MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e
SHA3-384 hash: 5ef16b3fcf212344649f89dc18e1778dfa0f7002f4de2cbcf8f55d6fe9c5335b8a106a8ac388df712b0fce9736d1a345
SHA1 hash: 3aa023c59ef6f3afbe4a30e74fed0e1c31a74299
MD5 hash: e383123b4340119a59034e2adf4ba294
humanhash: mississippi-kentucky-sierra-johnny
File name:lol.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'874 bytes
First seen:2025-11-26 09:43:33 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:It7sZSVJbR8scY4TvJVCMCLV828NIuHksb8K6wCszK4I+7vdYGsM:iwZydRRcY4TBYTL8Jq+zK4L7vdYGsM
TLSH T1F7810A8D20425F7398ADAF62E26A948BB3576495C6CB9F06F9DC68F98048D1D7300BCD
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://143.20.185.245/windyluvexecutor/executor.x862bbd5d07534838e17a67fc04a354a91da63f32c69a86a097b318d860b3e96f0b Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.mips87c292524eeba3438f9d1bec884386b4655e6b7962de4bce851e9eb26f087152 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arc26da6edd2ab78877aa388f85b2b48d211458ff890d277d174ae7be47ce4bf42a Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.i468n/an/aelf ua-wget
http://143.20.185.245/windyluvexecutor/executor.i6869d498d20111cba7c7e150369ee4e978bd15d5099a9e7bd384e87cfbf78a266e7 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.x86_643f3016804c38ec622929a19d77a478b75235198636062d1877c3688696fa40dc Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.mpsla201236b70d2287baf8ae7b6ef926d57ab5fbee45ad0b0e4e94a20fd722e4849 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.armc2a046ea359426c9d013df98fd05f3210b312b7beea51aef17f121eb806d0d7c Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm5d5fcb0c80275a020c4801ac3f6d09575c23f993e113bee223740750ef0128fa1 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm6ab9b0d4b0617ca0be4936579d0fa3c50616aed542f324c5c25cece9080a64914 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm7a1848e073dcd7fe81f80798fb334b22850b1a479bb4d9b37568f643c0d365ba9 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.ppc2ecc7cba2a71a5f9dc84ebd22c6d0d39c85143c4c5f3c70524f5dc09a72a64a9 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.spcn/an/aelf ua-wget
http://143.20.185.245/windyluvexecutor/executor.m68kf171ba7b8e9fabbe29583fac9acd93541911ba0d5d9a7a5e226ae6bc052fdd57 Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.sh4812527b90479bc96521fd1af830f50f423ca2bbd2425032ae667990d34cd14fa Miraielf mirai ua-wget
http://143.20.185.245/windyluvexecutor/executor.arm6439ceab7eddf5d287d58933a7c8f868916dfa95bcacbaa2005b790192d2b92e2f Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive medusa mirai
Link:
https://www.filescan.io/uploads/6926cbeeaf4aba3912d594ec/reports/80f4f25b-dc38-4982-8d47-413f2f4f1dc4/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-26T07:02:00Z UTC
Last seen:
2025-11-26T11:33:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0902b1c9-590f-45c5-9002-daac6b38ea96
Behavior Graph:
Download SVG
%3 guuid=7cb51e59-1900-0000-d84e-d3df7a140000 pid=5242 /usr/bin/sudo guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244 /tmp/sample.bin guuid=7cb51e59-1900-0000-d84e-d3df7a140000 pid=5242->guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244 execve guuid=c4210f5c-1900-0000-d84e-d3df7d140000 pid=5245 /usr/bin/cp guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=c4210f5c-1900-0000-d84e-d3df7d140000 pid=5245 execve guuid=13cebe5c-1900-0000-d84e-d3df7e140000 pid=5246 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=13cebe5c-1900-0000-d84e-d3df7e140000 pid=5246 execve