MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e
SHA3-384 hash: e8db74c93248084f2148bfbc69441b35e419713cdd90a4b160b1926494580592e0bfe2e3bdc84e60f7c91994702fbe7a
SHA1 hash: 65268e8801c34012fba8ab016eebaa62bee1a188
MD5 hash: b4e9c66c3100c911e758f449e4e1c74f
humanhash: diet-ceiling-alabama-avocado
File name:router.zyxel.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'337 bytes
First seen:2025-08-19 19:13:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Kr+60ErVLld6zErQ6CErQWzUf6KMrQTmz6KYErraOEd61rk6Zra6nryVd6tr/t/x:m05zmC8Uz4HbJzLht/e3J4zgIiJja
TLSH T13621289EA85C710AB1F9CB01B813D7449F4DC5A79E902F01A78C7C36C7CED14F925A89
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.84.25/kitty.armv7ld2e3797d560655d10343c8749c8b5764fad4e198922fb2eeb926d0d118336086 Miraielf mirai ua-wget
http://87.121.84.25/kitty.armv6lb972934f1394eae72964b3f04c46274261545ae8228eb486cde8c3e412e08cc3 Miraielf mirai ua-wget
http://87.121.84.25/kitty.armv5l97b4d91cdf8381fd41328dfe32f3a251b534dd9f113ac9ec9f846d3addf04101 Miraielf mirai ua-wget
http://87.121.84.25/kitty.mipsc812b4f50d1288e9b517b6537de95de6aac192cf046be6b724f2d281a03c8868 Miraielf mirai ua-wget
http://87.121.84.25/kitty.mipsel939235c603e1ed8b025723acd727bb1172ead9c1b2732c65118430e8df89f42f Miraielf mirai ua-wget
http://87.121.84.25/kitty.aarch648ce935a8bb49a62aa1820e6b9fe9ed7a5443ff7b52dc9b3cd61a51312268786d Miraielf mirai ua-wget
http://87.121.84.25/kitty.i68622e0da690218ce29ecd3a2e009b4b4132213a78e9ac55df412449fdc974730c4 Miraielf mirai ua-wget
http://87.121.84.25/kitty.i486ed431df063607e4eb0d0727ed1be114f86ca0e1e7f8ccf3cc342257e7ffd8c20 Miraielf mirai ua-wget
http://87.121.84.25/kitty.x86_6456ec330679baad3e92d2ee3a4a7e8b4eb2264dc580f5c5d96cab80381a00fe9c Miraielf mirai ua-wget
http://87.121.84.25/kitty.powerpc621cd88f72054e15eebba7a81a790b92eb31909e3162d0e9ab39075dc713056a Miraielf mirai ua-wget
http://87.121.84.25/kitty.powerpc644205d66932386177580f0c3ef524a89c6716c56ee27248ca38b5f1945270a8be Miraielf mirai ua-wget
http://87.121.84.25/kitty.m68k9badc17fbdb06c26c0c1681674fe8f28fa9e60be812a8a99b73177296184e1ff Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/67bac6b1-2167-431c-9768-e110aebc948c
Behavior Graph:
Download SVG
%3 guuid=a9b62d91-1900-0000-eb14-b0f9770b0000 pid=2935 /usr/bin/sudo guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940 /tmp/sample.bin guuid=a9b62d91-1900-0000-eb14-b0f9770b0000 pid=2935->guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940 execve guuid=61b42294-1900-0000-eb14-b0f97d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=61b42294-1900-0000-eb14-b0f97d0b0000 pid=2941 execve guuid=cf6237a4-1900-0000-eb14-b0f98f0b0000 pid=2959 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=cf6237a4-1900-0000-eb14-b0f98f0b0000 pid=2959 execve guuid=a57c0ba5-1900-0000-eb14-b0f9900b0000 pid=2960 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=a57c0ba5-1900-0000-eb14-b0f9900b0000 pid=2960 clone guuid=1e10fca6-1900-0000-eb14-b0f9950b0000 pid=2965 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=1e10fca6-1900-0000-eb14-b0f9950b0000 pid=2965 execve guuid=81b380a7-1900-0000-eb14-b0f9970b0000 pid=2967 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=81b380a7-1900-0000-eb14-b0f9970b0000 