MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8
SHA3-384 hash: 400663b953d36cf1e3b7b464581b80109d1c14f8b2df2b811ff3aebb9cf7a6df40e429a9c2ef422f516f28e06751f071
SHA1 hash: de4838e3e48498ed23cb24ba91aaa8840fcd4c5f
MD5 hash: 7547fa723220757831b318136abc2035
humanhash: white-fix-magazine-lion
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:802 bytes
First seen:2025-06-26 10:08:57 UTC
Last seen:2025-06-26 21:53:22 UTC
File type: sh
MIME type:text/plain
ssdeep 12:euDbL4mxNIl5Zif0LKcSgOxVHoagkSZFtfUfHa1Djv:X/L5NI73KPgKIafqt8P+jv
TLSH T100019EDD64B557710548CD08E16FCA6C640A8EC022808FED6D8C1A7A79DEF207126B48
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.20.102.84/arm2a1784fe8e62a215af8edbf16a1be72eb97436e5b314014fc67c69e063f82628 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm5718c9d1905c62a6fed982fb0d52366417cc88c50482d924d8521c62c0cf01eba Miraicensys elf mirai ua-wget
http://103.20.102.84/arm6b78a40c5cfe60dac573574bc6d166596fe6053f24646bbf65468d8272bf82f90 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm7ed3f02939036caf9222d47af47e32a1cab1d8fb3e8614f0281f3e2bc768f444b Miraicensys DEU elf geofenced mirai ua-wget
http://103.20.102.84/m68ka1b3a375a2a86d3ca87efb0ad6821d48958b020ca2240440f091a67441d6ae0b Miraicensys elf mirai ua-wget
http://103.20.102.84/mips1696726d9e61fdb92483cd792fe78121f10e6f46489fce7e78f975cc132d10cf Miraicensys elf mirai ua-wget
http://103.20.102.84/mpsl04d9d3b365ade8ea025dc8e7bb3dc5624ea89185435263b00cb96d238cf76ba2 Miraicensys elf mirai ua-wget
http://103.20.102.84/ppc00d5063c4ed84d4fd055d039da489c07e0cd10f9f7c52332cd2b5695145ffe3b Miraicensys elf mirai ua-wget
http://103.20.102.84/sh480f711fa14fe135a23c1d31064d83545f41f3df1e0c8c88ec0442ec7b8eb9d34 Miraicensys elf mirai ua-wget
http://103.20.102.84/spcae7f4dd7ff7cc7f64216b92e26366797247a61e47e0524433284613304b14e78 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86ce6595654dcd1cf8e6802e0538b82d06a3c44ec488bcf9e3331bc74bad6ad017 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86_649e892c7701dabb3f4f898ecf9b49c764fa217d0510776a1c79f73034445905f6 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685d1d48b06783b9ebd7ffb3
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/685d1c58d1f1eb5d81c6fd09/reports/9b37c98e-a7a3-458e-9ede-bf3f7e39d9eb/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7918d8b6-a948-4ec7-8779-51122b784aa1
Behavior Graph:
Download SVG
%3 guuid=d055d090-1600-0000-82cf-dc489d0c0000 pid=3229 /usr/bin/sudo guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236 /tmp/sample.bin guuid=d055d090-1600-0000-82cf-dc489d0c0000 pid=3229->guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236 execve guuid=c1713093-1600-0000-82cf-dc48a50c0000 pid=3237 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=c1713093-1600-0000-82cf-dc48a50c0000 pid=3237 execve guuid=fcd597d6-1600-0000-82cf-dc48060d0000 pid=3334 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=fcd597d6-1600-0000-82cf-dc48060d0000 pid=3334 execve guuid=7588f6d6-1600-0000-82cf-dc48070d0000 pid=3335 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=7588f6d6-1600-0000-82cf-dc48070d0000 pid=3335 clone guuid=0d0788d7-1600-0000-82cf-dc480a0d0000 pid=3338 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=0d0788d7-1600-0000-82cf-dc480a0d0000 pid=3338 execve guuid=429aec02-1700-0000-82cf-dc48550d0000 pid=3413 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=429aec02-1700-0000-82cf-dc48550d0000 pid=3413 execve