guuid=e840086a-1900-0000-d84e-d3df7f140000 pid=5247 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=e840086a-1900-0000-d84e-d3df7f140000 pid=5247 execve guuid=eba72c7a-1900-0000-d84e-d3df82140000 pid=5250 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=eba72c7a-1900-0000-d84e-d3df82140000 pid=5250 execve guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251 /tmp/executor.x86 net guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251 execve guuid=49edaca7-1a00-0000-d84e-d3df99140000 pid=5273 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=49edaca7-1a00-0000-d84e-d3df99140000 pid=5273 execve guuid=b99a4da8-1a00-0000-d84e-d3df9a140000 pid=5274 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=b99a4da8-1a00-0000-d84e-d3df9a140000 pid=5274 execve guuid=13c1ffb5-1a00-0000-d84e-d3df9b140000 pid=5275 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=13c1ffb5-1a00-0000-d84e-d3df9b140000 pid=5275 execve guuid=2a1978c5-1a00-0000-d84e-d3df9c140000 pid=5276 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=2a1978c5-1a00-0000-d84e-d3df9c140000 pid=5276 execve guuid=a560e2c5-1a00-0000-d84e-d3df9d140000 pid=5277 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=a560e2c5-1a00-0000-d84e-d3df9d140000 pid=5277 clone guuid=55f292c6-1a00-0000-d84e-d3df9f140000 pid=5279 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=55f292c6-1a00-0000-d84e-d3df9f140000 pid=5279 execve guuid=41ecf1c6-1a00-0000-d84e-d3dfa0140000 pid=5280 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=41ecf1c6-1a00-0000-d84e-d3dfa0140000 pid=5280 execve guuid=b73f91d7-1a00-0000-d84e-d3dfa1140000 pid=5281 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=b73f91d7-1a00-0000-d84e-d3dfa1140000 pid=5281 execve guuid=c5af1aed-1a00-0000-d84e-d3dfa2140000 pid=5282 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=c5af1aed-1a00-0000-d84e-d3dfa2140000 pid=5282 execve guuid=7946daed-1a00-0000-d84e-d3dfa3140000 pid=5283 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=7946daed-1a00-0000-d84e-d3dfa3140000 pid=5283 clone guuid=75b886ee-1a00-0000-d84e-d3dfa5140000 pid=5285 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=75b886ee-1a00-0000-d84e-d3dfa5140000 pid=5285 execve guuid=7a7a39ef-1a00-0000-d84e-d3dfa6140000 pid=5286 /usr/bin/wget net send-data guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=7a7a39ef-1a00-0000-d84e-d3dfa6140000 pid=5286 execve guuid=a995e6f5-1a00-0000-d84e-d3dfa7140000 pid=5287 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=a995e6f5-1a00-0000-d84e-d3dfa7140000 pid=5287 execve guuid=56ef96ff-1a00-0000-d84e-d3dfa8140000 pid=5288 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=56ef96ff-1a00-0000-d84e-d3dfa8140000 pid=5288 execve guuid=167f1c00-1b00-0000-d84e-d3dfa9140000 pid=5289 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=167f1c00-1b00-0000-d84e-d3dfa9140000 pid=5289 clone guuid=36805500-1b00-0000-d84e-d3dfaa140000 pid=5290 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=36805500-1b00-0000-d84e-d3dfaa140000 pid=5290 execve guuid=b11ae300-1b00-0000-d84e-d3dfab140000 pid=5291 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=b11ae300-1b00-0000-d84e-d3dfab140000 pid=5291 execve guuid=f88bed0d-1b00-0000-d84e-d3dfac140000 pid=5292 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f88bed0d-1b00-0000-d84e-d3dfac140000 pid=5292 execve guuid=e463ff1b-1b00-0000-d84e-d3dfad140000 pid=5293 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=e463ff1b-1b00-0000-d84e-d3dfad140000 pid=5293 execve guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294 /tmp/executor.i686 net guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294 execve guuid=7d86b94a-1c00-0000-d84e-d3dfb4140000 pid=5300 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=7d86b94a-1c00-0000-d84e-d3dfb4140000 pid=5300 execve guuid=fcf2094b-1c00-0000-d84e-d3dfb5140000 pid=5301 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=fcf2094b-1c00-0000-d84e-d3dfb5140000 pid=5301 execve guuid=0664cd5a-1c00-0000-d84e-d3dfb6140000 pid=5302 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=0664cd5a-1c00-0000-d84e-d3dfb6140000 pid=5302 execve guuid=e75e9e6a-1c00-0000-d84e-d3dfb7140000 pid=5303 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=e75e9e6a-1c00-0000-d84e-d3dfb7140000 pid=5303 execve guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304 /tmp/executor.x86_64 mprotect-exec net guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304 execve guuid=fdf41f96-1d00-0000-d84e-d3dfbe140000 pid=5310 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=fdf41f96-1d00-0000-d84e-d3dfbe140000 pid=5310 execve guuid=e0bc8396-1d00-0000-d84e-d3dfbf140000 pid=5311 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=e0bc8396-1d00-0000-d84e-d3dfbf140000 pid=5311 execve guuid=652443a4-1d00-0000-d84e-d3dfc0140000 pid=5312 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=652443a4-1d00-0000-d84e-d3dfc0140000 pid=5312 execve guuid=183d0ab3-1d00-0000-d84e-d3dfc1140000 pid=5313 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=183d0ab3-1d00-0000-d84e-d3dfc1140000 pid=5313 execve guuid=526d55b3-1d00-0000-d84e-d3dfc2140000 pid=5314 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=526d55b3-1d00-0000-d84e-d3dfc2140000 pid=5314 clone guuid=8fd948b4-1d00-0000-d84e-d3dfc4140000 pid=5316 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=8fd948b4-1d00-0000-d84e-d3dfc4140000 pid=5316 execve guuid=2a98c5b4-1d00-0000-d84e-d3dfc5140000 pid=5317 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=2a98c5b4-1d00-0000-d84e-d3dfc5140000 pid=5317 execve guuid=b1e103c2-1d00-0000-d84e-d3dfc6140000 pid=5318 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=b1e103c2-1d00-0000-d84e-d3dfc6140000 pid=5318 execve guuid=efa577d0-1d00-0000-d84e-d3dfc7140000 pid=5319 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=efa577d0-1d00-0000-d84e-d3dfc7140000 pid=5319 execve guuid=f8e4c4d0-1d00-0000-d84e-d3dfc8140000 pid=5320 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f8e4c4d0-1d00-0000-d84e-d3dfc8140000 pid=5320 clone guuid=4045b2d1-1d00-0000-d84e-d3dfca140000 pid=5322 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=4045b2d1-1d00-0000-d84e-d3dfca140000 pid=5322 execve guuid=61d66cd2-1d00-0000-d84e-d3dfcb140000 pid=5323 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=61d66cd2-1d00-0000-d84e-d3dfcb140000 pid=5323 execve guuid=bb2d1cdc-1d00-0000-d84e-d3dfcc140000 pid=5324 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=bb2d1cdc-1d00-0000-d84e-d3dfcc140000 pid=5324 execve guuid=0b33f5e7-1d00-0000-d84e-d3dfcd140000 pid=5325 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=0b33f5e7-1d00-0000-d84e-d3dfcd140000 pid=5325 execve guuid=241f7be8-1d00-0000-d84e-d3dfce140000 pid=5326 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=241f7be8-1d00-0000-d84e-d3dfce140000 pid=5326 clone guuid=72fb37e9-1d00-0000-d84e-d3dfd0140000 pid=5328 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=72fb37e9-1d00-0000-d84e-d3dfd0140000 pid=5328 execve guuid=e4e382e9-1d00-0000-d84e-d3dfd1140000 pid=5329 