pid=2967 execve guuid=f58415ad-1900-0000-eb14-b0f99d0b0000 pid=2973 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=f58415ad-1900-0000-eb14-b0f99d0b0000 pid=2973 execve guuid=e44facad-1900-0000-eb14-b0f99e0b0000 pid=2974 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=e44facad-1900-0000-eb14-b0f99e0b0000 pid=2974 clone guuid=701d01b0-1900-0000-eb14-b0f9a50b0000 pid=2981 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=701d01b0-1900-0000-eb14-b0f9a50b0000 pid=2981 execve guuid=64dd3ab0-1900-0000-eb14-b0f9a60b0000 pid=2982 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=64dd3ab0-1900-0000-eb14-b0f9a60b0000 pid=2982 execve guuid=cbeddab5-1900-0000-eb14-b0f9ae0b0000 pid=2990 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=cbeddab5-1900-0000-eb14-b0f9ae0b0000 pid=2990 execve guuid=aeac20b6-1900-0000-eb14-b0f9af0b0000 pid=2991 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=aeac20b6-1900-0000-eb14-b0f9af0b0000 pid=2991 clone guuid=ea1ac1b6-1900-0000-eb14-b0f9b20b0000 pid=2994 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=ea1ac1b6-1900-0000-eb14-b0f9b20b0000 pid=2994 execve guuid=2f2623b7-1900-0000-eb14-b0f9b40b0000 pid=2996 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=2f2623b7-1900-0000-eb14-b0f9b40b0000 pid=2996 execve guuid=157deebd-1900-0000-eb14-b0f9c90b0000 pid=3017 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=157deebd-1900-0000-eb14-b0f9c90b0000 pid=3017 execve guuid=85e72bbe-1900-0000-eb14-b0f9cb0b0000 pid=3019 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=85e72bbe-1900-0000-eb14-b0f9cb0b0000 pid=3019 clone guuid=0e24b5be-1900-0000-eb14-b0f9cf0b0000 pid=3023 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=0e24b5be-1900-0000-eb14-b0f9cf0b0000 pid=3023 execve guuid=d536f1be-1900-0000-eb14-b0f9d10b0000 pid=3025 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=d536f1be-1900-0000-eb14-b0f9d10b0000 pid=3025 execve guuid=c4a8d8c5-1900-0000-eb14-b0f9df0b0000 pid=3039 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=c4a8d8c5-1900-0000-eb14-b0f9df0b0000 pid=3039 execve guuid=873260c6-1900-0000-eb14-b0f9e10b0000 pid=3041 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=873260c6-1900-0000-eb14-b0f9e10b0000 pid=3041 clone guuid=2146e7c6-1900-0000-eb14-b0f9e40b0000 pid=3044 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=2146e7c6-1900-0000-eb14-b0f9e40b0000 pid=3044 execve guuid=4aeb27c7-1900-0000-eb14-b0f9e50b0000 pid=3045 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=4aeb27c7-1900-0000-eb14-b0f9e50b0000 pid=3045 execve guuid=02e9a7cc-1900-0000-eb14-b0f9f50b0000 pid=3061 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=02e9a7cc-1900-0000-eb14-b0f9f50b0000 pid=3061 execve guuid=9319f8cc-1900-0000-eb14-b0f9f60b0000 pid=3062 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=9319f8cc-1900-0000-eb14-b0f9f60b0000 pid=3062 clone guuid=d27213ce-1900-0000-eb14-b0f9fc0b0000 pid=3068 /usr/bin/rm delete-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=d27213ce-1900-0000-eb14-b0f9fc0b0000 pid=3068 execve guuid=672a47ce-1900-0000-eb14-b0f9fd0b0000 pid=3069 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=672a47ce-1900-0000-eb14-b0f9fd0b0000 pid=3069 execve guuid=a6aaeed3-1900-0000-eb14-b0f90b0c0000 