MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147
SHA3-384 hash: d6ff65c784dad361c34f091ed4da62a4d37cf4e739acdc02ce41757c690455b77de69b57090beb7b4dd66e716a417842
SHA1 hash: f9dff31ac2328c458f9237280209f72d67a37887
MD5 hash: 28bf4437e6125e42da3aabac42d3c459
humanhash: foxtrot-cardinal-island-mars
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:723 bytes
First seen:2026-01-13 02:39:00 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3UUOpUU6AUUiNIl5yUUP0LKFUUrMBMUUuOqUUAjIUUcRUUVSyUU5eTt4xUUWTI:3J3NbNI7pKAe1TDyt4csn
TLSH T1F201ADACF4F7A543E6289E88F0F6806A9001C1C93DB3CD55E82D9C3948F75143054F6B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.94.208.27/arm4771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b Miraielf mirai
http://158.94.208.27/arm58030e5281c1e72014a3bc3e7068cc64a0530b4ba8362fb1969054e1e3a710ed3 Miraielf mirai
http://158.94.208.27/arm6b9c2427bebaeffeae0547962290a308f7a52cf0b97fc88386581817318c204c2 Miraielf mirai
http://158.94.208.27/arm7ffe7793c6ba162999cb894973c722f9d3281f2b8ab42eaec3b01d43a6dddf356 Miraielf mirai
http://158.94.208.27/i486bde8f13fae659528196f1f8e322b5e06602ec726968d101100fad5d6029b5986 Miraielf mirai ua-wget
http://158.94.208.27/m68k3bbea823483cb6e8b1a936e49bcd8e64dc053fb609c286e856329ce137e68b40 Miraielf mirai ua-wget
http://158.94.208.27/mips0f643d2119cf19d662d10e6573635e3386dbc33c76e8e5f5e57f87f66e67d596 Miraielf mirai ua-wget
http://158.94.208.27/mpslc23e13e7e3121a6abb9d64f221fef6e924457ea518f764818a5f4c4b1ac81afd Miraielf mirai
http://158.94.208.27/ppc1b180937282f7fbde92bc69749bbb9d92b560bdbd4a4644bee256ae23c60c3e8 Miraielf mirai
http://158.94.208.27/sh4cc830474d003e4c72b0e70d62acc544cadba12fc322200a889e0c751ed2493b2 Miraielf mirai ua-wget
http://158.94.208.27/x86d18c30c5f9ea7c1e66ba6fb7cd6b7ae26505871e47312206972b1cedddb8c1f4 Miraielf mirai
http://158.94.208.27/x86_64d15b5ed2f564ea1a42ed62ff047ddcff91cc8b1234cd056c78f77d6340efa6e7 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6965b05cb5214ecba5ee2eca/reports/e370299c-51c2-42f2-8be7-fe5ff4a40ad3/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-12T20:10:00Z UTC
Last seen:
2026-01-13T00:12:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9d1e77cf-b931-488e-87e4-ac3a9650d08e
Behavior Graph:
Download SVG
%3 guuid=169f1c7e-1900-0000-a88a-d67b7d140000 pid=5245 /usr/bin/sudo guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246 /tmp/sample.bin guuid=169f1c7e-1900-0000-a88a-d67b7d140000 pid=5245->guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246 execve guuid=387dfc7f-1900-0000-a88a-d67b7f140000 pid=5247 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=387dfc7f-1900-0000-a88a-d67b7f140000 pid=5247 execve guuid=9b73628c-1900-0000-a88a-d67b90140000 pid=5264 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=9b73628c-1900-0000-a88a-d67b90140000 pid=5264 execve guuid=64609d8c-1900-0000-a88a-d67b91140000 pid=5265 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=64609d8c-1900-0000-a88a-d67b91140000 pid=5265 clone guuid=3f72a28c-1900-0000-a88a-d67b92140000 pid=5266 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=3f72a28c-1900-0000-a88a-d67b92140000 pid=5266 execve guuid=c533f197-1900-0000-a88a-d67b93140000 pid=5267 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=c533f197-1900-0000-a88a-d67b93140000 pid=5267 execve guuid=c1773098-1900-0000-a88a-d67b94140000 pid=5268 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=c1773098-1900-0000-a88a-d67b94140000 pid=5268 clone guuid=89d54198-1900-0000-a88a-d67b95140000 