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=e4e382e9-1d00-0000-d84e-d3dfd1140000 pid=5329 execve guuid=c48448f6-1d00-0000-d84e-d3dfd2140000 pid=5330 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=c48448f6-1d00-0000-d84e-d3dfd2140000 pid=5330 execve guuid=5ed92d04-1e00-0000-d84e-d3dfd3140000 pid=5331 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=5ed92d04-1e00-0000-d84e-d3dfd3140000 pid=5331 execve guuid=03b4ba04-1e00-0000-d84e-d3dfd4140000 pid=5332 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=03b4ba04-1e00-0000-d84e-d3dfd4140000 pid=5332 clone guuid=32e46b05-1e00-0000-d84e-d3dfd6140000 pid=5334 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=32e46b05-1e00-0000-d84e-d3dfd6140000 pid=5334 execve guuid=61fcba05-1e00-0000-d84e-d3dfd7140000 pid=5335 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=61fcba05-1e00-0000-d84e-d3dfd7140000 pid=5335 execve guuid=b87ba215-1e00-0000-d84e-d3dfd8140000 pid=5336 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=b87ba215-1e00-0000-d84e-d3dfd8140000 pid=5336 execve guuid=a1f50325-1e00-0000-d84e-d3dfd9140000 pid=5337 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=a1f50325-1e00-0000-d84e-d3dfd9140000 pid=5337 execve guuid=96544d25-1e00-0000-d84e-d3dfda140000 pid=5338 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=96544d25-1e00-0000-d84e-d3dfda140000 pid=5338 clone guuid=bc355f26-1e00-0000-d84e-d3dfdc140000 pid=5340 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=bc355f26-1e00-0000-d84e-d3dfdc140000 pid=5340 execve guuid=9fec7f27-1e00-0000-d84e-d3dfdd140000 pid=5341 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=9fec7f27-1e00-0000-d84e-d3dfdd140000 pid=5341 execve guuid=683a0735-1e00-0000-d84e-d3dfde140000 pid=5342 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=683a0735-1e00-0000-d84e-d3dfde140000 pid=5342 execve guuid=20e80c44-1e00-0000-d84e-d3dfdf140000 pid=5343 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=20e80c44-1e00-0000-d84e-d3dfdf140000 pid=5343 execve guuid=f63ea944-1e00-0000-d84e-d3dfe0140000 pid=5344 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f63ea944-1e00-0000-d84e-d3dfe0140000 pid=5344 clone guuid=87f8e045-1e00-0000-d84e-d3dfe2140000 pid=5346 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=87f8e045-1e00-0000-d84e-d3dfe2140000 pid=5346 execve guuid=d7942e46-1e00-0000-d84e-d3dfe3140000 pid=5347 /usr/bin/wget net send-data guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=d7942e46-1e00-0000-d84e-d3dfe3140000 pid=5347 execve guuid=a303e04d-1e00-0000-d84e-d3dfe4140000 pid=5348 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=a303e04d-1e00-0000-d84e-d3dfe4140000 pid=5348 execve guuid=a92e2157-1e00-0000-d84e-d3dfe5140000 pid=5349 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=a92e2157-1e00-0000-d84e-d3dfe5140000 pid=5349 execve guuid=7f9e8d57-1e00-0000-d84e-d3dfe6140000 pid=5350 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=7f9e8d57-1e00-0000-d84e-d3dfe6140000 pid=5350 clone guuid=48a0d657-1e00-0000-d84e-d3dfe7140000 pid=5351 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=48a0d657-1e00-0000-d84e-d3dfe7140000 pid=5351 execve guuid=25926258-1e00-0000-d84e-d3dfe8140000 pid=5352 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=25926258-1e00-0000-d84e-d3dfe8140000 pid=5352 execve guuid=7387176a-1e00-0000-d84e-d3dfe9140000 pid=5353 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=7387176a-1e00-0000-d84e-d3dfe9140000 pid=5353 execve guuid=0b5dee7d-1e00-0000-d84e-d3dfea140000 pid=5354 