MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156
SHA3-384 hash: 3f96a76026c2bfa941e38e48c26743a13de05c1480ba9a3a3784be27e5daf61a459824ca1ea6a4ba0e3e6c50bc47df7c
SHA1 hash: 7f27805fa05cb73eef56edb057e1b74ab49a5fae
MD5 hash: 6d4c51e9905085a95bf96e19d62331af
humanhash: jupiter-wolfram-arkansas-cup
File name:iot.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'761 bytes
First seen:2025-09-29 18:21:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:NaevlNa7Upj+NIAmziOF/D/hTMTmaS17fGSJA:NaevlNa7UpQmzf/D/lYmJxGSJA
TLSH T11531E0C96321A331591BCF70B3AFC849E271D0E572850F5ABDD80CB2C88D645767AEB8
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.97.149.138/systemcl/arc62fe11867609d9e615a9e4356e2770c1186cf083109c2aa6e06bd3273969246c Miraielf mirai
http://161.97.149.138/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://161.97.149.138/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://161.97.149.138/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://161.97.149.138/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://161.97.149.138/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://161.97.149.138/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://161.97.149.138/systemcl/sh4n/an/aelf ua-wget
http://161.97.149.138/systemcl/spcn/an/aelf ua-wget
http://161.97.149.138/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/82816864-7ac8-4ba4-9b94-40706dc3d033
Behavior Graph:
Download SVG
%3 guuid=138044e7-1f00-0000-ccda-54ff000d0000 pid=3328 /usr/bin/sudo guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332 /tmp/sample.bin guuid=138044e7-1f00-0000-ccda-54ff000d0000 pid=3328->guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332 execve guuid=b5bb29e9-1f00-0000-ccda-54ff050d0000 pid=3333 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=b5bb29e9-1f00-0000-ccda-54ff050d0000 pid=3333 execve guuid=38b38df5-1f00-0000-ccda-54ff060d0000 pid=3334 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=38b38df5-1f00-0000-ccda-54ff060d0000 pid=3334 execve guuid=866a9801-2000-0000-ccda-54ff080d0000 pid=3336 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=866a9801-2000-0000-ccda-54ff080d0000 pid=3336 execve guuid=a918f101-2000-0000-ccda-54ff0a0d0000 pid=3338 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=a918f101-2000-0000-ccda-54ff0a0d0000 pid=3338 execve guuid=63325002-2000-0000-ccda-54ff0c0d0000 pid=3340 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=63325002-2000-0000-ccda-54ff0c0d0000 pid=3340 clone guuid=4aae0503-2000-0000-ccda-54ff100d0000 pid=3344 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=4aae0503-2000-0000-ccda-54ff100d0000 pid=3344 execve guuid=00b50a08-2000-0000-ccda-54ff1e0d0000 pid=3358 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=00b50a08-2000-0000-ccda-54ff1e0d0000 pid=3358 execve guuid=45a4de0d-2000-0000-ccda-54ff290d0000 pid=3369 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=45a4de0d-2000-0000-ccda-54ff290d0000 pid=3369 execve guuid=8a764e0e-2000-0000-ccda-54ff2b0d0000 pid=3371 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=8a764e0e-2000-0000-ccda-54ff2b0d0000 pid=3371 execve guuid=57389b0e-2000-0000-ccda-54ff2d0d0000 pid=3373 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=57389b0e-2000-0000-ccda-54ff2d0d0000 pid=3373 clone guuid=67981910-2000-0000-ccda-54ff320d0000 pid=3378 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=67981910-2000-0000-ccda-54ff320d0000 pid=3378 execve guuid=bcee8012-2000-0000-ccda-54ff370d0000 pid=3383 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=bcee8012-2000-0000-ccda-54ff370d0000 pid=3383 execve guuid=97878a16-2000-0000-ccda-54ff420d0000 pid=3394 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=97878a16-2000-0000-ccda-54ff420d0000 pid=3394 execve guuid=455bf216-2000-0000-ccda-54ff450d0000 pid=3397 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=455bf216-2000-0000-ccda-54ff450d0000 pid=3397 execve guuid=ad774f17-2000-0000-ccda-54ff470d0000 pid=3399 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=ad774f17-2000-0000-ccda-54ff470d0000 pid=3399 clone guuid=a8070f18-2000-0000-ccda-54ff4a0d0000 pid=3402 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=a8070f18-2000-0000-ccda-54ff4a0d0000 pid=3402 