MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e
SHA3-384 hash: 61054748535d78b5bd0996e1da9c6a9aae97ebda8f156c46fccbb0c8ffaf98c4f8dc13c2b5e20df1115e7cc1ef4c2aae
SHA1 hash: 2edbecc80de107ce3459b4fc29a0d54b198edc58
MD5 hash: f07c2c387918ed608d48cbca00dd4f6c
humanhash: alpha-shade-coffee-pennsylvania
File name:abc1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:707 bytes
First seen:2026-02-17 17:12:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3X1eLqQXcjQXiNIl5zAQXP0LKjQXuOsQXiCQXc/QX6cSEQXotaKAQXK/iAQXKK:3J3qaZNI7WKRT2bcZtBq/dhA
TLSH T1BE011E8D2BE4B1879E0C9E08F16A821C7940A6C072B40D55F364B870D8DD210FCA8F7A
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.116.52.126/arm577d8721cd22e77550b4e0739c889238e684e31c8897b569e936f60812c8dc5df Miraielf mirai
http://103.116.52.126/arm7bb574077868abf5750ef9bd088acdc8e7705c91a4a85ff6db0a7827a4f1a9b8 Miraielf mirai
http://103.116.52.126/arm633aee8ae5b2454a6366fff8e875b5b3454c34f3d5dbc8d6eab0934d4f8e4bdd6 Miraielf mirai
http://103.116.52.126/arm7cfa5d5f9016becaadc1660ddc6297c1eb727239f81dcff15315d38fa6f29febf Miraielf mirai
http://103.116.52.126/m68k17cb55ed8de9146032299bfe90c81e26b2a21239ecd62e9f0e303def4b71614d Miraielf mirai
http://103.116.52.126/mipse635dc4f49eacd822f6f417c611d1fc3f888280c8c43886ee4dd3e5566d1ede1 Miraielf mirai
http://103.116.52.126/mpsl5ce46bb5bb8d83d082b192184df8e352728713b91752e1fe9c5ed3bbdcfb78d2 Miraielf mirai
http://103.116.52.126/ppcc8b36c9da4bdd719b36ba6f9fa1cb1f1222a87950dc9fb6a247d684e33b22284 Miraielf mirai
http://103.116.52.126/sh407d009db915ae2f3e7483241f32478e75b5fe9ac1a836cfb6a6db96baa80329a Miraielf mirai
http://103.116.52.126/x86e081389159aae1c758b34b9f69cef16f25c14b6519c43e174f5290b46f240a35 Miraielf mirai
http://103.116.52.126/x86_64baaca57ea05a7f0a57cf65c27ee615effc19fae9913fb21e76c32cea21a278c8 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6994a1bf981ff1d38a592646/reports/5b40f17b-830e-4233-88dc-d1205583e22f/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3292b4f5-4997-4c43-9f95-e433426c1c59
Behavior Graph:
Download SVG
%3 guuid=eff2c43c-1a00-0000-4dce-e185360b0000 pid=2870 /usr/bin/sudo guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877 /tmp/sample.bin guuid=eff2c43c-1a00-0000-4dce-e185360b0000 pid=2870->guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877 execve guuid=667d844a-1a00-0000-4dce-e185540b0000 pid=2900 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=667d844a-1a00-0000-4dce-e185540b0000 pid=2900 execve guuid=d0ebb786-1a00-0000-4dce-e185bd0b0000 pid=3005 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=d0ebb786-1a00-0000-4dce-e185bd0b0000 pid=3005 execve guuid=26b30f87-1a00-0000-4dce-e185bf0b0000 pid=3007 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=26b30f87-1a00-0000-4dce-e185bf0b0000 pid=3007 clone guuid=0ffa2387-1a00-0000-4dce-e185c00b0000 pid=3008 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=0ffa2387-1a00-0000-4dce-e185c00b0000 pid=3008 execve guuid=da827fda-1a00-0000-4dce-e185740c0000 pid=3188 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=da827fda-1a00-0000-4dce-e185740c0000 pid=3188 execve guuid=6faf1ddb-1a00-0000-4dce-e185750c0000 pid=3189 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=6faf1ddb-1a00-0000-4dce-e185750c0000 pid=3189 clone guuid=3d6b2ddb-1a00-0000-4dce-e185760c0000 pid=3190 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=3d6b2ddb-1a00-0000-4dce-e185760c0000 pid=3190 execve guuid=456a8f37-1b00-0000-4dce-e185d00c0000 pid=3280 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=456a8f37-1b00-0000-4dce-e185d00c0000 pid=3280 execve guuid=2ad8d837-1b00-0000-4dce-e185d20c0000 pid=3282 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=2ad8d837-1b00-0000-4dce-e185d20c0000 pid=3282 clone guuid=2d29e737-1b00-0000-4dce-e185d40c0000 pid=3284 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=2d29e737-1b00-0000-4dce-e185d40c0000 pid=3284 execve guuid=bbed20c9-1b00-0000-4dce-e185fa0d0000 pid=3578 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=bbed20c9-1b00-0000-4dce-e185fa0d0000 pid=3578 execve guuid=239f92c9-1b00-0000-4dce-e185fc0d0000 pid=3580 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=239f92c9-1b00-0000-4dce-e185fc0d0000 pid=3580 clone guuid=1c8f99c9-1b00-0000-4dce-e185fd0d0000 pid=3581 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=1c8f99c9-1b00-0000-4dce-e185fd0d0000 pid=3581 execve guuid=8d9c1223-1c00-0000-4dce-e185fc0e0000 pid=3836 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=8d9c1223-1c00-0000-4dce-e185fc0e0000 pid=3836 execve guuid=d9346523-1c00-0000-4dce-e185fd0e0000 pid=3837 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=d9346523-1c00-0000-4dce-e185fd0e0000 pid=3837 clone guuid=da317623-1c00-0000-4dce-e185fe0e0000 pid=3838 