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=0b5dee7d-1e00-0000-d84e-d3dfea140000 pid=5354 execve guuid=bd61787e-1e00-0000-d84e-d3dfeb140000 pid=5355 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=bd61787e-1e00-0000-d84e-d3dfeb140000 pid=5355 clone guuid=88ba937f-1e00-0000-d84e-d3dfed140000 pid=5357 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=88ba937f-1e00-0000-d84e-d3dfed140000 pid=5357 execve guuid=26831f80-1e00-0000-d84e-d3dfee140000 pid=5358 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=26831f80-1e00-0000-d84e-d3dfee140000 pid=5358 execve guuid=652f2291-1e00-0000-d84e-d3dfef140000 pid=5359 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=652f2291-1e00-0000-d84e-d3dfef140000 pid=5359 execve guuid=203096a5-1e00-0000-d84e-d3dff0140000 pid=5360 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=203096a5-1e00-0000-d84e-d3dff0140000 pid=5360 execve guuid=2172fba5-1e00-0000-d84e-d3dff1140000 pid=5361 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=2172fba5-1e00-0000-d84e-d3dff1140000 pid=5361 clone guuid=f755c5a6-1e00-0000-d84e-d3dff3140000 pid=5363 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f755c5a6-1e00-0000-d84e-d3dff3140000 pid=5363 execve guuid=81492ea7-1e00-0000-d84e-d3dff4140000 pid=5364 /usr/bin/wget net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=81492ea7-1e00-0000-d84e-d3dff4140000 pid=5364 execve guuid=6d22dab9-1e00-0000-d84e-d3dff5140000 pid=5365 /usr/bin/curl net send-data write-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=6d22dab9-1e00-0000-d84e-d3dff5140000 pid=5365 execve guuid=2b14f6cc-1e00-0000-d84e-d3dff6140000 pid=5366 /usr/bin/chmod guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=2b14f6cc-1e00-0000-d84e-d3dff6140000 pid=5366 execve guuid=f8993dcd-1e00-0000-d84e-d3dff7140000 pid=5367 /usr/bin/bash guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=f8993dcd-1e00-0000-d84e-d3dff7140000 pid=5367 clone guuid=64dacecd-1e00-0000-d84e-d3dff9140000 pid=5369 /usr/bin/rm delete-file guuid=cebaba5b-1900-0000-d84e-d3df7c140000 pid=5244->guuid=64dacecd-1e00-0000-d84e-d3dff9140000 pid=5369 execve 0b19f9e4-040e-5636-be6e-cf37294e45f2 143.20.185.245:80 guuid=13cebe5c-1900-0000-d84e-d3df7e140000 pid=5246->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=e840086a-1900-0000-d84e-d3df7f140000 pid=5247->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7faf7e7b-1900-0000-d84e-d3df84140000 pid=5252 /tmp/executor.x86 guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251->guuid=7faf7e7b-1900-0000-d84e-d3df84140000 pid=5252 clone guuid=a59a79a7-1a00-0000-d84e-d3df97140000 pid=5271 /tmp/executor.x86 guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251->guuid=a59a79a7-1a00-0000-d84e-d3df97140000 pid=5271 clone guuid=909e8fa7-1a00-0000-d84e-d3df98140000 pid=5272 /tmp/executor.x86 net send-data zombie guuid=abef9d7a-1900-0000-d84e-d3df83140000 pid=5251->guuid=909e8fa7-1a00-0000-d84e-d3df98140000 pid=5272 clone guuid=1904867b-1900-0000-d84e-d3df85140000 pid=5253 /tmp/executor.x86 guuid=7faf7e7b-1900-0000-d84e-d3df84140000 pid=5252->guuid=1904867b-1900-0000-d84e-d3df85140000 pid=5253 clone guuid=30eb8a7b-1900-0000-d84e-d3df86140000 pid=5254 /tmp/executor.x86 net send-data zombie guuid=7faf7e7b-1900-0000-d84e-d3df84140000 pid=5252->guuid=30eb8a7b-1900-0000-d84e-d3df86140000 pid=5254 clone guuid=30eb8a7b-1900-0000-d84e-d3df86140000 pid=5254->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 143.20.185.245:6769 guuid=30eb8a7b-1900-0000-d84e-d3df86140000 