MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb
SHA3-384 hash: d04bd3624ee61ef704165bfe4be4e34474d85d8c46271eb1b21aaa8c48f8e8c229ad8f2460a2fbf924ba2a3430093dcf
SHA1 hash: 6f179beed47541169083b66af671852f099be58e
MD5 hash: efc2367f2adf8ab0fb4920c0f0a5d909
humanhash: floor-avocado-maryland-triple
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'042 bytes
First seen:2025-12-21 01:49:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3GObkjIXlxNI5nI1rKDPUpCd+nfspCBCqCtuk2cx6yvYPTMuHR:4ekolAIxyPkCMnfMCIqCQk2u66goux
TLSH T1D6115BCD2354D257DE0CDF4C7F9DA22CE654A7D4E5B08B20E8E5893C9A9C2093067F26
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://143.20.185.78/bins/frost.arm8a6ddd16ceeec5a114f3e8319a225ce5f75cba9225d79855231de0b113472d1f Miraiarm elf geofenced mirai ua-wget USA
http://143.20.185.78/bins/frost.arm598e2d7934b42ebce6ecbdbf56fb8bb1c0335bab4dc8b644404b8d8b41a496543 Miraiarm elf geofenced mirai ua-wget USA
http://143.20.185.78/bins/frost.arm630d1e33d231e28919cf36bf997a44965ad39c7f8dad59484906fd1e8e2826ed4 Miraiarm elf geofenced mirai ua-wget USA
http://143.20.185.78/bins/frost.arm7c9a4f7b1626cfc17d700850cf30703632e96354ae80b1c49532acb3b464d19ec Miraiarm elf geofenced mirai ua-wget USA
http://143.20.185.78/bins/frost.m68kd265fd196d8c4113f2a52dd397cfd60d75c125983f944e4869adf929e78ce039 Miraielf geofenced m68k mirai ua-wget USA
http://143.20.185.78/bins/frost.mips37c634fbfbfce823c3e25f381578336d285b49208ad9bb155493ab2b3923d23a Miraielf geofenced mips mirai ua-wget USA
http://143.20.185.78/bins/frost.mpsl881c736b0ef28f73fd09a7ed06dc6b4935f0a9e95bcd8ad05ed9bd022e3a4a7f Miraielf mirai ua-wget
http://143.20.185.78/bins/frost.ppccf642a2210f02af51797257777169041c7d55d1558d030e36ce69d2321ff8601 Miraielf geofenced mirai PowerPC ua-wget USA
http://143.20.185.78/bins/frost.sh4ab4454e6726ed09e3045755d53d4168e30b74fb5c3f2fb82d472789b65059075 Miraielf geofenced mirai SuperH ua-wget USA
http://143.20.185.78/bins/frost.spc199380dcab2a4acf4d919972002884eff2d01a7e4f1b9228514bf187efef6ff6 Miraielf geofenced mirai sparc ua-wget USA
http://143.20.185.78/bins/frost.x86eec7f66f18d53e7a73987d079bbea53d3cb060b83388fd0d850cff7a5aac1f8e Miraielf geofenced mirai ua-wget USA x86
http://143.20.185.78/bins/frost.x86_642bdb5c71ddc686e9387663a1d114aa12f8c9f5466a47b3da0e9050c6694cd6c4 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6947521ae126b9ff438a5545/reports/79a47b53-c264-4b7d-956e-bf5bcbec65e0/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-20T23:50:00Z UTC
Last seen:
2025-12-21T00:07:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d47ce398-eb58-48a7-a864-ff56fe2c6f4d
Behavior Graph:
Download SVG
%3 guuid=07f8da99-1600-0000-c068-b450690f0000 pid=3945 /usr/bin/sudo guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953 /tmp/sample.bin guuid=07f8da99-1600-0000-c068-b450690f0000 pid=3945->guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953 execve guuid=190d869c-1600-0000-c068-b450750f0000 pid=3957 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=190d869c-1600-0000-c068-b450750f0000 pid=3957 execve guuid=de6895b1-1600-0000-c068-b450cc0f0000 pid=4044 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=de6895b1-1600-0000-c068-b450cc0f0000 pid=4044 execve guuid=d76aecb1-1600-0000-c068-b450d00f0000 pid=4048 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=d76aecb1-1600-0000-c068-b450d00f0000 pid=4048 clone guuid=a616fab1-1600-0000-c068-b450d10f0000 pid=4049 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=a616fab1-1600-0000-c068-b450d10f0000 pid=4049 execve guuid=3168b6c0-1600-0000-c068-b4500b100000 pid=4107 