5a5828-1700-0000-f479-15ed8e0d0000 pid=3470 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=1f5a5828-1700-0000-f479-15ed8e0d0000 pid=3470 execve guuid=a7a2c76a-1700-0000-f479-15edff0d0000 pid=3583 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=a7a2c76a-1700-0000-f479-15edff0d0000 pid=3583 execve guuid=cfd5556b-1700-0000-f479-15ed010e0000 pid=3585 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=cfd5556b-1700-0000-f479-15ed010e0000 pid=3585 clone guuid=e6c3696b-1700-0000-f479-15ed020e0000 pid=3586 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=e6c3696b-1700-0000-f479-15ed020e0000 pid=3586 execve guuid=4ed8eb87-1700-0000-f479-15ed3c0e0000 pid=3644 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=4ed8eb87-1700-0000-f479-15ed3c0e0000 pid=3644 execve guuid=8e2d6e88-1700-0000-f479-15ed3e0e0000 pid=3646 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=8e2d6e88-1700-0000-f479-15ed3e0e0000 pid=3646 clone guuid=d19c8488-1700-0000-f479-15ed3f0e0000 pid=3647 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=d19c8488-1700-0000-f479-15ed3f0e0000 pid=3647 execve guuid=8b020cca-1700-0000-f479-15edd90e0000 pid=3801 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=8b020cca-1700-0000-f479-15edd90e0000 pid=3801 execve guuid=cfb291ca-1700-0000-f479-15eddb0e0000 pid=3803 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=cfb291ca-1700-0000-f479-15eddb0e0000 pid=3803 clone guuid=9c33a2ca-1700-0000-f479-15eddc0e0000 pid=3804 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=9c33a2ca-1700-0000-f479-15eddc0e0000 pid=3804 execve guuid=f84d220d-1800-0000-f479-15ed700f0000 pid=3952 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=f84d220d-1800-0000-f479-15ed700f0000 pid=3952 execve guuid=df62250e-1800-0000-f479-15ed710f0000 pid=3953 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=df62250e-1800-0000-f479-15ed710f0000 pid=3953 clone guuid=d440360e-1800-0000-f479-15ed720f0000 pid=3954 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=d440360e-1800-0000-f479-15ed720f0000 pid=3954 execve guuid=8c628c53-1800-0000-f479-15edea0f0000 pid=4074 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=8c628c53-1800-0000-f479-15edea0f0000 pid=4074 execve guuid=2f591a54-1800-0000-f479-15eded0f0000 pid=4077 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=2f591a54-1800-0000-f479-15eded0f0000 pid=4077 clone guuid=95b03d54-1800-0000-f479-15edef0f0000 pid=4079 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=95b03d54-1800-0000-f479-15edef0f0000 pid=4079 execve guuid=d6f3c796-1800-0000-f479-15ed83100000 pid=4227 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=d6f3c796-1800-0000-f479-15ed83100000 pid=4227 execve guuid=e0c33397-1800-0000-f479-15ed84100000 pid=4228 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=e0c33397-1800-0000-f479-15ed84100000 pid=4228 clone guuid=55374797-1800-0000-f479-15ed85100000 pid=4229 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=55374797-1800-0000-f479-15ed85100000 pid=4229 execve guuid=396a11dc-1800-0000-f479-15ed2d110000 pid=4397 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=396a11dc-1800-0000-f479-15ed2d110000 pid=4397 execve guuid=31517cdc-1800-0000-f479-15ed2e110000 pid=4398 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=31517cdc-1800-0000-f479-15ed2e110000 pid=4398 clone guuid=0c0491dc-1800-0000-f479-15ed30110000 pid=4400 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=0c0491dc-1800-0000-f479-15ed30110000 pid=4400 execve guuid=98b97023-1900-0000-f479-15ede3110000 pid=4579 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=98b97023-1900-0000-f479-15ede3110000 pid=4579 execve guuid=48bdee23-1900-0000-f479-15ede7110000 pid=4583 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=48bdee23-1900-0000-f479-15ede7110000 pid=4583 clone guuid=3fb70824-1900-0000-f479-15ede8110000 pid=4584 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=3fb70824-1900-0000-f479-15ede8110000 pid=4584 execve guuid=5504c467-1900-0000-f479-15edaa120000 pid=4778 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=5504c467-1900-0000-f479-15edaa120000 pid=4778 execve