pid=5254->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 22B guuid=909e8fa7-1a00-0000-d84e-d3df98140000 pid=5272->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=909e8fa7-1a00-0000-d84e-d3df98140000 pid=5272->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 18B guuid=b99a4da8-1a00-0000-d84e-d3df9a140000 pid=5274->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=13c1ffb5-1a00-0000-d84e-d3df9b140000 pid=5275->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=41ecf1c6-1a00-0000-d84e-d3dfa0140000 pid=5280->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=b73f91d7-1a00-0000-d84e-d3dfa1140000 pid=5281->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B guuid=7a7a39ef-1a00-0000-d84e-d3dfa6140000 pid=5286->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=a995e6f5-1a00-0000-d84e-d3dfa7140000 pid=5287->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=b11ae300-1b00-0000-d84e-d3dfab140000 pid=5291->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=f88bed0d-1b00-0000-d84e-d3dfac140000 pid=5292->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=11715f1e-1b00-0000-d84e-d3dfaf140000 pid=5295 /tmp/executor.i686 guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294->guuid=11715f1e-1b00-0000-d84e-d3dfaf140000 pid=5295 clone guuid=e6469a4a-1c00-0000-d84e-d3dfb2140000 pid=5298 /tmp/executor.i686 guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294->guuid=e6469a4a-1c00-0000-d84e-d3dfb2140000 pid=5298 clone guuid=4a4da14a-1c00-0000-d84e-d3dfb3140000 pid=5299 /tmp/executor.i686 net send-data zombie guuid=9252891c-1b00-0000-d84e-d3dfae140000 pid=5294->guuid=4a4da14a-1c00-0000-d84e-d3dfb3140000 pid=5299 clone guuid=f45d6a1e-1b00-0000-d84e-d3dfb0140000 pid=5296 /tmp/executor.i686 guuid=11715f1e-1b00-0000-d84e-d3dfaf140000 pid=5295->guuid=f45d6a1e-1b00-0000-d84e-d3dfb0140000 pid=5296 clone guuid=3373711e-1b00-0000-d84e-d3dfb1140000 pid=5297 /tmp/executor.i686 net send-data zombie guuid=11715f1e-1b00-0000-d84e-d3dfaf140000 pid=5295->guuid=3373711e-1b00-0000-d84e-d3dfb1140000 pid=5297 clone guuid=3373711e-1b00-0000-d84e-d3dfb1140000 pid=5297->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3373711e-1b00-0000-d84e-d3dfb1140000 pid=5297->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 19B guuid=4a4da14a-1c00-0000-d84e-d3dfb3140000 pid=5299->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4a4da14a-1c00-0000-d84e-d3dfb3140000 pid=5299->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 19B guuid=fcf2094b-1c00-0000-d84e-d3dfb5140000 pid=5301->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 161B guuid=0664cd5a-1c00-0000-d84e-d3dfb6140000 pid=5302->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 110B guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f6b29e6b-1c00-0000-d84e-d3dfb9140000 pid=5305 /tmp/executor.x86_64 guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304->guuid=f6b29e6b-1c00-0000-d84e-d3dfb9140000 pid=5305 clone guuid=bfb50a96-1d00-0000-d84e-d3dfbc140000 pid=5308 /tmp/executor.x86_64 guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304->guuid=bfb50a96-1d00-0000-d84e-d3dfbc140000 pid=5308 clone guuid=fc7f1196-1d00-0000-d84e-d3dfbd140000 pid=5309 /tmp/executor.x86_64 net send-data zombie guuid=f1f0fa6a-1c00-0000-d84e-d3dfb8140000 pid=5304->guuid=fc7f1196-1d00-0000-d84e-d3dfbd140000 pid=5309 clone guuid=32b1a56b-1c00-0000-d84e-d3dfba140000 pid=5306 /tmp/executor.x86_64 guuid=f6b29e6b-1c00-0000-d84e-d3dfb9140000 pid=5305->guuid=32b1a56b-1c00-0000-d84e-d3dfba140000 pid=5306 clone