pid=5269 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=89d54198-1900-0000-a88a-d67b95140000 pid=5269 execve guuid=4a2f1ea8-1900-0000-a88a-d67b96140000 pid=5270 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=4a2f1ea8-1900-0000-a88a-d67b96140000 pid=5270 execve guuid=5823b2a8-1900-0000-a88a-d67b97140000 pid=5271 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=5823b2a8-1900-0000-a88a-d67b97140000 pid=5271 clone guuid=6682cca8-1900-0000-a88a-d67b98140000 pid=5272 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=6682cca8-1900-0000-a88a-d67b98140000 pid=5272 execve guuid=6f5464b8-1900-0000-a88a-d67b99140000 pid=5273 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=6f5464b8-1900-0000-a88a-d67b99140000 pid=5273 execve guuid=d66cf5b8-1900-0000-a88a-d67b9a140000 pid=5274 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=d66cf5b8-1900-0000-a88a-d67b9a140000 pid=5274 clone guuid=5ebc11b9-1900-0000-a88a-d67b9b140000 pid=5275 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=5ebc11b9-1900-0000-a88a-d67b9b140000 pid=5275 execve guuid=4d9b9cc5-1900-0000-a88a-d67b9c140000 pid=5276 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=4d9b9cc5-1900-0000-a88a-d67b9c140000 pid=5276 execve guuid=e731e8c5-1900-0000-a88a-d67b9d140000 pid=5277 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=e731e8c5-1900-0000-a88a-d67b9d140000 pid=5277 clone guuid=8240f5c5-1900-0000-a88a-d67b9e140000 pid=5278 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=8240f5c5-1900-0000-a88a-d67b9e140000 pid=5278 execve guuid=ff62e1d0-1900-0000-a88a-d67b9f140000 pid=5279 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=ff62e1d0-1900-0000-a88a-d67b9f140000 pid=5279 execve guuid=3fe827d1-1900-0000-a88a-d67ba0140000 pid=5280 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=3fe827d1-1900-0000-a88a-d67ba0140000 pid=5280 clone guuid=8c6f39d1-1900-0000-a88a-d67ba1140000 pid=5281 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=8c6f39d1-1900-0000-a88a-d67ba1140000 pid=5281 execve guuid=3d0f8fdf-1900-0000-a88a-d67ba2140000 pid=5282 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=3d0f8fdf-1900-0000-a88a-d67ba2140000 pid=5282 execve guuid=ee7dd5df-1900-0000-a88a-d67ba3140000 pid=5283 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=ee7dd5df-1900-0000-a88a-d67ba3140000 pid=5283 clone guuid=a694e4df-1900-0000-a88a-d67ba4140000 pid=5284 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=a694e4df-1900-0000-a88a-d67ba4140000 pid=5284 execve guuid=98743eee-1900-0000-a88a-d67ba5140000 pid=5285 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=98743eee-1900-0000-a88a-d67ba5140000 pid=5285 execve guuid=dfed81ee-1900-0000-a88a-d67ba6140000 pid=5286 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=dfed81ee-1900-0000-a88a-d67ba6140000 pid=5286 clone guuid=c51c93ee-1900-0000-a88a-d67ba7140000 pid=5287 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=c51c93ee-1900-0000-a88a-d67ba7140000 pid=5287 execve guuid=3e121dfa-1900-0000-a88a-d67ba8140000 pid=5288 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=3e121dfa-1900-0000-a88a-d67ba8140000 pid=5288 execve guuid=2dae63fa-1900-0000-a88a-d67ba9140000 pid=5289 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=2dae63fa-1900-0000-a88a-d67ba9140000 pid=5289 clone guuid=1d5471fa-1900-0000-a88a-d67baa140000 pid=5290 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=1d5471fa-1900-0000-a88a-d67baa140000 pid=5290 execve guuid=1571da05-1a00-0000-a88a-d67bab140000 pid=5291 