MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874
SHA3-384 hash: 318551433875c28922e659083e134ab94ad0fb7083a50e49f57a78659e3a544585b6112b94f3527c9e6be176e943c236
SHA1 hash: 68126e8248750ba7deb5f5c4c2fb13348952b9aa
MD5 hash: 5799a80056663ed164dd6ce6e724872b
humanhash: item-lake-pennsylvania-lactose
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:712 bytes
First seen:2026-01-22 12:23:08 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3WVH6C5WVHIeC5WVHjIWL5WVHyePC5WVH8Og5WVHaAF5WVH4Vo+C5WVHC35WVj:3J38ICiIeCKhnd2LVoPB387uCn
TLSH T1E7012CDEA1A51FF197288F2CF973C02C600A94D1F6E705A8E26748388CE83057655BA7
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.67/bins/4rm86414e5dc4a6412453c70c42545f1b17ca423a27739825730a4aa5c26b57f19c Miraimirai opendir
http://94.156.152.67/bins/4rm5f7c16a1a44a9dc6b3ee1f73afffdcd425ca67e0e9c70df44544d488826ad5d8b Miraimirai opendir
http://94.156.152.67/bins/4rm60725116cab37fe76b32f0e460f6dd085bd44618f800918722650bfcd99fbfb5a Miraimirai opendir
http://94.156.152.67/bins/4rm7269c7e600d41cd03b27026d9ea50021b37c36fbf457b44d0f1870180be7ff434 Miraimirai opendir
http://94.156.152.67/bins/pm68kn/an/aelf
http://94.156.152.67/bins/psh4n/an/aelf
http://94.156.152.67/bins/m1ps56fbe540dbc23fddc5be95941b83730ae9a7cb6e95945da3877f27bb281cb6e5 Miraimirai opendir
http://94.156.152.67/bins/m1ps3l9f9f1cde25c8a1ae8e6c3386fe9b92eb41dad1f5c54145b87a5012f70f65fc95 Miraimirai opendir
http://94.156.152.67/bins/pppcn/an/aelf
http://94.156.152.67/bins/x861cdcec3f4fd3d942bbea8523307209f733d6c9d6914e006568a989ea48601d698 Miraimirai opendir
http://94.156.152.67/bins/pspcn/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2026-01-22T09:53:00Z UTC
Last seen:
2026-01-22T10:44:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/02d65ca9-01ff-4cf2-b0a7-63a5ef909712
Behavior Graph:
Download SVG
%3 guuid=472b31f4-1700-0000-7805-bc21dc0b0000 pid=3036 /usr/bin/sudo guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046 /tmp/sample.bin guuid=472b31f4-1700-0000-7805-bc21dc0b0000 pid=3036->guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046 execve guuid=c64816f7-1700-0000-7805-bc21e80b0000 pid=3048 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=c64816f7-1700-0000-7805-bc21e80b0000 pid=3048 execve guuid=571ae007-1800-0000-7805-bc21170c0000 pid=3095 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=571ae007-1800-0000-7805-bc21170c0000 pid=3095 execve guuid=22a82508-1800-0000-7805-bc21190c0000 pid=3097 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=22a82508-1800-0000-7805-bc21190c0000 pid=3097 clone guuid=b7603308-1800-0000-7805-bc211a0c0000 pid=3098 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=b7603308-1800-0000-7805-bc211a0c0000 pid=3098 execve guuid=c48c0416-1800-0000-7805-bc213c0c0000 pid=3132 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=c48c0416-1800-0000-7805-bc213c0c0000 pid=3132 execve guuid=22f56d16-1800-0000-7805-bc213e0c0000 pid=3134 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=22f56d16-1800-0000-7805-bc213e0c0000 pid=3134 clone guuid=c7b58216-1800-0000-7805-bc213f0c0000 pid=3135 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=c7b58216-1800-0000-7805-bc213f0c0000 pid=3135 execve guuid=b99afc24-1800-0000-7805-bc21620c0000 pid=3170 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=b99afc24-1800-0000-7805-bc21620c0000 pid=3170 execve guuid=d59ea025-1800-0000-7805-bc21640c0000 pid=3172 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=d59ea025-1800-0000-7805-bc21640c0000 pid=3172 clone guuid=2d33a925-1800-0000-7805-bc21650c0000 pid=3173 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=2d33a925-1800-0000-7805-bc21650c0000 pid=3173 execve guuid=9b449337-1800-0000-7805-bc216e0c0000 pid=3182 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=9b449337-1800-0000-7805-bc216e0c0000 pid=3182 execve guuid=95b1ec37-1800-0000-7805-bc216f0c0000 pid=3183 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=95b1ec37-1800-0000-7805-bc216f0c0000 pid=3183 clone guuid=477df937-1800-0000-7805-bc21700c0000 pid=3184 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=477df937-1800-0000-7805-bc21700c0000 pid=3184 execve guuid=9c26287d-1800-0000-7805-bc21c10c0000 pid=3265 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=9c26287d-1800-0000-7805-bc21c10c0000 pid=3265 execve guuid=df84717d-1800-0000-7805-bc21c20c0000 pid=3266 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=df84717d-1800-0000-7805-bc21c20c0000 pid=3266 clone guuid=31ba797d-1800-0000-7805-bc21c30c0000 pid=3267 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=31ba797d-1800-0000-7805-bc21c30c0000 pid=3267 execve guuid=3b430283-1800-0000-7805-bc21d20c0000 pid=3282 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=3b430283-1800-0000-7805-bc21d20c0000 