guuid=24983503-1700-0000-82cf-dc48570d0000 pid=3415 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=24983503-1700-0000-82cf-dc48570d0000 pid=3415 clone guuid=ddf1dc03-1700-0000-82cf-dc485b0d0000 pid=3419 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=ddf1dc03-1700-0000-82cf-dc485b0d0000 pid=3419 execve guuid=46587e48-1700-0000-82cf-dc48d40d0000 pid=3540 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=46587e48-1700-0000-82cf-dc48d40d0000 pid=3540 execve guuid=565ef948-1700-0000-82cf-dc48d60d0000 pid=3542 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=565ef948-1700-0000-82cf-dc48d60d0000 pid=3542 clone guuid=0284184a-1700-0000-82cf-dc48da0d0000 pid=3546 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=0284184a-1700-0000-82cf-dc48da0d0000 pid=3546 execve guuid=6fded18e-1700-0000-82cf-dc485d0e0000 pid=3677 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=6fded18e-1700-0000-82cf-dc485d0e0000 pid=3677 execve guuid=5f2e2e8f-1700-0000-82cf-dc48600e0000 pid=3680 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=5f2e2e8f-1700-0000-82cf-dc48600e0000 pid=3680 clone guuid=3884f08f-1700-0000-82cf-dc48640e0000 pid=3684 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=3884f08f-1700-0000-82cf-dc48640e0000 pid=3684 execve guuid=9b2889d4-1700-0000-82cf-dc480e0f0000 pid=3854 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=9b2889d4-1700-0000-82cf-dc480e0f0000 pid=3854 execve guuid=43b20ad5-1700-0000-82cf-dc480f0f0000 pid=3855 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=43b20ad5-1700-0000-82cf-dc480f0f0000 pid=3855 clone guuid=12b615d6-1700-0000-82cf-dc48140f0000 pid=3860 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=12b615d6-1700-0000-82cf-dc48140f0000 pid=3860 execve guuid=289cc51a-1800-0000-82cf-dc48a70f0000 pid=4007 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=289cc51a-1800-0000-82cf-dc48a70f0000 pid=4007 execve guuid=2249441b-1800-0000-82cf-dc48a90f0000 pid=4009 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=2249441b-1800-0000-82cf-dc48a90f0000 pid=4009 clone guuid=94fe891d-1800-0000-82cf-dc48af0f0000 pid=4015 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=94fe891d-1800-0000-82cf-dc48af0f0000 pid=4015 execve guuid=cb4ed26f-1800-0000-82cf-dc485c100000 pid=4188 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=cb4ed26f-1800-0000-82cf-dc485c100000 pid=4188 execve guuid=33d84570-1800-0000-82cf-dc485e100000 pid=4190 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=33d84570-1800-0000-82cf-dc485e100000 pid=4190 clone guuid=fb59a872-1800-0000-82cf-dc4865100000 pid=4197 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=fb59a872-1800-0000-82cf-dc4865100000 pid=4197 execve guuid=995470b7-1800-0000-82cf-dc480a110000 pid=4362 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=995470b7-1800-0000-82cf-dc480a110000 pid=4362 execve guuid=d917e4b7-1800-0000-82cf-dc480c110000 pid=4364 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=d917e4b7-1800-0000-82cf-dc480c110000 pid=4364 clone guuid=a7975eba-1800-0000-82cf-dc4812110000 pid=4370 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=a7975eba-1800-0000-82cf-dc4812110000 pid=4370 execve guuid=c47957fe-1800-0000-82cf-dc48b4110000 pid=4532 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=c47957fe-1800-0000-82cf-dc48b4110000 pid=4532 execve guuid=47ffd1fe-1800-0000-82cf-dc48b6110000 pid=4534 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=47ffd1fe-1800-0000-82cf-dc48b6110000 pid=4534 clone