pid=3083 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=a6aaeed3-1900-0000-eb14-b0f90b0c0000 pid=3083 execve guuid=84ec42d4-1900-0000-eb14-b0f90d0c0000 pid=3085 /tmp/kitty.i686 guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=84ec42d4-1900-0000-eb14-b0f90d0c0000 pid=3085 execve guuid=d38560d4-1900-0000-eb14-b0f9100c0000 pid=3088 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=d38560d4-1900-0000-eb14-b0f9100c0000 pid=3088 execve guuid=0bc1b4d4-1900-0000-eb14-b0f9130c0000 pid=3091 /usr/bin/wget guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=0bc1b4d4-1900-0000-eb14-b0f9130c0000 pid=3091 execve guuid=81bc01d5-1900-0000-eb14-b0f9150c0000 pid=3093 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=81bc01d5-1900-0000-eb14-b0f9150c0000 pid=3093 execve guuid=f34d8fd5-1900-0000-eb14-b0f9180c0000 pid=3096 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=f34d8fd5-1900-0000-eb14-b0f9180c0000 pid=3096 clone guuid=32cf9ed5-1900-0000-eb14-b0f9190c0000 pid=3097 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=32cf9ed5-1900-0000-eb14-b0f9190c0000 pid=3097 execve guuid=b5fbd7d5-1900-0000-eb14-b0f91b0c0000 pid=3099 /usr/bin/wget net send-data write-file guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=b5fbd7d5-1900-0000-eb14-b0f91b0c0000 pid=3099 execve guuid=439ce5da-1900-0000-eb14-b0f92a0c0000 pid=3114 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=439ce5da-1900-0000-eb14-b0f92a0c0000 pid=3114 execve guuid=f35618db-1900-0000-eb14-b0f92b0c0000 pid=3115 /tmp/kitty.x86_64 guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=f35618db-1900-0000-eb14-b0f92b0c0000 pid=3115 execve guuid=d16a2bdb-1900-0000-eb14-b0f92d0c0000 pid=3117 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=d16a2bdb-1900-0000-eb14-b0f92d0c0000 pid=3117 execve guuid=8c6352db-1900-0000-eb14-b0f92e0c0000 pid=3118 /usr/bin/wget guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=8c6352db-1900-0000-eb14-b0f92e0c0000 pid=3118 execve guuid=a31a72db-1900-0000-eb14-b0f92f0c0000 pid=3119 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=a31a72db-1900-0000-eb14-b0f92f0c0000 pid=3119 execve guuid=c85eb8db-1900-0000-eb14-b0f9330c0000 pid=3123 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=c85eb8db-1900-0000-eb14-b0f9330c0000 pid=3123 clone guuid=6978bedb-1900-0000-eb14-b0f9340c0000 pid=3124 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=6978bedb-1900-0000-eb14-b0f9340c0000 pid=3124 execve guuid=eb1900dc-1900-0000-eb14-b0f9350c0000 pid=3125 /usr/bin/wget guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=eb1900dc-1900-0000-eb14-b0f9350c0000 pid=3125 execve guuid=cc732bdc-1900-0000-eb14-b0f9360c0000 pid=3126 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=cc732bdc-1900-0000-eb14-b0f9360c0000 pid=3126 execve guuid=f7436edc-1900-0000-eb14-b0f9370c0000 pid=3127 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=f7436edc-1900-0000-eb14-b0f9370c0000 pid=3127 clone guuid=af7f75dc-1900-0000-eb14-b0f9380c0000 pid=3128 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=af7f75dc-1900-0000-eb14-b0f9380c0000 pid=3128 execve guuid=d6e8b6dc-1900-0000-eb14-b0f9390c0000 pid=3129 /usr/bin/wget guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=d6e8b6dc-1900-0000-eb14-b0f9390c0000 