MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1212ccdb015645af6b3d2f8f1d23febf8a9ffb91c89f9c524898c83410394191. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 1212ccdb015645af6b3d2f8f1d23febf8a9ffb91c89f9c524898c83410394191
SHA3-384 hash: c586d367b167690537cea9685b3698a815333c30954b6a5e3b21c44cd73c9cbfff5c796f6369c528b7061340a269467c
SHA1 hash: 23c83c49e8f1254bb5c6f7c7ca23d5d5677ae042
MD5 hash: a1be7c65b1464958949915a59f965a93
humanhash: oxygen-michigan-undress-stream
File name:kla.sh
Download: download sample
Signature Mirai
File size:5'173 bytes
First seen:2026-03-07 08:08:10 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:2RKhEcfEnsTE11CxCCxk9BbTXfVpvHF5nPrZ:2M2
TLSH T1B5B172C812A358747DF69E637169C924B8C9B182EDC58F81D0EDF4F9598CF08B941AB3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.107.133/bins/px867a71a50005dfa90d36e25147c9ee7718e9f650f1af14bc08a1a71e59df3b61b2 Miraielf mirai ua-wget
http://196.251.107.133/bins/pmips93fd5d044909555935ed9a14e895f470efa5ac1553365937d0486e063f0839cc Miraielf mirai ua-wget
http://196.251.107.133/bins/pmpsl5f320c2c06b5cf0d494f311cdf118e294868d0181560104c02d6f05eef1e9e3b Miraielf mirai ua-wget
http://196.251.107.133/bins/parm064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f Miraielf mirai ua-wget
http://196.251.107.133/bins/parm516aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3 Miraielf mirai ua-wget
http://196.251.107.133/bins/parm6bc0cb910005577e7c03e54c3330eb941224c795b4cbd9b1ae7efa9fc1c721893 Miraielf mirai ua-wget
http://196.251.107.133/bins/parm78ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec Miraielf mirai ua-wget
http://196.251.107.133/bins/pm68kaa640ee976ff58f087abcd029c2ca2db1c6a4c56220a093b54f1362460fad53f Miraielf mirai ua-wget
http://196.251.107.133/bins/psh4303bf1629f8a98593d5b774c3e42e86ae2c68aa981066c4995fbb2870c004dd0 Miraielf mirai ua-wget

Intelligence


File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=f4c2de72-1700-0000-6e84-968e460b0000 pid=2886 /usr/bin/sudo guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892 /tmp/sample.bin guuid=f4c2de72-1700-0000-6e84-968e460b0000 pid=2886->guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892 execve guuid=a0461975-1700-0000-6e84-968e4e0b0000 pid=2894 /usr/bin/cp guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=a0461975-1700-0000-6e84-968e4e0b0000 pid=2894 execve guuid=8f70447a-1700-0000-6e84-968e5b0b0000 pid=2907 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=8f70447a-1700-0000-6e84-968e5b0b0000 pid=2907 execve guuid=fcbb2780-1700-0000-6e84-968e5f0b0000 pid=2911 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=fcbb2780-1700-0000-6e84-968e5f0b0000 pid=2911 execve guuid=7e019c8f-1700-0000-6e84-968e750b0000 pid=2933 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=7e019c8f-1700-0000-6e84-968e750b0000 pid=2933 execve guuid=e0affa8f-1700-0000-6e84-968e760b0000 pid=2934 /tmp/robben delete-file net guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=e0affa8f-1700-0000-6e84-968e760b0000 pid=2934 execve guuid=48891891-1700-0000-6e84-968e7b0b0000 pid=2939 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=48891891-1700-0000-6e84-968e7b0b0000 pid=2939 execve guuid=76e5d697-1700-0000-6e84-968e880b0000 pid=2952 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=76e5d697-1700-0000-6e84-968e880b0000 pid=2952 execve guuid=026aca9c-1700-0000-6e84-968e8f0b0000 pid=2959 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=026aca9c-1700-0000-6e84-968e8f0b0000 pid=2959 execve guuid=0f92099e-1700-0000-6e84-968e910b0000 pid=2961 /tmp/robben delete-file net guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=0f92099e-1700-0000-6e84-968e910b0000 pid=2961 execve guuid=51ef55c9-1800-0000-6e84-968ed30d0000 pid=3539 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=51ef55c9-1800-0000-6e84-968ed30d0000 pid=3539 execve guuid=c94f53ce-1800-0000-6e84-968ee00d0000 pid=3552 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=c94f53ce-1800-0000-6e84-968ee00d0000 