execve guuid=5686331e-2000-0000-ccda-54ff590d0000 pid=3417 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=5686331e-2000-0000-ccda-54ff590d0000 pid=3417 execve guuid=4bbfce26-2000-0000-ccda-54ff720d0000 pid=3442 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=4bbfce26-2000-0000-ccda-54ff720d0000 pid=3442 execve guuid=aa401727-2000-0000-ccda-54ff740d0000 pid=3444 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=aa401727-2000-0000-ccda-54ff740d0000 pid=3444 execve guuid=0eff5d27-2000-0000-ccda-54ff760d0000 pid=3446 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=0eff5d27-2000-0000-ccda-54ff760d0000 pid=3446 clone guuid=832e4a29-2000-0000-ccda-54ff7d0d0000 pid=3453 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=832e4a29-2000-0000-ccda-54ff7d0d0000 pid=3453 execve guuid=52bc0a2d-2000-0000-ccda-54ff890d0000 pid=3465 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=52bc0a2d-2000-0000-ccda-54ff890d0000 pid=3465 execve guuid=7ef1ab30-2000-0000-ccda-54ff970d0000 pid=3479 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=7ef1ab30-2000-0000-ccda-54ff970d0000 pid=3479 execve guuid=9cd2f730-2000-0000-ccda-54ff990d0000 pid=3481 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=9cd2f730-2000-0000-ccda-54ff990d0000 pid=3481 execve guuid=5bf94731-2000-0000-ccda-54ff9b0d0000 pid=3483 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=5bf94731-2000-0000-ccda-54ff9b0d0000 pid=3483 clone guuid=1606ec31-2000-0000-ccda-54ff9e0d0000 pid=3486 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=1606ec31-2000-0000-ccda-54ff9e0d0000 pid=3486 execve guuid=1d260f35-2000-0000-ccda-54ffa90d0000 pid=3497 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=1d260f35-2000-0000-ccda-54ffa90d0000 pid=3497 execve guuid=c2ee3b39-2000-0000-ccda-54ffb70d0000 pid=3511 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=c2ee3b39-2000-0000-ccda-54ffb70d0000 pid=3511 execve guuid=7bde8d39-2000-0000-ccda-54ffb90d0000 pid=3513 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=7bde8d39-2000-0000-ccda-54ffb90d0000 pid=3513 execve guuid=af0ae339-2000-0000-ccda-54ffba0d0000 pid=3514 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=af0ae339-2000-0000-ccda-54ffba0d0000 pid=3514 clone guuid=82ae653a-2000-0000-ccda-54ffbe0d0000 pid=3518 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=82ae653a-2000-0000-ccda-54ffbe0d0000 pid=3518 execve guuid=32e40a41-2000-0000-ccda-54ffcd0d0000 pid=3533 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=32e40a41-2000-0000-ccda-54ffcd0d0000 pid=3533 execve guuid=7c5e4a69-2000-0000-ccda-54ffdd0d0000 pid=3549 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=7c5e4a69-2000-0000-ccda-54ffdd0d0000 pid=3549 execve guuid=557fa769-2000-0000-ccda-54ffdf0d0000 pid=3551 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=557fa769-2000-0000-ccda-54ffdf0d0000 pid=3551 execve guuid=80cde469-2000-0000-ccda-54ffe10d0000 pid=3553 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=80cde469-2000-0000-ccda-54ffe10d0000 pid=3553 clone guuid=4f78686a-2000-0000-ccda-54ffe40d0000 pid=3556 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=4f78686a-2000-0000-ccda-54ffe40d0000 pid=3556 execve guuid=8e40ca70-2000-0000-ccda-54ffef0d0000 pid=3567 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=8e40ca70-2000-0000-ccda-54ffef0d0000 pid=3567 execve guuid=fd5cc974-2000-0000-ccda-54fffa0d0000 pid=3578 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=fd5cc974-2000-0000-ccda-54fffa0d0000 pid=3578 execve guuid=50e11b75-2000-0000-ccda-54fffb0d0000 pid=3579 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=50e11b75-2000-0000-ccda-54fffb0d0000 pid=3579 execve guuid=45cf6675-2000-0000-ccda-54fffc0d0000 pid=3580 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=45cf6675-2000-0000-ccda-54fffc0d0000 pid=3580 clone guuid=c4412876-2000-0000-ccda-54fffe0d0000 pid=3582 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=c4412876-2000-0000-ccda-54fffe0d0000 pid=3582 execve guuid=b353a778-2000-0000-ccda-54ff040e0000 pid=3588 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=b353a778-2000-0000-ccda-54ff040e0000 pid=3588 execve guuid=12429c7d-2000-0000-ccda-54ff160e0000 pid=3606 