pid=3129 execve guuid=e403c9dc-1900-0000-eb14-b0f93a0c0000 pid=3130 /usr/bin/chmod guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=e403c9dc-1900-0000-eb14-b0f93a0c0000 pid=3130 execve guuid=33a2fadc-1900-0000-eb14-b0f93b0c0000 pid=3131 /usr/bin/dash guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=33a2fadc-1900-0000-eb14-b0f93b0c0000 pid=3131 clone guuid=563a0edd-1900-0000-eb14-b0f93c0c0000 pid=3132 /usr/bin/rm guuid=1a15d893-1900-0000-eb14-b0f97c0b0000 pid=2940->guuid=563a0edd-1900-0000-eb14-b0f93c0c0000 pid=3132 execve c2bda3f7-5d35-5833-af38-306867a04a68 87.121.84.25:80 guuid=61b42294-1900-0000-eb14-b0f97d0b0000 pid=2941->c2bda3f7-5d35-5833-af38-306867a04a68 send: 139B guuid=81b380a7-1900-0000-eb14-b0f9970b0000 pid=2967->c2bda3f7-5d35-5833-af38-306867a04a68 send: 139B guuid=64dd3ab0-1900-0000-eb14-b0f9a60b0000 pid=2982->c2bda3f7-5d35-5833-af38-306867a04a68 send: 139B guuid=2f2623b7-1900-0000-eb14-b0f9b40b0000 pid=2996->c2bda3f7-5d35-5833-af38-306867a04a68 send: 137B guuid=d536f1be-1900-0000-eb14-b0f9d10b0000 pid=3025->c2bda3f7-5d35-5833-af38-306867a04a68 send: 139B guuid=4aeb27c7-1900-0000-eb14-b0f9e50b0000 pid=3045->c2bda3f7-5d35-5833-af38-306867a04a68 send: 140B guuid=672a47ce-1900-0000-eb14-b0f9fd0b0000 pid=3069->c2bda3f7-5d35-5833-af38-306867a04a68 send: 137B guuid=f75c5ad4-1900-0000-eb14-b0f90e0c0000 pid=3086 /tmp/kitty.i686 guuid=84ec42d4-1900-0000-eb14-b0f90d0c0000 pid=3085->guuid=f75c5ad4-1900-0000-eb14-b0f90e0c0000 pid=3086 clone guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3089 /tmp/kitty.i686 delete-file net send-data zombie guuid=f75c5ad4-1900-0000-eb14-b0f90e0c0000 pid=3086->guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3089 clone eb9dca7b-d301-522e-83c7-8d6f291efc38 66.78.40.221:9080 guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3089->eb9dca7b-d301-522e-83c7-8d6f291efc38 send: 35B 74e4e219-c467-5008-a212-50a3f10516d3 114.114.115.115:53 guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3089->74e4e219-c467-5008-a212-50a3f10516d3 send: 40B guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3090 /tmp/kitty.i686 zombie guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3089->guuid=e82965d4-1900-0000-eb14-b0f9110c0000 pid=3090 clone guuid=b5fbd7d5-1900-0000-eb14-b0f91b0c0000 pid=3099->c2bda3f7-5d35-5833-af38-306867a04a68 send: 139B guuid=af3627db-1900-0000-eb14-b0f92c0c0000 pid=3116 /tmp/kitty.x86_64 guuid=f35618db-1900-0000-eb14-b0f92b0c0000 pid=3115->guuid=af3627db-1900-0000-eb14-b0f92c0c0000 pid=3116 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-18 03:12:26 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=clib4aoqyne3jdvsipz2r5je2g5zuwcprnpkeqffakl6ofw7b4pa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250819-xxcp9afq9v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 12d01e01d0c349b48eb243f3a8f524d1bb9a584f8b5ea240a50297e716df0f1e

(this sample)

Mirai

elf d2e3797d560655d10343c8749c8b5764fad4e198922fb2eeb926d0d118336086

  
URLhaus
https://urlhaus.abuse.ch/url/3606958/
  
Delivery method
Distributed via web download
  
Dropping
MD5 593cc3ec6c1723bf95f71fda5a440e84
  
Dropping
SHA256 d2e3797d560655d10343c8749c8b5764fad4e198922fb2eeb926d0d118336086

Comments