pid=3552 execve guuid=a37ab0e1-1800-0000-6e84-968e180e0000 pid=3608 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=a37ab0e1-1800-0000-6e84-968e180e0000 pid=3608 execve guuid=50d0f8e1-1800-0000-6e84-968e1a0e0000 pid=3610 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=50d0f8e1-1800-0000-6e84-968e1a0e0000 pid=3610 clone guuid=4e0d84e2-1800-0000-6e84-968e1d0e0000 pid=3613 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=4e0d84e2-1800-0000-6e84-968e1d0e0000 pid=3613 execve guuid=60bfb5e6-1800-0000-6e84-968e2a0e0000 pid=3626 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=60bfb5e6-1800-0000-6e84-968e2a0e0000 pid=3626 execve guuid=563113eb-1800-0000-6e84-968e3e0e0000 pid=3646 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=563113eb-1800-0000-6e84-968e3e0e0000 pid=3646 execve guuid=166955eb-1800-0000-6e84-968e400e0000 pid=3648 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=166955eb-1800-0000-6e84-968e400e0000 pid=3648 clone guuid=cda9f4eb-1800-0000-6e84-968e450e0000 pid=3653 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=cda9f4eb-1800-0000-6e84-968e450e0000 pid=3653 execve guuid=8f4847ef-1800-0000-6e84-968e540e0000 pid=3668 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=8f4847ef-1800-0000-6e84-968e540e0000 pid=3668 execve guuid=532f88f5-1800-0000-6e84-968e5e0e0000 pid=3678 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=532f88f5-1800-0000-6e84-968e5e0e0000 pid=3678 execve guuid=40d7f0f5-1800-0000-6e84-968e5f0e0000 pid=3679 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=40d7f0f5-1800-0000-6e84-968e5f0e0000 pid=3679 clone guuid=a4c2dff7-1800-0000-6e84-968e610e0000 pid=3681 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=a4c2dff7-1800-0000-6e84-968e610e0000 pid=3681 execve guuid=75bca7fb-1800-0000-6e84-968e620e0000 pid=3682 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=75bca7fb-1800-0000-6e84-968e620e0000 pid=3682 execve guuid=92415702-1900-0000-6e84-968e6f0e0000 pid=3695 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=92415702-1900-0000-6e84-968e6f0e0000 pid=3695 execve guuid=ec4cb502-1900-0000-6e84-968e700e0000 pid=3696 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=ec4cb502-1900-0000-6e84-968e700e0000 pid=3696 clone guuid=c91b6903-1900-0000-6e84-968e750e0000 pid=3701 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=c91b6903-1900-0000-6e84-968e750e0000 pid=3701 execve guuid=b8e5c707-1900-0000-6e84-968e840e0000 pid=3716 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=b8e5c707-1900-0000-6e84-968e840e0000 pid=3716 execve guuid=5423ec0d-1900-0000-6e84-968ea10e0000 pid=3745 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=5423ec0d-1900-0000-6e84-968ea10e0000 pid=3745 execve guuid=8c7e360e-1900-0000-6e84-968ea50e0000 pid=3749 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=8c7e360e-1900-0000-6e84-968ea50e0000 pid=3749 clone guuid=50b4eb0e-1900-0000-6e84-968eaa0e0000 pid=3754 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=50b4eb0e-1900-0000-6e84-968eaa0e0000 pid=3754 execve guuid=7ea7c912-1900-0000-6e84-968ebc0e0000 pid=3772 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=7ea7c912-1900-0000-6e84-968ebc0e0000 pid=3772 execve guuid=4f2c5418-1900-0000-6e84-968ecf0e0000 pid=3791 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=4f2c5418-1900-0000-6e84-968ecf0e0000 pid=3791 execve guuid=0e5b8f18-1900-0000-6e84-968ed10e0000 pid=3793 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=0e5b8f18-1900-0000-6e84-968ed10e0000 pid=3793 clone guuid=699f2219-1900-0000-6e84-968ed50e0000 pid=3797 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=699f2219-1900-0000-6e84-968ed50e0000 pid=3797 execve guuid=1d373b1c-1900-0000-6e84-968ee50e0000 pid=3813 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=1d373b1c-1900-0000-6e84-968ee50e0000 pid=3813 execve guuid=0f019b21-1900-0000-6e84-968e060f0000 pid=3846 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=0f019b21-1900-0000-6e84-968e060f0000 