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=da317623-1c00-0000-4dce-e185fe0e0000 pid=3838 execve guuid=37ce8f80-1c00-0000-4dce-e1851c100000 pid=4124 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=37ce8f80-1c00-0000-4dce-e1851c100000 pid=4124 execve guuid=afb00081-1c00-0000-4dce-e1851e100000 pid=4126 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=afb00081-1c00-0000-4dce-e1851e100000 pid=4126 clone guuid=b64a1681-1c00-0000-4dce-e1851f100000 pid=4127 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=b64a1681-1c00-0000-4dce-e1851f100000 pid=4127 execve guuid=f88524e1-1c00-0000-4dce-e1852d110000 pid=4397 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=f88524e1-1c00-0000-4dce-e1852d110000 pid=4397 execve guuid=46bbe3e1-1c00-0000-4dce-e18530110000 pid=4400 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=46bbe3e1-1c00-0000-4dce-e18530110000 pid=4400 clone guuid=8371f6e1-1c00-0000-4dce-e18531110000 pid=4401 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=8371f6e1-1c00-0000-4dce-e18531110000 pid=4401 execve guuid=688ad33c-1d00-0000-4dce-e18546120000 pid=4678 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=688ad33c-1d00-0000-4dce-e18546120000 pid=4678 execve guuid=91d4133d-1d00-0000-4dce-e18547120000 pid=4679 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=91d4133d-1d00-0000-4dce-e18547120000 pid=4679 clone guuid=d576233d-1d00-0000-4dce-e18548120000 pid=4680 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=d576233d-1d00-0000-4dce-e18548120000 pid=4680 execve guuid=1bbe7e87-1d00-0000-4dce-e18538130000 pid=4920 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=1bbe7e87-1d00-0000-4dce-e18538130000 pid=4920 execve guuid=8cb7c087-1d00-0000-4dce-e1853a130000 pid=4922 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=8cb7c087-1d00-0000-4dce-e1853a130000 pid=4922 clone guuid=291ec687-1d00-0000-4dce-e1853b130000 pid=4923 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=291ec687-1d00-0000-4dce-e1853b130000 pid=4923 execve guuid=840a86cf-1d00-0000-4dce-e18511140000 pid=5137 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=840a86cf-1d00-0000-4dce-e18511140000 pid=5137 execve guuid=b5c5dccf-1d00-0000-4dce-e18513140000 pid=5139 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=b5c5dccf-1d00-0000-4dce-e18513140000 pid=5139 clone guuid=32d5facf-1d00-0000-4dce-e18514140000 pid=5140 /usr/bin/curl net send-data guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=32d5facf-1d00-0000-4dce-e18514140000 pid=5140 execve guuid=e0f41324-1e00-0000-4dce-e18587140000 pid=5255 /usr/bin/chmod guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=e0f41324-1e00-0000-4dce-e18587140000 pid=5255 execve guuid=89391d25-1e00-0000-4dce-e1858a140000 pid=5258 /usr/bin/dash guuid=d1f5053f-1a00-0000-4dce-e1853d0b0000 pid=2877->guuid=89391d25-1e00-0000-4dce-e1858a140000 pid=5258 clone 3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 103.116.52.126:80 guuid=667d844a-1a00-0000-4dce-e185540b0000 pid=2900->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=0ffa2387-1a00-0000-4dce-e185c00b0000 pid=3008->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 81B guuid=3d6b2ddb-1a00-0000-4dce-e185760c0000 pid=3190->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=2d29e737-1b00-0000-4dce-e185d40c0000 pid=3284->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=1c8f99c9-1b00-0000-4dce-e185fd0d0000 pid=3581->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=da317623-1c00-0000-4dce-e185fe0e0000 pid=3838->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=b64a1681-1c00-0000-4dce-e1851f100000 pid=4127->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 82B guuid=8371f6e1-1c00-0000-4dce-e18531110000 pid=4401->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 81B guuid=d576233d-1d00-0000-4dce-e18548120000 pid=4680->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 81B guuid=291ec687-1d00-0000-4dce-e1853b130000 pid=4923->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 81B guuid=32d5facf-1d00-0000-4dce-e18514140000 pid=5140->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 84B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 16:45:08 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=37js3sinvkjntjntdoy5no7a6xefqazctu7bul3rknfdub74beha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260217-vrml6aft4f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh dfd32dc90daa92d9a5b31bb1d6bbe0f5c85803229d3e1a2f71534a3a07fc090e

(this sample)

Mirai

elf 77d8721cd22e77550b4e0739c889238e684e31c8897b569e936f60812c8dc5df

  
URLhaus
https://urlhaus.abuse.ch/url/3779633/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3779637/
  
Dropping
MD5 15034caa3f996618a0b5e970ef953d00
  
Dropping
SHA256 77d8721cd22e77550b4e0739c889238e684e31c8897b569e936f60812c8dc5df

Comments