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=3168b6c0-1600-0000-c068-b4500b100000 pid=4107 execve guuid=9718fdc0-1600-0000-c068-b4500c100000 pid=4108 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=9718fdc0-1600-0000-c068-b4500c100000 pid=4108 clone guuid=3bcd0ac1-1600-0000-c068-b4500d100000 pid=4109 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=3bcd0ac1-1600-0000-c068-b4500d100000 pid=4109 execve guuid=d6e552d2-1600-0000-c068-b4504b100000 pid=4171 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=d6e552d2-1600-0000-c068-b4504b100000 pid=4171 execve guuid=852092d2-1600-0000-c068-b4504c100000 pid=4172 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=852092d2-1600-0000-c068-b4504c100000 pid=4172 clone guuid=f9f99ad2-1600-0000-c068-b4504f100000 pid=4175 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=f9f99ad2-1600-0000-c068-b4504f100000 pid=4175 execve guuid=c17685e2-1600-0000-c068-b450a0100000 pid=4256 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=c17685e2-1600-0000-c068-b450a0100000 pid=4256 execve guuid=ffa3bee2-1600-0000-c068-b450a4100000 pid=4260 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=ffa3bee2-1600-0000-c068-b450a4100000 pid=4260 clone guuid=705dcae2-1600-0000-c068-b450a5100000 pid=4261 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=705dcae2-1600-0000-c068-b450a5100000 pid=4261 execve guuid=f3c36ff3-1600-0000-c068-b450f2100000 pid=4338 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=f3c36ff3-1600-0000-c068-b450f2100000 pid=4338 execve guuid=5066aef3-1600-0000-c068-b450f3100000 pid=4339 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=5066aef3-1600-0000-c068-b450f3100000 pid=4339 clone guuid=750fb7f3-1600-0000-c068-b450f4100000 pid=4340 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=750fb7f3-1600-0000-c068-b450f4100000 pid=4340 execve guuid=cfc30605-1700-0000-c068-b4503f110000 pid=4415 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=cfc30605-1700-0000-c068-b4503f110000 pid=4415 execve guuid=62253206-1700-0000-c068-b45045110000 pid=4421 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=62253206-1700-0000-c068-b45045110000 pid=4421 clone guuid=8b183b06-1700-0000-c068-b45046110000 pid=4422 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=8b183b06-1700-0000-c068-b45046110000 pid=4422 execve guuid=5e43e60d-1700-0000-c068-b45061110000 pid=4449 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=5e43e60d-1700-0000-c068-b45061110000 pid=4449 execve guuid=5d055b0e-1700-0000-c068-b45063110000 pid=4451 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=5d055b0e-1700-0000-c068-b45063110000 pid=4451 clone guuid=645d770e-1700-0000-c068-b45064110000 pid=4452 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=645d770e-1700-0000-c068-b45064110000 pid=4452 execve guuid=bc78831f-1700-0000-c068-b4509d110000 pid=4509 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=bc78831f-1700-0000-c068-b4509d110000 pid=4509 execve guuid=d9d2bd1f-1700-0000-c068-b4509e110000 pid=4510 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=d9d2bd1f-1700-0000-c068-b4509e110000 pid=4510 clone guuid=179ec91f-1700-0000-c068-b4509f110000 pid=4511 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=179ec91f-1700-0000-c068-b4509f110000 pid=4511 execve guuid=3e507c2d-1700-0000-c068-b450a8110000 pid=4520 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=3e507c2d-1700-0000-c068-b450a8110000 pid=4520 execve guuid=17c5bb2d-1700-0000-c068-b450a9110000 pid=4521 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=17c5bb2d-1700-0000-c068-b450a9110000 pid=4521 clone