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=12429c7d-2000-0000-ccda-54ff160e0000 pid=3606 execve guuid=0b95d97d-2000-0000-ccda-54ff180e0000 pid=3608 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=0b95d97d-2000-0000-ccda-54ff180e0000 pid=3608 execve guuid=08ce2b7e-2000-0000-ccda-54ff1a0e0000 pid=3610 /usr/bin/dash guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=08ce2b7e-2000-0000-ccda-54ff1a0e0000 pid=3610 clone guuid=7c9bb17e-2000-0000-ccda-54ff1e0e0000 pid=3614 /usr/bin/wget net send-data guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=7c9bb17e-2000-0000-ccda-54ff1e0e0000 pid=3614 execve guuid=ed75a882-2000-0000-ccda-54ff290e0000 pid=3625 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=ed75a882-2000-0000-ccda-54ff290e0000 pid=3625 execve guuid=f5878f88-2000-0000-ccda-54ff360e0000 pid=3638 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=f5878f88-2000-0000-ccda-54ff360e0000 pid=3638 execve guuid=8537e588-2000-0000-ccda-54ff380e0000 pid=3640 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=8537e588-2000-0000-ccda-54ff380e0000 pid=3640 execve guuid=5ab33689-2000-0000-ccda-54ff3a0e0000 pid=3642 /tmp/sh4 guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=5ab33689-2000-0000-ccda-54ff3a0e0000 pid=3642 execve guuid=2613b689-2000-0000-ccda-54ff3c0e0000 pid=3644 /usr/bin/wget net send-data guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=2613b689-2000-0000-ccda-54ff3c0e0000 pid=3644 execve guuid=52c8258f-2000-0000-ccda-54ff480e0000 pid=3656 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=52c8258f-2000-0000-ccda-54ff480e0000 pid=3656 execve guuid=2e0dba92-2000-0000-ccda-54ff530e0000 pid=3667 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=2e0dba92-2000-0000-ccda-54ff530e0000 pid=3667 execve guuid=9a9d1993-2000-0000-ccda-54ff550e0000 pid=3669 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=9a9d1993-2000-0000-ccda-54ff550e0000 pid=3669 execve guuid=a5d87493-2000-0000-ccda-54ff560e0000 pid=3670 /tmp/spc guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=a5d87493-2000-0000-ccda-54ff560e0000 pid=3670 execve guuid=befbb793-2000-0000-ccda-54ff570e0000 pid=3671 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=befbb793-2000-0000-ccda-54ff570e0000 pid=3671 execve guuid=a4385c96-2000-0000-ccda-54ff600e0000 pid=3680 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=a4385c96-2000-0000-ccda-54ff600e0000 pid=3680 execve guuid=96389c9c-2000-0000-ccda-54ff780e0000 pid=3704 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=96389c9c-2000-0000-ccda-54ff780e0000 pid=3704 execve guuid=039deb9c-2000-0000-ccda-54ff7a0e0000 pid=3706 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=039deb9c-2000-0000-ccda-54ff7a0e0000 pid=3706 execve guuid=37273a9d-2000-0000-ccda-54ff7c0e0000 pid=3708 /tmp/x86 net guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=37273a9d-2000-0000-ccda-54ff7c0e0000 pid=3708 execve guuid=c36f06af-2000-0000-ccda-54ffb30e0000 pid=3763 /usr/bin/wget net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=c36f06af-2000-0000-ccda-54ffb30e0000 pid=3763 execve guuid=2e6d63b5-2000-0000-ccda-54ffcb0e0000 pid=3787 /usr/bin/curl net send-data write-file guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=2e6d63b5-2000-0000-ccda-54ffcb0e0000 pid=3787 execve guuid=907f8ebb-2000-0000-ccda-54ffdc0e0000 pid=3804 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=907f8ebb-2000-0000-ccda-54ffdc0e0000 pid=3804 execve guuid=8d5ed8bb-2000-0000-ccda-54ffde0e0000 pid=3806 /usr/bin/chmod guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=8d5ed8bb-2000-0000-ccda-54ffde0e0000 pid=3806 execve guuid=782925bc-2000-0000-ccda-54ffe20e0000 pid=3810 /tmp/x86_64 net guuid=6499efe8-1f00-0000-ccda-54ff040d0000 pid=3332->guuid=782925bc-2000-0000-ccda-54ffe20e0000 pid=3810 execve fc577216-6857-5e80-aeaf-7ca7103e91b9 161.97.149.138:80 guuid=b5bb29e9-1f00-0000-ccda-54ff050d0000 pid=3333->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=38b38df5-1f00-0000-ccda-54ff060d0000 pid=3334->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=4aae0503-2000-0000-ccda-54ff100d0000 pid=3344->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=00b50a08-2000-0000-ccda-54ff1e0d0000 pid=3358->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=67981910-2000-0000-ccda-54ff320d0000 