guuid=65be3701-1900-0000-82cf-dc48be110000 pid=4542 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=65be3701-1900-0000-82cf-dc48be110000 pid=4542 execve guuid=717e0246-1900-0000-82cf-dc4863120000 pid=4707 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=717e0246-1900-0000-82cf-dc4863120000 pid=4707 execve guuid=e6538d46-1900-0000-82cf-dc4864120000 pid=4708 /usr/bin/dash guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=e6538d46-1900-0000-82cf-dc4864120000 pid=4708 clone guuid=92041d49-1900-0000-82cf-dc4869120000 pid=4713 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=92041d49-1900-0000-82cf-dc4869120000 pid=4713 execve guuid=f91ff97f-1900-0000-82cf-dc48b6120000 pid=4790 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=f91ff97f-1900-0000-82cf-dc48b6120000 pid=4790 execve guuid=ffcd9980-1900-0000-82cf-dc48b8120000 pid=4792 /home/sandbox/x86 net guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=ffcd9980-1900-0000-82cf-dc48b8120000 pid=4792 execve guuid=bbcc0981-1900-0000-82cf-dc48bb120000 pid=4795 /usr/bin/busybox net send-data write-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=bbcc0981-1900-0000-82cf-dc48bb120000 pid=4795 execve guuid=315174c9-1900-0000-82cf-dc487b130000 pid=4987 /usr/bin/chmod guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=315174c9-1900-0000-82cf-dc487b130000 pid=4987 execve guuid=b24a14ca-1900-0000-82cf-dc487d130000 pid=4989 /home/sandbox/x86_64 net guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=b24a14ca-1900-0000-82cf-dc487d130000 pid=4989 execve guuid=a83534ca-1900-0000-82cf-dc4880130000 pid=4992 /usr/bin/rm delete-file guuid=0772fd92-1600-0000-82cf-dc48a40c0000 pid=3236->guuid=a83534ca-1900-0000-82cf-dc4880130000 pid=4992 execve 3facbf0f-3b96-584f-8c0a-db279242f5a0 103.20.102.84:80 guuid=c1713093-1600-0000-82cf-dc48a50c0000 pid=3237->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 79B guuid=0d0788d7-1600-0000-82cf-dc480a0d0000 pid=3338->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=ddf1dc03-1700-0000-82cf-dc485b0d0000 pid=3419->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=0284184a-1700-0000-82cf-dc48da0d0000 pid=3546->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=3884f08f-1700-0000-82cf-dc48640e0000 pid=3684->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=12b615d6-1700-0000-82cf-dc48140f0000 pid=3860->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=94fe891d-1800-0000-82cf-dc48af0f0000 pid=4015->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=fb59a872-1800-0000-82cf-dc4865100000 pid=4197->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 79B guuid=a7975eba-1800-0000-82cf-dc4812110000 pid=4370->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 79B guuid=65be3701-1900-0000-82cf-dc48be110000 pid=4542->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 79B guuid=92041d49-1900-0000-82cf-dc4869120000 pid=4713->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 79B 9acc6d61-fcad-57a8-87dc-76af339e280f 103.20.102.84:53 guuid=ffcd9980-1900-0000-82cf-dc48b8120000 pid=4792->9acc6d61-fcad-57a8-87dc-76af339e280f con guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793 /home/sandbox/x86 dns net send-data zombie guuid=ffcd9980-1900-0000-82cf-dc48b8120000 pid=4792->guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B fb9ff12a-016f-5998-9739-6ce89e7b4626 cskcncsus.vietnamddns.com:55555 guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793->fb9ff12a-016f-5998-9739-6ce89e7b4626 send: 9B 