MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487
SHA3-384 hash:	5309928dc8646039f257cabde2c6c9de8718ad3259490039e3025468352baeb89e1ee210fea78e1ec2df26586125b44e
SHA1 hash:	edb24d8065432af1f7a36473311646f951dd3860
MD5 hash:	55116c2440648b887efa4d47f73caade
humanhash:	sweet-alanine-missouri-potato
File name:	curl.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	772 bytes
First seen:	2025-09-14 11:36:56 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:3J3UVFwpUVBhuUVXTFpUVJkUVIoDUZ9qTC4SUZ8LhZULU5jthn:3J3IFdBhFXTUJbBWqTC42h3n
TLSH	T13601C89CD1D2BCB3912C9E38F962428F1042D1CEA9BB8BD2ED31142B88E3D4021D4A66
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://158.94.209.216/arc	ee9180bd2b165795dfaaf5d6de60148d34353c66373cc322e49eaf532de435f9	Mirai	elf mirai
http://158.94.209.216/arm	14883298489d57b2242533f561769e8f21737126e8560c4b9955dc701478c23e	Mirai	32-bit elf mirai Mozi
http://158.94.209.216/arm5	82ee72be70e8dce122910449268514083943892258ea9b9d21068e03286d03f8	Mirai	elf mirai
http://158.94.209.216/arm6	57a6ba282a2ffad3469d83844906606272225fdaeb15c2e2043a11978240de4b	Mirai	elf mirai
http://158.94.209.216/arm7	5a469ba94c55f39fdf0656a0a1b98c988d699569397587d8e1141a0d928b9eea	Mirai	elf mirai
http://158.94.209.216/mips	77637c28bd5ccda2ad3c90c2d34e879fa7e10f1abe04520e5bda11cd7ed69c8e	Gafgyt	32-bit elf gafgyt Mozi
http://158.94.209.216/mpsl	afe59ccdfac00527b2983101bc1e5d91361609b4753962e0cb2cc890b8a35d2f	Gafgyt	elf gafgyt
http://158.94.209.216/ppc	a8de55bad2e1d7f6821139880b74b7345a242dd8f6296f626cdceb07d5f5742e	Mirai	elf mirai
http://158.94.209.216/sh4	71cf2bcec3f927abc59bb4a57e950a1685ce005380b6a2e3dad891788828dc07	Gafgyt	elf gafgyt mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL

Verdict:

Malicious

File Type:

text

First seen:

2025-09-14T09:20:00Z UTC

Last seen:

2025-09-14T09:20:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/2a58ef1b-dd10-4fae-a0c3-f650fbac6354

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-09-14 11:31:34 UTC

File Type:

Text (Shell)

AV detection:

12 of 38 (31.58%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7pbg5uq7b5qsh7intcbhz5rqklauwn5hocwtc6bel57ocuavssdq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250914-nt5r7avxcv/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fbc26ed21f0f6123fd0d98827cf63052c14b37a770ad3178245f7ee150159487

(this sample)

elf 295bc2ac0bde4ab7ddf579004efe82a356444663256fd2d36f75d7dd4d893e9f

URLhaus

https://urlhaus.abuse.ch/url/3623698/

Delivery method

Distributed via web download

Dropping

MD5 a1d764f3852be2b729bdc606e2f7b143

Dropping

SHA256 295bc2ac0bde4ab7ddf579004efe82a356444663256fd2d36f75d7dd4d893e9f

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample