MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409
SHA3-384 hash: 84bbabcfa0b527a826023eaaf9409945c63c3485d5a745d2d82861ea4a694652fe85be8e9932aa7b1d8273a10fee7554
SHA1 hash: 17020e87a6b5ecf2991d06668cf98a61686371a9
MD5 hash: c0467f0633c4d0ff0e59264ee7e668d1
humanhash: west-bravo-butter-ink
File name:chomp
Download: download sample
Signature Mirai
Create hunting rule
File size:158 bytes
First seen:2025-12-05 18:22:00 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:LxAjtyg/w8NBzSa+ANja8PeFKRDxAjtyg/pONBzSa5Ap9MVv:LA5/wkPjNaKDA5/My+Vv
TLSH T1B5C08CBE002F2241C100FE1020B9301EB273CBC730B08B0A92C83833F48C420B232E01
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.64/splmips633397cf2ca1b26757c7f32fe2e980ea66f783becff9455e11ded00b20032417 Miraielf mirai ua-wget
http://213.209.143.64/splmpsl61d0e0c8b1e9fdf341c8bbaacc50fe6cc5c5f73d4b7cb0f80808e6fedbf70d3c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
21
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69332578ff25e40750d51618/reports/d50a055f-c6b1-4b38-9788-aae425e0236a/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409
Verdict:
Malicious
File Type:
text
First seen:
2025-12-05T17:00:00Z UTC
Last seen:
2025-12-06T15:27:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/26054636-93e3-4a13-a642-2d99087d9c3b
Behavior Graph:
Download SVG
%3 guuid=d02882e1-1900-0000-e89f-c9d5f80b0000 pid=3064 /usr/bin/sudo guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072 /tmp/sample.bin guuid=d02882e1-1900-0000-e89f-c9d5f80b0000 pid=3064->guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072 execve guuid=69b996e5-1900-0000-e89f-c9d5020c0000 pid=3074 /usr/bin/wget net send-data write-file guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=69b996e5-1900-0000-e89f-c9d5020c0000 pid=3074 execve guuid=9317a6ec-1900-0000-e89f-c9d5100c0000 pid=3088 /usr/bin/chmod guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=9317a6ec-1900-0000-e89f-c9d5100c0000 pid=3088 execve guuid=820650ed-1900-0000-e89f-c9d5120c0000 pid=3090 /usr/bin/dash guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=820650ed-1900-0000-e89f-c9d5120c0000 pid=3090 clone guuid=2e6a39ef-1900-0000-e89f-c9d5180c0000 pid=3096 /usr/bin/wget net send-data write-file guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=2e6a39ef-1900-0000-e89f-c9d5180c0000 pid=3096 execve guuid=d76e3ff4-1900-0000-e89f-c9d5250c0000 pid=3109 /usr/bin/chmod guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=d76e3ff4-1900-0000-e89f-c9d5250c0000 pid=3109 execve guuid=147bb5f4-1900-0000-e89f-c9d5280c0000 pid=3112 /usr/bin/dash guuid=cc6851e5-1900-0000-e89f-c9d5000c0000 pid=3072->guuid=147bb5f4-1900-0000-e89f-c9d5280c0000 pid=3112 clone b3bc708e-8ccc-5219-9688-8bb7f25e7035 213.209.143.64:80 guuid=69b996e5-1900-0000-e89f-c9d5020c0000 pid=3074->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B guuid=2e6a39ef-1900-0000-e89f-c9d5180c0000 pid=3096->b3bc708e-8ccc-5219-9688-8bb7f25e7035 send: 136B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 18:33:24 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7rydwmn3omzi4jjpscwiuqgjf7tpz6ufhg4ii7mrnubgmggygqeq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251205-w7fn8aep3s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fc703b31bb73328e252f90ac8a40c92fe6fcfa8539b8847d916d026618d83409

(this sample)

Mirai

elf cfbe936893a6df9acdda68069b6fab269065afb40d7b5933f862a832fc069c9b

  
URLhaus
https://urlhaus.abuse.ch/url/3726401/
  
Delivery method
Distributed via web download
  
Dropping
MD5 8bd978d6eb0f4a1d30934b994bf7e6dc
  
Dropping
SHA256 cfbe936893a6df9acdda68069b6fab269065afb40d7b5933f862a832fc069c9b
  
URLhaus
https://urlhaus.abuse.ch/url/3727699/

Comments