553d282a-e97f-5b61-9ceb-7be8930d64af cskcncsus.vietnamddns.com:53 guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793->553d282a-e97f-5b61-9ceb-7be8930d64af con guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796 /home/sandbox/x86 guuid=dd34fe80-1900-0000-82cf-dc48b9120000 pid=4793->guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796 clone 5151a80e-2dbb-51a4-b514-8f2858481458 cskcncsus.vietnamddns.com:80 guuid=bbcc0981-1900-0000-82cf-dc48bb120000 pid=4795->5151a80e-2dbb-51a4-b514-8f2858481458 send: 82B guuid=57aca181-1900-0000-82cf-dc48be120000 pid=4798 /home/sandbox/x86 guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796->guuid=57aca181-1900-0000-82cf-dc48be120000 pid=4798 clone guuid=1bd80903-1d00-0000-82cf-dc48ba140000 pid=5306 /home/sandbox/x86 guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796->guuid=1bd80903-1d00-0000-82cf-dc48ba140000 pid=5306 clone guuid=7dde2084-2000-0000-82cf-dc48bc140000 pid=5308 /home/sandbox/x86 guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796->guuid=7dde2084-2000-0000-82cf-dc48bc140000 pid=5308 clone guuid=e7ff4805-2400-0000-82cf-dc48be140000 pid=5310 /home/sandbox/x86 guuid=679a2981-1900-0000-82cf-dc48bc120000 pid=4796->guuid=e7ff4805-2400-0000-82cf-dc48be140000 pid=5310 clone guuid=b24a14ca-1900-0000-82cf-dc487d130000 pid=4989->553d282a-e97f-5b61-9ceb-7be8930d64af con guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990 /home/sandbox/x86_64 dns net send-data zombie guuid=b24a14ca-1900-0000-82cf-dc487d130000 pid=4989->guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990 clone guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 344B guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990->fb9ff12a-016f-5998-9739-6ce89e7b4626 send: 56B guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990->553d282a-e97f-5b61-9ceb-7be8930d64af con guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991 /home/sandbox/x86_64 guuid=262f26ca-1900-0000-82cf-dc487e130000 pid=4990->guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991 clone guuid=91823bca-1900-0000-82cf-dc4881130000 pid=4993 /home/sandbox/x86_64 guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991->guuid=91823bca-1900-0000-82cf-dc4881130000 pid=4993 clone guuid=4327d448-1d00-0000-82cf-dc48bb140000 pid=5307 /home/sandbox/x86_64 guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991->guuid=4327d448-1d00-0000-82cf-dc48bb140000 pid=5307 clone guuid=fb13b9c7-2000-0000-82cf-dc48bd140000 pid=5309 /home/sandbox/x86_64 guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991->guuid=fb13b9c7-2000-0000-82cf-dc48bd140000 pid=5309 clone guuid=9ef36f46-2400-0000-82cf-dc48bf140000 pid=5311 /home/sandbox/x86_64 guuid=87112fca-1900-0000-82cf-dc487f130000 pid=4991->guuid=9ef36f46-2400-0000-82cf-dc48bf140000 pid=5311 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 10:09:30 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z5qntekazjg5j27kakew5cmdu3yvw4e7mebn7brqtizatdipwhma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-l61ynacn8z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cf60d99140ca4dd4ebea02896e8983a6f15b709f6102df86309a32098d0fb1d8

(this sample)

Mirai

elf 93abb27fd30f1b19c4f9d64027b09ee3c5df52f9a189f3b628e9e70065ca863b

  
URLhaus
https://urlhaus.abuse.ch/url/3568991/
  
Delivery method
Distributed via web download
  
Dropping
MD5 0070331f92bd13796050fe3240c8028d
  
Dropping
SHA256 93abb27fd30f1b19c4f9d64027b09ee3c5df52f9a189f3b628e9e70065ca863b

Comments