MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f
SHA3-384 hash: 48d75d38f687f3aaae78c256c2a0788617b37c3e5e0bd0e7ef7107c1ce1af389d4823580a3e09d0059b3b3b437226ba1
SHA1 hash: 6f94e663cdc041a52112410b20192b53f4668566
MD5 hash: 24fca0c286778a7384198ab2236e556c
humanhash: emma-georgia-thirteen-delta
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'048 bytes
First seen:2025-08-07 15:55:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:jiZxCWlX2NI9kxQySKxEFWxRI4XGoBWbPjSW5RN5/WRyoxJgMhy99DBoy9YdQ9:u5lmNIqqKx6C1XfWRRv/WRlbk
TLSH T19E1193CD106473600D39EDEA724ECC49A008CEE462D85FBDF66C4D33A1A5E21B535B1D
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://167.172.79.24/bot.armb476667858ae5fe2a20c429a8aa8ec77317efcc6ed1518a59a6e5c46c2deef73 Miraielf mirai ua-wget
http://167.172.79.24/bot.arm599e3320167a65a6b624bdbd4f37b3e88e1ca1136de8279a5e633f2882a7f6542 Miraielf mirai ua-wget
http://167.172.79.24/bot.arm60f44aede734dac096441ab104886b033b3dae64edec4401a0cc70361b88cde0b Miraielf mirai ua-wget
http://167.172.79.24/bot.arm752a9ae86943bd25e03a6aa0575210689a187dd27162c0ed2eb9d8ac1d132ac7d Mirai32-bit elf mirai Mozi
http://167.172.79.24/bot.i686n/an/aelf ua-wget
http://167.172.79.24/bot.sh4a970b18515cfc26c6ccf68aae4b6465bb4bf0c02583973ea994c82c3063790e9 Miraielf mirai ua-wget
http://167.172.79.24/bot.arcn/an/aelf ua-wget
http://167.172.79.24/bot.mips1d8a57c2af6fbc673862caadd357f7fbec4762fd41ac3a9906ad2f250389e487 Mirai32-bit elf mirai Mozi
http://167.172.79.24/bot.mipseln/an/aelf ua-wget
http://167.172.79.24/bot.powerpcn/an/aelf ua-wget
http://167.172.79.24/bot.sparcn/an/aelf ua-wget
http://167.172.79.24/bot.x86_6482ab78602c8e9fba93ff8d67857fe577f91dd660918d7806c0e62898c3735bb9 Miraielf mirai ua-wget
http://167.172.79.24/bot.x86_32n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e0129f65-46a4-4b23-9882-b5e967959061
Behavior Graph:
Download SVG
%3 guuid=80683519-2000-0000-b36e-5d117e0c0000 pid=3198 /usr/bin/sudo guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199 /tmp/sample.bin guuid=80683519-2000-0000-b36e-5d117e0c0000 pid=3198->guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199 execve guuid=d43f441c-2000-0000-b36e-5d11800c0000 pid=3200 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=d43f441c-2000-0000-b36e-5d11800c0000 pid=3200 execve guuid=4da3174c-2000-0000-b36e-5d11a50c0000 pid=3237 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=4da3174c-2000-0000-b36e-5d11a50c0000 pid=3237 execve guuid=dc81734c-2000-0000-b36e-5d11a60c0000 pid=3238 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=dc81734c-2000-0000-b36e-5d11a60c0000 pid=3238 clone guuid=35ab2f4f-2000-0000-b36e-5d11a80c0000 pid=3240 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=35ab2f4f-2000-0000-b36e-5d11a80c0000 pid=3240 execve guuid=c3ea2f7f-2000-0000-b36e-5d11d30c0000 pid=3283 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=c3ea2f7f-2000-0000-b36e-5d11d30c0000 pid=3283 execve guuid=1410917f-2000-0000-b36e-5d11d40c0000 pid=3284 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=1410917f-2000-0000-b36e-5d11d40c0000 pid=3284 clone guuid=48045381-2000-0000-b36e-5d11d60c0000 pid=3286 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=48045381-2000-0000-b36e-5d11d60c0000 pid=3286 execve guuid=d6b7e2b3-2000-0000-b36e-5d11370d0000 pid=3383 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=d6b7e2b3-2000-0000-b36e-5d11370d0000 pid=3383 execve guuid=27e625b4-2000-0000-b36e-5d11380d0000 pid=3384 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=27e625b4-2000-0000-b36e-5d11380d0000 pid=3384 clone guuid=cc04d2b4-2000-0000-b36e-5d113b0d0000 pid=3387 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=cc04d2b4-2000-0000-b36e-5d113b0d0000 pid=3387 execve guuid=ef7bfee6-2000-0000-b36e-5d11be0d0000 pid=3518 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=ef7bfee6-2000-0000-b36e-5d11be0d0000 pid=3518 execve guuid=0d8e5ce7-2000-0000-b36e-5d11c00d0000 pid=3520 