guuid=eb2f1e68-1900-0000-f479-15edab120000 pid=4779 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=eb2f1e68-1900-0000-f479-15edab120000 pid=4779 clone guuid=be732368-1900-0000-f479-15edad120000 pid=4781 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=be732368-1900-0000-f479-15edad120000 pid=4781 execve guuid=e1e3248d-1900-0000-f479-15ede0120000 pid=4832 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=e1e3248d-1900-0000-f479-15ede0120000 pid=4832 execve guuid=d12df48d-1900-0000-f479-15ede2120000 pid=4834 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=d12df48d-1900-0000-f479-15ede2120000 pid=4834 clone guuid=09e92e8e-1900-0000-f479-15ede3120000 pid=4835 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=09e92e8e-1900-0000-f479-15ede3120000 pid=4835 execve guuid=601fd5d0-1900-0000-f479-15ed9d130000 pid=5021 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=601fd5d0-1900-0000-f479-15ed9d130000 pid=5021 execve guuid=d47d3cd1-1900-0000-f479-15ed9f130000 pid=5023 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=d47d3cd1-1900-0000-f479-15ed9f130000 pid=5023 clone guuid=1b894dd1-1900-0000-f479-15eda0130000 pid=5024 /usr/bin/curl net send-data guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=1b894dd1-1900-0000-f479-15eda0130000 pid=5024 execve guuid=e9fa1311-1a00-0000-f479-15ed3a140000 pid=5178 /usr/bin/chmod guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=e9fa1311-1a00-0000-f479-15ed3a140000 pid=5178 execve guuid=8d4d8411-1a00-0000-f479-15ed3c140000 pid=5180 /usr/bin/dash guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=8d4d8411-1a00-0000-f479-15ed3c140000 pid=5180 clone guuid=78d79e11-1a00-0000-f479-15ed3e140000 pid=5182 /usr/bin/rm guuid=7050ccc3-1600-0000-f479-15edd50c0000 pid=3285->guuid=78d79e11-1a00-0000-f479-15ed3e140000 pid=5182 execve b2331ca0-b7d5-523d-86de-9cf5e3f8a592 160.191.55.60:80 guuid=34f1fcc3-1600-0000-f479-15edd60c0000 pid=3286->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 94B guuid=833d37e5-1600-0000-f479-15ed110d0000 pid=3345->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 88B guuid=1f5a5828-1700-0000-f479-15ed8e0d0000 pid=3470->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 88B guuid=e6c3696b-1700-0000-f479-15ed020e0000 pid=3586->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 95B guuid=d19c8488-1700-0000-f479-15ed3f0e0000 pid=3647->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 90B guuid=9c33a2ca-1700-0000-f479-15eddc0e0000 pid=3804->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 90B guuid=d440360e-1800-0000-f479-15ed720f0000 pid=3954->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 87B guuid=95b03d54-1800-0000-f479-15edef0f0000 pid=4079->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 88B guuid=55374797-1800-0000-f479-15ed85100000 pid=4229->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 89B guuid=0c0491dc-1800-0000-f479-15ed30110000 pid=4400->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 88B guuid=3fb70824-1900-0000-f479-15ede8110000 pid=4584->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 91B guuid=be732368-1900-0000-f479-15edad120000 pid=4781->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 93B guuid=09e92e8e-1900-0000-f479-15ede3120000 pid=4835->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 91B guuid=1b894dd1-1900-0000-f479-15eda0130000 pid=5024->b2331ca0-b7d5-523d-86de-9cf5e3f8a592 send: 88B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 17:44:22 UTC
File Type:
Text
AV detection:
14 of 38 (36.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zwqczdt3txe4tqeqdou4a3dc5owlxtglhmfmrporzhj4eow3jibq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-wbcbxsfp4w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cda02c8e7b9dc9c9c0901ba9c06c62ebacbbcccb3b0ac8bdd1c9d3c23adb4a03

(this sample)

Mirai

elf a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

  
URLhaus
https://urlhaus.abuse.ch/url/3592533/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f530e40e89fe6c93f70c073237e195c
  
Dropping
SHA256 a999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49

Comments