pid=3846 execve guuid=3171da21-1900-0000-6e84-968e080f0000 pid=3848 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=3171da21-1900-0000-6e84-968e080f0000 pid=3848 clone guuid=2abe9422-1900-0000-6e84-968e110f0000 pid=3857 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=2abe9422-1900-0000-6e84-968e110f0000 pid=3857 execve guuid=f46e1527-1900-0000-6e84-968e1b0f0000 pid=3867 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=f46e1527-1900-0000-6e84-968e1b0f0000 pid=3867 execve guuid=fe722c2b-1900-0000-6e84-968e2e0f0000 pid=3886 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=fe722c2b-1900-0000-6e84-968e2e0f0000 pid=3886 execve guuid=fcc56f2b-1900-0000-6e84-968e300f0000 pid=3888 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=fcc56f2b-1900-0000-6e84-968e300f0000 pid=3888 clone guuid=35fb292c-1900-0000-6e84-968e350f0000 pid=3893 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=35fb292c-1900-0000-6e84-968e350f0000 pid=3893 execve guuid=44a25730-1900-0000-6e84-968e450f0000 pid=3909 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=44a25730-1900-0000-6e84-968e450f0000 pid=3909 execve guuid=f91eff34-1900-0000-6e84-968e560f0000 pid=3926 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=f91eff34-1900-0000-6e84-968e560f0000 pid=3926 execve guuid=71ac3e35-1900-0000-6e84-968e580f0000 pid=3928 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=71ac3e35-1900-0000-6e84-968e580f0000 pid=3928 clone guuid=1ee5d238-1900-0000-6e84-968e600f0000 pid=3936 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=1ee5d238-1900-0000-6e84-968e600f0000 pid=3936 execve guuid=eab02b3c-1900-0000-6e84-968e6f0f0000 pid=3951 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=eab02b3c-1900-0000-6e84-968e6f0f0000 pid=3951 execve guuid=e2e56a40-1900-0000-6e84-968e7f0f0000 pid=3967 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=e2e56a40-1900-0000-6e84-968e7f0f0000 pid=3967 execve guuid=e112ab40-1900-0000-6e84-968e810f0000 pid=3969 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=e112ab40-1900-0000-6e84-968e810f0000 pid=3969 clone guuid=9f222d41-1900-0000-6e84-968e870f0000 pid=3975 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=9f222d41-1900-0000-6e84-968e870f0000 pid=3975 execve guuid=69c0e944-1900-0000-6e84-968e9b0f0000 pid=3995 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=69c0e944-1900-0000-6e84-968e9b0f0000 pid=3995 execve guuid=39bf3f4c-1900-0000-6e84-968eb90f0000 pid=4025 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=39bf3f4c-1900-0000-6e84-968eb90f0000 pid=4025 execve guuid=28478f4c-1900-0000-6e84-968ebc0f0000 pid=4028 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=28478f4c-1900-0000-6e84-968ebc0f0000 pid=4028 clone guuid=0db5474d-1900-0000-6e84-968ec00f0000 pid=4032 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=0db5474d-1900-0000-6e84-968ec00f0000 pid=4032 execve guuid=268c8751-1900-0000-6e84-968ed00f0000 pid=4048 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=268c8751-1900-0000-6e84-968ed00f0000 pid=4048 execve guuid=3ca9b456-1900-0000-6e84-968ee80f0000 pid=4072 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=3ca9b456-1900-0000-6e84-968ee80f0000 pid=4072 execve guuid=5c0b0657-1900-0000-6e84-968eea0f0000 pid=4074 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=5c0b0657-1900-0000-6e84-968eea0f0000 pid=4074 clone guuid=e828f157-1900-0000-6e84-968eef0f0000 pid=4079 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=e828f157-1900-0000-6e84-968eef0f0000 pid=4079 execve guuid=12e89a5c-1900-0000-6e84-968e07100000 pid=4103 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=12e89a5c-1900-0000-6e84-968e07100000 pid=4103 execve guuid=99fa8761-1900-0000-6e84-968e20100000 pid=4128 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=99fa8761-1900-0000-6e84-968e20100000 pid=4128 execve guuid=7da4be61-1900-0000-6e84-968e22100000 pid=4130 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=7da4be61-1900-0000-6e84-968e22100000 