MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f
SHA3-384 hash: 05ab5660bc6a9ddb7af490bb5b694db1fe724ce0713c9882dcedbf1126781280b84830b2b99ee1fcdc6eddcd3ede5dee
SHA1 hash: 089a7b300c150138a53fa4e6fe9eb24b6d865e9d
MD5 hash: f4218aca95bcf230ea18bc25c1bde5f8
humanhash: alanine-india-carolina-mobile
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:835 bytes
First seen:2025-11-21 22:14:48 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3L4yXBJL4y2YVL4y3NIl5EL4yc0LKmpL4ym+OQJL4yjjMVSL4y9T535L4yCSOi:3J3eYJNI7kKt+XNjFT1Ylut4ErRR
TLSH T14E01CCCD66B57263B644CF38B06680AC9275FAD0B27C8B16F9D40CB6C4D9311322AB7D
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.147.189/systemcl/arm3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/arm515c555f6d2014a41eb89f2779f43d1fc11677f501a3219cd3aa72bd0619a2849 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm6dfd02ed59c95575642af97a5a34c18ec7be4a61872e339720bba3286d6dbc80d Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm776f40915e3bbfcd021903f45af774295d1781c327addbcabb3b5bd35da28ecb6 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/m68k452a0c93f439b4eeb230d8a3b2b01934b286283bdcc509cc56f09734f1b667ed Miraielf geofenced m68k mirai ua-wget USA
http://31.97.147.189/systemcl/mipsa5357cb8f6566613be9393a2def399b617ef91c2bc5ead8b8c1ff0f50d3f8dd5 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/mpsla8e6f02362f973adda0cf4dcbc1c5c3809ee7477a7967287893457b8c5eb02b1 Miraielf geofenced mips mirai ua-wget USA
http://31.97.147.189/systemcl/ppcc3f7cf4b69be7bcc3f70465622a093198c73174902d8dd8dfde516f161ba4569 Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.147.189/systemcl/sh4n/an/aelf ua-wget
http://31.97.147.189/systemcl/spcn/an/aelf ua-wget
http://31.97.147.189/systemcl/x866f83f9621bd8b0e62a71359b184969f147b0046328455d84a8f20aa1a7ad0fae Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/x86_646f83f9621bd8b0e62a71359b184969f147b0046328455d84a8f20aa1a7ad0fae Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6920e47eeecb08e4aa441ef5/reports/14d58b6c-c7f4-4b4c-baee-dc9f5a1ccf41/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-21T18:03:00Z UTC
Last seen:
2025-11-22T00:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/79232439-4678-45ae-839b-ea6b21d2c25a
Behavior Graph:
Download SVG
%3 guuid=d09af0c0-1900-0000-08fd-d12d080b0000 pid=2824 /usr/bin/sudo guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828 /tmp/sample.bin guuid=d09af0c0-1900-0000-08fd-d12d080b0000 pid=2824->guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828 execve guuid=a318ecc2-1900-0000-08fd-d12d0d0b0000 pid=2829 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=a318ecc2-1900-0000-08fd-d12d0d0b0000 pid=2829 execve guuid=0956afd7-1900-0000-08fd-d12d3f0b0000 pid=2879 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=0956afd7-1900-0000-08fd-d12d3f0b0000 pid=2879 execve guuid=3eda07d8-1900-0000-08fd-d12d420b0000 pid=2882 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=3eda07d8-1900-0000-08fd-d12d420b0000 pid=2882 clone guuid=8ce913d8-1900-0000-08fd-d12d430b0000 pid=2883 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=8ce913d8-1900-0000-08fd-d12d430b0000 pid=2883 execve guuid=6cb68bec-1900-0000-08fd-d12d700b0000 pid=2928 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=6cb68bec-1900-0000-08fd-d12d700b0000 pid=2928 execve guuid=8decd1ec-1900-0000-08fd-d12d720b0000 pid=2930 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=8decd1ec-1900-0000-08fd-d12d720b0000 pid=2930 