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=0d8e5ce7-2000-0000-b36e-5d11c00d0000 pid=3520 clone guuid=177df8e8-2000-0000-b36e-5d11c80d0000 pid=3528 /usr/bin/busybox net send-data guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=177df8e8-2000-0000-b36e-5d11c80d0000 pid=3528 execve guuid=745d48fc-2000-0000-b36e-5d11d60d0000 pid=3542 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=745d48fc-2000-0000-b36e-5d11d60d0000 pid=3542 execve guuid=b96ed2fc-2000-0000-b36e-5d11d70d0000 pid=3543 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=b96ed2fc-2000-0000-b36e-5d11d70d0000 pid=3543 clone guuid=fa0be1fc-2000-0000-b36e-5d11d90d0000 pid=3545 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=fa0be1fc-2000-0000-b36e-5d11d90d0000 pid=3545 execve guuid=51bae22c-2100-0000-b36e-5d11310e0000 pid=3633 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=51bae22c-2100-0000-b36e-5d11310e0000 pid=3633 execve guuid=db27392d-2100-0000-b36e-5d11330e0000 pid=3635 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=db27392d-2100-0000-b36e-5d11330e0000 pid=3635 clone guuid=e2456c2e-2100-0000-b36e-5d11370e0000 pid=3639 /usr/bin/busybox net send-data guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=e2456c2e-2100-0000-b36e-5d11370e0000 pid=3639 execve guuid=77db6745-2100-0000-b36e-5d11680e0000 pid=3688 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=77db6745-2100-0000-b36e-5d11680e0000 pid=3688 execve guuid=6f42b145-2100-0000-b36e-5d116a0e0000 pid=3690 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=6f42b145-2100-0000-b36e-5d116a0e0000 pid=3690 clone guuid=a4a3c345-2100-0000-b36e-5d116b0e0000 pid=3691 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=a4a3c345-2100-0000-b36e-5d116b0e0000 pid=3691 execve guuid=90945f7e-2100-0000-b36e-5d11f60e0000 pid=3830 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=90945f7e-2100-0000-b36e-5d11f60e0000 pid=3830 execve guuid=41a5a57e-2100-0000-b36e-5d11f90e0000 pid=3833 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=41a5a57e-2100-0000-b36e-5d11f90e0000 pid=3833 clone guuid=30617580-2100-0000-b36e-5d11030f0000 pid=3843 /usr/bin/busybox net send-data guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=30617580-2100-0000-b36e-5d11030f0000 pid=3843 execve guuid=d7cbb093-2100-0000-b36e-5d113c0f0000 pid=3900 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=d7cbb093-2100-0000-b36e-5d113c0f0000 pid=3900 execve guuid=93760294-2100-0000-b36e-5d113e0f0000 pid=3902 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=93760294-2100-0000-b36e-5d113e0f0000 pid=3902 clone guuid=31800d94-2100-0000-b36e-5d113f0f0000 pid=3903 /usr/bin/busybox net send-data guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=31800d94-2100-0000-b36e-5d113f0f0000 pid=3903 execve guuid=ee8108aa-2100-0000-b36e-5d11720f0000 pid=3954 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=ee8108aa-2100-0000-b36e-5d11720f0000 pid=3954 execve guuid=354183aa-2100-0000-b36e-5d11750f0000 pid=3957 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=354183aa-2100-0000-b36e-5d11750f0000 pid=3957 clone guuid=dacc93aa-2100-0000-b36e-5d11760f0000 pid=3958 /usr/bin/busybox net send-data guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=dacc93aa-2100-0000-b36e-5d11760f0000 pid=3958 execve guuid=4c65a9bd-2100-0000-b36e-5d11aa0f0000 pid=4010 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=4c65a9bd-2100-0000-b36e-5d11aa0f0000 pid=4010 execve guuid=cdf411be-2100-0000-b36e-5d11ae0f0000 pid=4014 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=cdf411be-2100-0000-b36e-5d11ae0f0000 pid=4014 clone guuid=05921ebe-2100-0000-b36e-5d11af0f0000 pid=4015 /usr/bin/busybox net send-data write-file guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=05921ebe-2100-0000-b36e-5d11af0f0000 pid=4015 execve guuid=0ed48af2-2100-0000-b36e-5d114f100000 pid=4175 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=0ed48af2-2100-0000-b36e-5d114f100000 