pid=3282 execve guuid=7a434183-1800-0000-7805-bc21d30c0000 pid=3283 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=7a434183-1800-0000-7805-bc21d30c0000 pid=3283 clone guuid=e1f34783-1800-0000-7805-bc21d40c0000 pid=3284 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=e1f34783-1800-0000-7805-bc21d40c0000 pid=3284 execve guuid=87b47e92-1800-0000-7805-bc21ed0c0000 pid=3309 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=87b47e92-1800-0000-7805-bc21ed0c0000 pid=3309 execve guuid=adb0ca92-1800-0000-7805-bc21ef0c0000 pid=3311 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=adb0ca92-1800-0000-7805-bc21ef0c0000 pid=3311 clone guuid=7fa3d992-1800-0000-7805-bc21f00c0000 pid=3312 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=7fa3d992-1800-0000-7805-bc21f00c0000 pid=3312 execve guuid=ba5b69a3-1800-0000-7805-bc210f0d0000 pid=3343 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=ba5b69a3-1800-0000-7805-bc210f0d0000 pid=3343 execve guuid=7a23f0a3-1800-0000-7805-bc21100d0000 pid=3344 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=7a23f0a3-1800-0000-7805-bc21100d0000 pid=3344 clone guuid=01abf7a3-1800-0000-7805-bc21110d0000 pid=3345 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=01abf7a3-1800-0000-7805-bc21110d0000 pid=3345 execve guuid=db8419aa-1800-0000-7805-bc21130d0000 pid=3347 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=db8419aa-1800-0000-7805-bc21130d0000 pid=3347 execve guuid=8f6682aa-1800-0000-7805-bc21150d0000 pid=3349 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=8f6682aa-1800-0000-7805-bc21150d0000 pid=3349 clone guuid=f0f696aa-1800-0000-7805-bc21160d0000 pid=3350 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=f0f696aa-1800-0000-7805-bc21160d0000 pid=3350 execve guuid=9e6d7ab7-1800-0000-7805-bc212c0d0000 pid=3372 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=9e6d7ab7-1800-0000-7805-bc212c0d0000 pid=3372 execve guuid=13fcd3b7-1800-0000-7805-bc212e0d0000 pid=3374 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=13fcd3b7-1800-0000-7805-bc212e0d0000 pid=3374 clone guuid=9f82e5b7-1800-0000-7805-bc212f0d0000 pid=3375 /usr/bin/curl net send-data guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=9f82e5b7-1800-0000-7805-bc212f0d0000 pid=3375 execve guuid=4fc1d4c1-1800-0000-7805-bc21410d0000 pid=3393 /usr/bin/chmod guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=4fc1d4c1-1800-0000-7805-bc21410d0000 pid=3393 execve guuid=1fea11c2-1800-0000-7805-bc21430d0000 pid=3395 /usr/bin/dash guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=1fea11c2-1800-0000-7805-bc21430d0000 pid=3395 clone guuid=d95f23c2-1800-0000-7805-bc21440d0000 pid=3396 /usr/bin/rm delete-file guuid=cb45d0f6-1700-0000-7805-bc21e60b0000 pid=3046->guuid=d95f23c2-1800-0000-7805-bc21440d0000 pid=3396 execve a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 94.156.152.67:80 guuid=c64816f7-1700-0000-7805-bc21e80b0000 pid=3048->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 85B guuid=b7603308-1800-0000-7805-bc211a0c0000 pid=3098->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=c7b58216-1800-0000-7805-bc213f0c0000 pid=3135->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=2d33a925-1800-0000-7805-bc21650c0000 pid=3173->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=477df937-1800-0000-7805-bc21700c0000 pid=3184->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 87B guuid=31ba797d-1800-0000-7805-bc21c30c0000 pid=3267->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=e1f34783-1800-0000-7805-bc21d40c0000 pid=3284->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=7fa3d992-1800-0000-7805-bc21f00c0000 pid=3312->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 88B guuid=01abf7a3-1800-0000-7805-bc21110d0000 pid=3345->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=f0f696aa-1800-0000-7805-bc21160d0000 pid=3350->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B guuid=9f82e5b7-1800-0000-7805-bc212f0d0000 pid=3375->a0cce8c1-8de3-5e77-97c2-8db8bf5fa654 send: 86B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-01-22 12:23:22 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5l4avbia72l6zqv7z6tj2nr5fsttdhdgbtm6bcrbi3i7fkphb2a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260122-pkk7vsfs7c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cf57c0542807f4bf6615fe7d34e9b1e965398ce33066cf04510a368f954f3874

(this sample)

Mirai

elf 86414e5dc4a6412453c70c42545f1b17ca423a27739825730a4aa5c26b57f19c

  
URLhaus
https://urlhaus.abuse.ch/url/3761991/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2a07098743362300b3d0c57c9f1ad83d
  
Dropping
SHA256 86414e5dc4a6412453c70c42545f1b17ca423a27739825730a4aa5c26b57f19c

Comments