clone guuid=4250e0ec-1900-0000-08fd-d12d730b0000 pid=2931 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=4250e0ec-1900-0000-08fd-d12d730b0000 pid=2931 execve guuid=3d262005-1a00-0000-08fd-d12da20b0000 pid=2978 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=3d262005-1a00-0000-08fd-d12da20b0000 pid=2978 execve guuid=65ba7305-1a00-0000-08fd-d12da40b0000 pid=2980 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=65ba7305-1a00-0000-08fd-d12da40b0000 pid=2980 clone guuid=89897f05-1a00-0000-08fd-d12da60b0000 pid=2982 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=89897f05-1a00-0000-08fd-d12da60b0000 pid=2982 execve guuid=fe98621e-1a00-0000-08fd-d12dde0b0000 pid=3038 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=fe98621e-1a00-0000-08fd-d12dde0b0000 pid=3038 execve guuid=dd24aa1e-1a00-0000-08fd-d12de00b0000 pid=3040 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=dd24aa1e-1a00-0000-08fd-d12de00b0000 pid=3040 clone guuid=7432c31e-1a00-0000-08fd-d12de10b0000 pid=3041 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=7432c31e-1a00-0000-08fd-d12de10b0000 pid=3041 execve guuid=c0ed1e38-1a00-0000-08fd-d12d1e0c0000 pid=3102 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=c0ed1e38-1a00-0000-08fd-d12d1e0c0000 pid=3102 execve guuid=cf829238-1a00-0000-08fd-d12d1f0c0000 pid=3103 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=cf829238-1a00-0000-08fd-d12d1f0c0000 pid=3103 clone guuid=c2f19e38-1a00-0000-08fd-d12d200c0000 pid=3104 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=c2f19e38-1a00-0000-08fd-d12d200c0000 pid=3104 execve guuid=eef3fb4f-1a00-0000-08fd-d12d520c0000 pid=3154 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=eef3fb4f-1a00-0000-08fd-d12d520c0000 pid=3154 execve guuid=68c94e50-1a00-0000-08fd-d12d540c0000 pid=3156 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=68c94e50-1a00-0000-08fd-d12d540c0000 pid=3156 clone guuid=360f5850-1a00-0000-08fd-d12d550c0000 pid=3157 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=360f5850-1a00-0000-08fd-d12d550c0000 pid=3157 execve guuid=ac974466-1a00-0000-08fd-d12d7c0c0000 pid=3196 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=ac974466-1a00-0000-08fd-d12d7c0c0000 pid=3196 execve guuid=afacae66-1a00-0000-08fd-d12d7d0c0000 pid=3197 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=afacae66-1a00-0000-08fd-d12d7d0c0000 pid=3197 clone guuid=dc73ca66-1a00-0000-08fd-d12d7e0c0000 pid=3198 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=dc73ca66-1a00-0000-08fd-d12d7e0c0000 pid=3198 execve guuid=066f2e7d-1a00-0000-08fd-d12d990c0000 pid=3225 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=066f2e7d-1a00-0000-08fd-d12d990c0000 pid=3225 execve guuid=2fbc787d-1a00-0000-08fd-d12d9a0c0000 pid=3226 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=2fbc787d-1a00-0000-08fd-d12d9a0c0000 pid=3226 clone guuid=8bf47e7d-1a00-0000-08fd-d12d9b0c0000 pid=3227 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=8bf47e7d-1a00-0000-08fd-d12d9b0c0000 pid=3227 execve guuid=41d3dc89-1a00-0000-08fd-d12da60c0000 pid=3238 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=41d3dc89-1a00-0000-08fd-d12da60c0000 pid=3238 execve guuid=d0e36c8a-1a00-0000-08fd-d12da70c0000 pid=3239 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=d0e36c8a-1a00-0000-08fd-d12da70c0000 pid=3239 clone guuid=77bc7e8a-1a00-0000-08fd-d12da80c0000 pid=3240 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=77bc7e8a-1a00-0000-08fd-d12da80c0000 pid=3240 execve