guuid=9907ad6b-1c00-0000-d84e-d3dfbb140000 pid=5307 /tmp/executor.x86_64 net send-data zombie guuid=f6b29e6b-1c00-0000-d84e-d3dfb9140000 pid=5305->guuid=9907ad6b-1c00-0000-d84e-d3dfbb140000 pid=5307 clone guuid=9907ad6b-1c00-0000-d84e-d3dfbb140000 pid=5307->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9907ad6b-1c00-0000-d84e-d3dfbb140000 pid=5307->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 21B guuid=fc7f1196-1d00-0000-d84e-d3dfbd140000 pid=5309->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fc7f1196-1d00-0000-d84e-d3dfbd140000 pid=5309->254c1e25-2316-5fd2-9b0e-c7f4ce2747d1 send: 21B guuid=e0bc8396-1d00-0000-d84e-d3dfbf140000 pid=5311->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=652443a4-1d00-0000-d84e-d3dfc0140000 pid=5312->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=2a98c5b4-1d00-0000-d84e-d3dfc5140000 pid=5317->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=b1e103c2-1d00-0000-d84e-d3dfc6140000 pid=5318->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B guuid=61d66cd2-1d00-0000-d84e-d3dfcb140000 pid=5323->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=bb2d1cdc-1d00-0000-d84e-d3dfcc140000 pid=5324->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=e4e382e9-1d00-0000-d84e-d3dfd1140000 pid=5329->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=c48448f6-1d00-0000-d84e-d3dfd2140000 pid=5330->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=61fcba05-1e00-0000-d84e-d3dfd7140000 pid=5335->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=b87ba215-1e00-0000-d84e-d3dfd8140000 pid=5336->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=9fec7f27-1e00-0000-d84e-d3dfdd140000 pid=5341->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=683a0735-1e00-0000-d84e-d3dfde140000 pid=5342->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B guuid=d7942e46-1e00-0000-d84e-d3dfe3140000 pid=5347->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=a303e04d-1e00-0000-d84e-d3dfe4140000 pid=5348->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B guuid=25926258-1e00-0000-d84e-d3dfe8140000 pid=5352->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 159B guuid=7387176a-1e00-0000-d84e-d3dfe9140000 pid=5353->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 108B guuid=26831f80-1e00-0000-d84e-d3dfee140000 pid=5358->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 158B guuid=652f2291-1e00-0000-d84e-d3dfef140000 pid=5359->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 107B guuid=81492ea7-1e00-0000-d84e-d3dff4140000 pid=5364->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 160B guuid=6d22dab9-1e00-0000-d84e-d3dff5140000 pid=5365->0b19f9e4-040e-5636-be6e-cf37294e45f2 send: 109B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-26 09:44:14 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aq5tgecbljamvf6fxf3rfke3zv5iozv5lswzfaeegmbntea3yjha._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251126-lqk79shk2s/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/043b3310415a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 043b3310415a40ca97c5b97712a89bcd7a8766bd5cad9280843302d9901bc24e

(this sample)

Mirai

elf 20ed459923ed2de569583bef125fc850a4cf8b6ea2bc58b59103252ca28b579b

Mirai

elf 2bbd5d07534838e17a67fc04a354a91da63f32c69a86a097b318d860b3e96f0b

  
URLhaus
https://urlhaus.abuse.ch/url/3717067/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f43bec20b84d4f9c968f51553b15cb3f
  
Dropping
SHA256 2bbd5d07534838e17a67fc04a354a91da63f32c69a86a097b318d860b3e96f0b

Comments