pid=4130 clone guuid=74723962-1900-0000-6e84-968e26100000 pid=4134 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=74723962-1900-0000-6e84-968e26100000 pid=4134 execve guuid=c05f7766-1900-0000-6e84-968e3b100000 pid=4155 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=c05f7766-1900-0000-6e84-968e3b100000 pid=4155 execve guuid=f445486c-1900-0000-6e84-968e4c100000 pid=4172 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=f445486c-1900-0000-6e84-968e4c100000 pid=4172 execve guuid=fb07af6c-1900-0000-6e84-968e4e100000 pid=4174 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=fb07af6c-1900-0000-6e84-968e4e100000 pid=4174 clone guuid=5605926d-1900-0000-6e84-968e52100000 pid=4178 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=5605926d-1900-0000-6e84-968e52100000 pid=4178 execve guuid=fe8e2b72-1900-0000-6e84-968e61100000 pid=4193 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=fe8e2b72-1900-0000-6e84-968e61100000 pid=4193 execve guuid=3cb31677-1900-0000-6e84-968e77100000 pid=4215 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=3cb31677-1900-0000-6e84-968e77100000 pid=4215 execve guuid=d8138977-1900-0000-6e84-968e79100000 pid=4217 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=d8138977-1900-0000-6e84-968e79100000 pid=4217 clone guuid=15bc2c78-1900-0000-6e84-968e7e100000 pid=4222 /usr/bin/wget net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=15bc2c78-1900-0000-6e84-968e7e100000 pid=4222 execve guuid=b3393a7c-1900-0000-6e84-968e8b100000 pid=4235 /usr/bin/curl net send-data write-file guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=b3393a7c-1900-0000-6e84-968e8b100000 pid=4235 execve guuid=f4474281-1900-0000-6e84-968e8d100000 pid=4237 /usr/bin/chmod guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=f4474281-1900-0000-6e84-968e8d100000 pid=4237 execve guuid=8fd6b181-1900-0000-6e84-968e8e100000 pid=4238 /usr/bin/bash guuid=7d9db974-1700-0000-6e84-968e4c0b0000 pid=2892->guuid=8fd6b181-1900-0000-6e84-968e8e100000 pid=4238 clone a440794d-b90c-5e2c-a2ca-7c3cac666c21 196.251.107.133:80 guuid=8f70447a-1700-0000-6e84-968e5b0b0000 pid=2907->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=fcbb2780-1700-0000-6e84-968e5f0b0000 pid=2911->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e0affa8f-1700-0000-6e84-968e760b0000 pid=2934->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936 /tmp/robben net send-data zombie guuid=e0affa8f-1700-0000-6e84-968e760b0000 pid=2934->guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936 clone guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con bafb902f-2fbe-592f-8080-d95cd4976752 196.251.107.133:18129 guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936->bafb902f-2fbe-592f-8080-d95cd4976752 send: 12B guuid=7ae01191-1700-0000-6e84-968e790b0000 pid=2937 /tmp/robben guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936->guuid=7ae01191-1700-0000-6e84-968e790b0000 pid=2937 clone guuid=9cf21691-1700-0000-6e84-968e7a0b0000 pid=2938 /tmp/robben guuid=95c30091-1700-0000-6e84-968e780b0000 pid=2936->guuid=9cf21691-1700-0000-6e84-968e7a0b0000 pid=2938 clone guuid=48891891-1700-0000-6e84-968e7b0b0000 pid=2939->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=76e5d697-1700-0000-6e84-968e880b0000 pid=2952->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B guuid=0f92099e-1700-0000-6e84-968e910b0000 pid=2961->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 0637bfa0-18a1-551d-95eb-ed76e272eef1 0.0.0.0:18129 guuid=0f92099e-1700-0000-6e84-968e910b0000 pid=2961->0637bfa0-18a1-551d-95eb-ed76e272eef1 con guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538 /tmp/robben net send-data zombie guuid=0f92099e-1700-0000-6e84-968e910b0000 pid=2961->guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538 clone guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538->bafb902f-2fbe-592f-8080-d95cd4976752 send: 14B guuid=8fb95fc9-1800-0000-6e84-968ed40d0000 pid=3540 /tmp/robben guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538->guuid=8fb95fc9-1800-0000-6e84-968ed40d0000 pid=3540 clone guuid=f8fb67c9-1800-0000-6e84-968ed50d0000 pid=3541 /tmp/robben guuid=47774bc9-1800-0000-6e84-968ed20d0000 pid=3538->guuid=f8fb67c9-1800-0000-6e84-968ed50d0000 pid=3541 clone guuid=51ef55c9-1800-0000-6e84-968ed30d0000 pid=3539->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=c94f53ce-1800-0000-6e84-968ee00d0000 pid=3552->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=4e0d84e2-1800-0000-6e84-968e1d0e0000 pid=3613->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=60bfb5e6-1800-0000-6e84-968e2a0e0000 pid=3626->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=cda9f4eb-1800-0000-6e84-968e450e0000 pid=3653->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=8f4847ef-1800-0000-6e84-968e540e0000 pid=3668->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=a4c2dff7-1800-0000-6e84-968e610e0000 pid=3681->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=75bca7fb-1800-0000-6e84-968e620e0000 pid=3682->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=c91b6903-1900-0000-6e84-968e750e0000 pid=3701->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=b8e5c707-1900-0000-6e84-968e840e0000 pid=3716->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B guuid=50b4eb0e-1900-0000-6e84-968eaa0e0000 pid=3754->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=7ea7c912-1900-0000-6e84-968ebc0e0000 pid=3772->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B guuid=699f2219-1900-0000-6e84-968ed50e0000 pid=3797->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=1d373b1c-1900-0000-6e84-968ee50e0000 pid=3813->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=2abe9422-1900-0000-6e84-968e110f0000 pid=3857->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=f46e1527-1900-0000-6e84-968e1b0f0000 pid=3867->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=35fb292c-1900-0000-6e84-968e350f0000 pid=3893->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=44a25730-1900-0000-6e84-968e450f0000 pid=3909->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=1ee5d238-1900-0000-6e84-968e600f0000 pid=3936->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=eab02b3c-1900-0000-6e84-968e6f0f0000 pid=3951->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=9f222d41-1900-0000-6e84-968e870f0000 pid=3975->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=69c0e944-1900-0000-6e84-968e9b0f0000 pid=3995->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=0db5474d-1900-0000-6e84-968ec00f0000 pid=4032->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=268c8751-1900-0000-6e84-968ed00f0000 pid=4048->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=e828f157-1900-0000-6e84-968eef0f0000 pid=4079->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=12e89a5c-1900-0000-6e84-968e07100000 pid=4103->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=74723962-1900-0000-6e84-968e26100000 pid=4134->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 140B guuid=c05f7766-1900-0000-6e84-968e3b100000 pid=4155->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 89B guuid=5605926d-1900-0000-6e84-968e52100000 pid=4178->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=fe8e2b72-1900-0000-6e84-968e61100000 pid=4193->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B guuid=15bc2c78-1900-0000-6e84-968e7e100000 pid=4222->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 139B guuid=b3393a7c-1900-0000-6e84-968e8b100000 pid=4235->a440794d-b90c-5e2c-a2ca-7c3cac666c21 send: 88B
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-03-07 08:08:23 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Result
Malware family:
Score:
  10/10
Tags:
family:mirai botnet:mirai antivm botnet defense_evasion discovery linux upx
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 1212ccdb015645af6b3d2f8f1d23febf8a9ffb91c89f9c524898c83410394191

(this sample)

  
Delivery method
Distributed via web download

Comments