guuid=c78cca2d-1700-0000-c068-b450aa110000 pid=4522 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=c78cca2d-1700-0000-c068-b450aa110000 pid=4522 execve guuid=c5b4433e-1700-0000-c068-b45002120000 pid=4610 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=c5b4433e-1700-0000-c068-b45002120000 pid=4610 execve guuid=b85c953e-1700-0000-c068-b45003120000 pid=4611 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=b85c953e-1700-0000-c068-b45003120000 pid=4611 clone guuid=6302a73e-1700-0000-c068-b45005120000 pid=4613 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=6302a73e-1700-0000-c068-b45005120000 pid=4613 execve guuid=e92e2e4e-1700-0000-c068-b4503b120000 pid=4667 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=e92e2e4e-1700-0000-c068-b4503b120000 pid=4667 execve guuid=2d53774e-1700-0000-c068-b4503f120000 pid=4671 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=2d53774e-1700-0000-c068-b4503f120000 pid=4671 clone guuid=11487d4e-1700-0000-c068-b45040120000 pid=4672 /usr/bin/curl net send-data guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=11487d4e-1700-0000-c068-b45040120000 pid=4672 execve guuid=158c745d-1700-0000-c068-b45079120000 pid=4729 /usr/bin/chmod guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=158c745d-1700-0000-c068-b45079120000 pid=4729 execve guuid=758bd05d-1700-0000-c068-b4507c120000 pid=4732 /usr/bin/dash guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=758bd05d-1700-0000-c068-b4507c120000 pid=4732 clone guuid=382fff5d-1700-0000-c068-b4507e120000 pid=4734 /usr/bin/rm delete-file guuid=5ab2359c-1600-0000-c068-b450710f0000 pid=3953->guuid=382fff5d-1700-0000-c068-b4507e120000 pid=4734 execve 697679a7-cc0f-5478-83af-785833bd0767 143.20.185.78:80 guuid=190d869c-1600-0000-c068-b450750f0000 pid=3957->697679a7-cc0f-5478-83af-785833bd0767 send: 91B guuid=a616fab1-1600-0000-c068-b450d10f0000 pid=4049->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=3bcd0ac1-1600-0000-c068-b4500d100000 pid=4109->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=f9f99ad2-1600-0000-c068-b4504f100000 pid=4175->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=705dcae2-1600-0000-c068-b450a5100000 pid=4261->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=750fb7f3-1600-0000-c068-b450f4100000 pid=4340->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=8b183b06-1700-0000-c068-b45046110000 pid=4422->697679a7-cc0f-5478-83af-785833bd0767 send: 92B guuid=645d770e-1700-0000-c068-b45064110000 pid=4452->697679a7-cc0f-5478-83af-785833bd0767 send: 91B guuid=179ec91f-1700-0000-c068-b4509f110000 pid=4511->697679a7-cc0f-5478-83af-785833bd0767 send: 91B guuid=c78cca2d-1700-0000-c068-b450aa110000 pid=4522->697679a7-cc0f-5478-83af-785833bd0767 send: 91B guuid=6302a73e-1700-0000-c068-b45005120000 pid=4613->697679a7-cc0f-5478-83af-785833bd0767 send: 91B guuid=11487d4e-1700-0000-c068-b45040120000 pid=4672->697679a7-cc0f-5478-83af-785833bd0767 send: 94B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 01:01:57 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=igtjqhg773u6frqniqv4siyeiv5cyo522xaxcn2znponxidu7p5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-n28ttawpcz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 41a6981cdffee9e2c60d442bc92304457a2c3bbad5c17137596bdcdba074fbfb

(this sample)

Mirai

elf 8a6ddd16ceeec5a114f3e8319a225ce5f75cba9225d79855231de0b113472d1f

  
URLhaus
https://urlhaus.abuse.ch/url/3735105/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9803d9ef3d650f07df77bf74c927ad45
  
Dropping
SHA256 8a6ddd16ceeec5a114f3e8319a225ce5f75cba9225d79855231de0b113472d1f

Comments