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=1571da05-1a00-0000-a88a-d67bab140000 pid=5291 execve guuid=bad22006-1a00-0000-a88a-d67bac140000 pid=5292 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=bad22006-1a00-0000-a88a-d67bac140000 pid=5292 clone guuid=98c42e06-1a00-0000-a88a-d67bad140000 pid=5293 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=98c42e06-1a00-0000-a88a-d67bad140000 pid=5293 execve guuid=ee7e5b11-1a00-0000-a88a-d67bae140000 pid=5294 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=ee7e5b11-1a00-0000-a88a-d67bae140000 pid=5294 execve guuid=52c8a311-1a00-0000-a88a-d67baf140000 pid=5295 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=52c8a311-1a00-0000-a88a-d67baf140000 pid=5295 clone guuid=4588b011-1a00-0000-a88a-d67bb0140000 pid=5296 /usr/bin/curl net send-data guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=4588b011-1a00-0000-a88a-d67bb0140000 pid=5296 execve guuid=0b38841c-1a00-0000-a88a-d67bb1140000 pid=5297 /usr/bin/chmod guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=0b38841c-1a00-0000-a88a-d67bb1140000 pid=5297 execve guuid=705fce1c-1a00-0000-a88a-d67bb2140000 pid=5298 /usr/bin/dash guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=705fce1c-1a00-0000-a88a-d67bb2140000 pid=5298 clone guuid=e44bdc1c-1a00-0000-a88a-d67bb3140000 pid=5299 /usr/bin/rm delete-file guuid=b61ec87f-1900-0000-a88a-d67b7e140000 pid=5246->guuid=e44bdc1c-1a00-0000-a88a-d67bb3140000 pid=5299 execve b8c32f6f-e0ff-5b69-a443-652e84386a76 158.94.208.27:80 guuid=387dfc7f-1900-0000-a88a-d67b7f140000 pid=5247->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=3f72a28c-1900-0000-a88a-d67b92140000 pid=5266->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=89d54198-1900-0000-a88a-d67b95140000 pid=5269->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=6682cca8-1900-0000-a88a-d67b98140000 pid=5272->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=5ebc11b9-1900-0000-a88a-d67b9b140000 pid=5275->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=8240f5c5-1900-0000-a88a-d67b9e140000 pid=5278->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=8c6f39d1-1900-0000-a88a-d67ba1140000 pid=5281->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=a694e4df-1900-0000-a88a-d67ba4140000 pid=5284->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 81B guuid=c51c93ee-1900-0000-a88a-d67ba7140000 pid=5287->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 80B guuid=1d5471fa-1900-0000-a88a-d67baa140000 pid=5290->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 80B guuid=98c42e06-1a00-0000-a88a-d67bad140000 pid=5293->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 80B guuid=4588b011-1a00-0000-a88a-d67bb0140000 pid=5296->b8c32f6f-e0ff-5b69-a443-652e84386a76 send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147
Threat name:
Document-HTML.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-01-13 02:00:38 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7tqcdu6xi2vjxpp3vpryffy7esn7sv6zz6zi46faoauhixtaofdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260113-c5gzqafy6h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fce021d3d746aa9bbdfbabe382971f249bf957d9cfb28e78a07028745e607147

(this sample)

Mirai

elf 771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b

  
URLhaus
https://urlhaus.abuse.ch/url/3747929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b53b9ec96072e5709b406256e4cd1c2c
  
Dropping
SHA256 771b24ae004fa65a9df902619cca3f898abaae95961f8ea812198ecf8e4a049b

Comments