guuid=4d55d89a-1a00-0000-08fd-d12dbe0c0000 pid=3262 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=4d55d89a-1a00-0000-08fd-d12dbe0c0000 pid=3262 execve guuid=0195479b-1a00-0000-08fd-d12dbf0c0000 pid=3263 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=0195479b-1a00-0000-08fd-d12dbf0c0000 pid=3263 clone guuid=5fcd569b-1a00-0000-08fd-d12dc00c0000 pid=3264 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=5fcd569b-1a00-0000-08fd-d12dc00c0000 pid=3264 execve guuid=e1741cae-1a00-0000-08fd-d12dd60c0000 pid=3286 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=e1741cae-1a00-0000-08fd-d12dd60c0000 pid=3286 execve guuid=bb56c5ae-1a00-0000-08fd-d12dd70c0000 pid=3287 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=bb56c5ae-1a00-0000-08fd-d12dd70c0000 pid=3287 clone guuid=2fa3d1ae-1a00-0000-08fd-d12dd80c0000 pid=3288 /usr/bin/curl net send-data guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=2fa3d1ae-1a00-0000-08fd-d12dd80c0000 pid=3288 execve guuid=812e22c3-1a00-0000-08fd-d12d070d0000 pid=3335 /usr/bin/chmod guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=812e22c3-1a00-0000-08fd-d12d070d0000 pid=3335 execve guuid=6e6381c3-1a00-0000-08fd-d12d080d0000 pid=3336 /usr/bin/dash guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=6e6381c3-1a00-0000-08fd-d12d080d0000 pid=3336 clone guuid=cd238dc3-1a00-0000-08fd-d12d090d0000 pid=3337 /usr/bin/rm delete-file guuid=e6a89ec2-1900-0000-08fd-d12d0c0b0000 pid=2828->guuid=cd238dc3-1a00-0000-08fd-d12d090d0000 pid=3337 execve f1c78202-5927-5cc6-bd07-437634c15960 31.97.147.189:80 guuid=a318ecc2-1900-0000-08fd-d12d0d0b0000 pid=2829->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=8ce913d8-1900-0000-08fd-d12d430b0000 pid=2883->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=4250e0ec-1900-0000-08fd-d12d730b0000 pid=2931->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=89897f05-1a00-0000-08fd-d12da60b0000 pid=2982->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=7432c31e-1a00-0000-08fd-d12de10b0000 pid=3041->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=c2f19e38-1a00-0000-08fd-d12d200c0000 pid=3104->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=360f5850-1a00-0000-08fd-d12d550c0000 pid=3157->f1c78202-5927-5cc6-bd07-437634c15960 send: 90B guuid=dc73ca66-1a00-0000-08fd-d12d7e0c0000 pid=3198->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=8bf47e7d-1a00-0000-08fd-d12d9b0c0000 pid=3227->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=77bc7e8a-1a00-0000-08fd-d12da80c0000 pid=3240->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=5fcd569b-1a00-0000-08fd-d12dc00c0000 pid=3264->f1c78202-5927-5cc6-bd07-437634c15960 send: 89B guuid=2fa3d1ae-1a00-0000-08fd-d12dd80c0000 pid=3288->f1c78202-5927-5cc6-bd07-437634c15960 send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 13:28:27 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kyh7hfu2v23323lgyww55at4ecq24f2fxzt5k4hc5u5xrtfx25xq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-16esrawlhw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 560ff3969aaeb7bd6d66c5adde827c20a1ae1745be67d570e2ed3b78ccb7d76f

(this sample)

Mirai

elf 1a16ce155a3f026fcf3158a138278f0ab7be1440a8db7e72251df784238f12f5

Mirai

elf 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

  
URLhaus
https://urlhaus.abuse.ch/url/3713673/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e3dd5b13a3edce553468bc4464e080c6
  
Dropping
SHA256 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

Comments