pid=3378->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=bcee8012-2000-0000-ccda-54ff370d0000 pid=3383->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=a8070f18-2000-0000-ccda-54ff4a0d0000 pid=3402->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=5686331e-2000-0000-ccda-54ff590d0000 pid=3417->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=832e4a29-2000-0000-ccda-54ff7d0d0000 pid=3453->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=52bc0a2d-2000-0000-ccda-54ff890d0000 pid=3465->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=1606ec31-2000-0000-ccda-54ff9e0d0000 pid=3486->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=1d260f35-2000-0000-ccda-54ffa90d0000 pid=3497->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=82ae653a-2000-0000-ccda-54ffbe0d0000 pid=3518->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=32e40a41-2000-0000-ccda-54ffcd0d0000 pid=3533->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=4f78686a-2000-0000-ccda-54ffe40d0000 pid=3556->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=8e40ca70-2000-0000-ccda-54ffef0d0000 pid=3567->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 91B guuid=c4412876-2000-0000-ccda-54fffe0d0000 pid=3582->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=b353a778-2000-0000-ccda-54ff040e0000 pid=3588->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=7c9bb17e-2000-0000-ccda-54ff1e0e0000 pid=3614->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=ed75a882-2000-0000-ccda-54ff290e0000 pid=3625->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=2613b689-2000-0000-ccda-54ff3c0e0000 pid=3644->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=52c8258f-2000-0000-ccda-54ff480e0000 pid=3656->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=befbb793-2000-0000-ccda-54ff570e0000 pid=3671->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=a4385c96-2000-0000-ccda-54ff600e0000 pid=3680->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=37273a9d-2000-0000-ccda-54ff7c0e0000 pid=3708->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4702f7ae-2000-0000-ccda-54ffb00e0000 pid=3760 /tmp/x86 guuid=37273a9d-2000-0000-ccda-54ff7c0e0000 pid=3708->guuid=4702f7ae-2000-0000-ccda-54ffb00e0000 pid=3760 clone guuid=b7bcfcae-2000-0000-ccda-54ffb10e0000 pid=3761 /tmp/x86 net send-data zombie guuid=37273a9d-2000-0000-ccda-54ff7c0e0000 pid=3708->guuid=b7bcfcae-2000-0000-ccda-54ffb10e0000 pid=3761 clone guuid=b7bcfcae-2000-0000-ccda-54ffb10e0000 pid=3761->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=b7bcfcae-2000-0000-ccda-54ffb10e0000 pid=3761->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 38B guuid=c36f06af-2000-0000-ccda-54ffb30e0000 pid=3763->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 144B guuid=2e6d63b5-2000-0000-ccda-54ffcb0e0000 pid=3787->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 93B guuid=782925bc-2000-0000-ccda-54ffe20e0000 pid=3810->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e7e138cc-2000-0000-ccda-54ff220f0000 pid=3874 /tmp/x86_64 guuid=782925bc-2000-0000-ccda-54ffe20e0000 pid=3810->guuid=e7e138cc-2000-0000-ccda-54ff220f0000 pid=3874 clone guuid=ef603dcc-2000-0000-ccda-54ff230f0000 pid=3875 /tmp/x86_64 net send-data zombie guuid=782925bc-2000-0000-ccda-54ffe20e0000 pid=3810->guuid=ef603dcc-2000-0000-ccda-54ff230f0000 pid=3875 clone guuid=ef603dcc-2000-0000-ccda-54ff230f0000 pid=3875->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ef603dcc-2000-0000-ccda-54ff230f0000 pid=3875->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-29 18:00:36 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=enxeelqfqplb7w4i6jidviupd6tmyrfccl6gccwsfyr74mjzkfla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250929-wz1z7a1tdw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 236e422e0583d61fdb88f2503aa28f1fa6cc44a212fc610ad22e23fe31395156

(this sample)

Mirai

elf 62fe11867609d9e615a9e4356e2770c1186cf083109c2aa6e06bd3273969246c

  
URLhaus
https://urlhaus.abuse.ch/url/3635180/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b568c8c7b91faadd565fa8c982fcd599
  
Dropping
SHA256 62fe11867609d9e615a9e4356e2770c1186cf083109c2aa6e06bd3273969246c

Comments