pid=4175 execve guuid=70a8edf2-2100-0000-b36e-5d1151100000 pid=4177 /home/sandbox/bot.x86_64 delete-file net guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=70a8edf2-2100-0000-b36e-5d1151100000 pid=4177 execve guuid=95f021f3-2100-0000-b36e-5d1157100000 pid=4183 /usr/bin/busybox net guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=95f021f3-2100-0000-b36e-5d1157100000 pid=4183 execve guuid=a47bfff3-2100-0000-b36e-5d115b100000 pid=4187 /usr/bin/chmod guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=a47bfff3-2100-0000-b36e-5d115b100000 pid=4187 execve guuid=49157ef4-2100-0000-b36e-5d115d100000 pid=4189 /usr/bin/dash guuid=d642d91b-2000-0000-b36e-5d117f0c0000 pid=3199->guuid=49157ef4-2100-0000-b36e-5d115d100000 pid=4189 clone a5144d71-be3c-5bf0-8440-43cabcc1e55c 167.172.79.24:80 guuid=d43f441c-2000-0000-b36e-5d11800c0000 pid=3200->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 83B guuid=35ab2f4f-2000-0000-b36e-5d11a80c0000 pid=3240->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 84B guuid=48045381-2000-0000-b36e-5d11d60c0000 pid=3286->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 84B guuid=cc04d2b4-2000-0000-b36e-5d113b0d0000 pid=3387->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 84B guuid=177df8e8-2000-0000-b36e-5d11c80d0000 pid=3528->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 84B guuid=fa0be1fc-2000-0000-b36e-5d11d90d0000 pid=3545->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 83B guuid=e2456c2e-2100-0000-b36e-5d11370e0000 pid=3639->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 83B guuid=a4a3c345-2100-0000-b36e-5d116b0e0000 pid=3691->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 84B guuid=30617580-2100-0000-b36e-5d11030f0000 pid=3843->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 86B guuid=31800d94-2100-0000-b36e-5d113f0f0000 pid=3903->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 87B guuid=dacc93aa-2100-0000-b36e-5d11760f0000 pid=3958->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 85B guuid=05921ebe-2100-0000-b36e-5d11af0f0000 pid=4015->a5144d71-be3c-5bf0-8440-43cabcc1e55c send: 86B 9c4b56d3-332b-5169-9212-086da90581d5 167.172.79.24:53 guuid=70a8edf2-2100-0000-b36e-5d1151100000 pid=4177->9c4b56d3-332b-5169-9212-086da90581d5 con guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181 /home/sandbox/bot.x86_64 dns net send-data zombie guuid=70a8edf2-2100-0000-b36e-5d1151100000 pid=4177->guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 39B 077664b5-65b9-567b-ae41-ffa1ba3d27e2 botnetszx.duckdns.org:43957 guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181->077664b5-65b9-567b-ae41-ffa1ba3d27e2 send: 9B 69089a9e-262b-589f-a813-30fe290bcfa9 botnetszx.duckdns.org:53 guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181->69089a9e-262b-589f-a813-30fe290bcfa9 con guuid=ac7521f3-2100-0000-b36e-5d1156100000 pid=4182 /home/sandbox/bot.x86_64 guuid=20ac18f3-2100-0000-b36e-5d1155100000 pid=4181->guuid=ac7521f3-2100-0000-b36e-5d1156100000 pid=4182 clone guuid=95f021f3-2100-0000-b36e-5d1157100000 pid=4183->a5144d71-be3c-5bf0-8440-43cabcc1e55c con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f/
Verdict:
Malicious
Threat:
Linux.Worm.Mirai
Link:
https://tip.neiki.dev/file/3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-07 15:56:44 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gwm2zv6b6zzkygbwpkoufvupqfjollf7wmywbgafpbnhp5v5ozpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250807-tdk1qsck5v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3599acd7c1f672ac18367a9d42d68f8152e5acbfb331609805785a77f6bd765f

(this sample)

Mirai

elf b476667858ae5fe2a20c429a8aa8ec77317efcc6ed1518a59a6e5c46c2deef73

  
URLhaus
https://urlhaus.abuse.ch/url/3598691/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3598703/
  
Dropping
MD5 28e186519a24b61528eb1943fa8269fd
  
Dropping
SHA256 b476667858ae5fe2a20c429a8aa8ec77317efcc6ed1518a59a6e5c46c2deef73

Comments