MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99
SHA3-384 hash: d1ac7a2e71f445cab48bbb1ae53271cb52a5c53f0e1097ce1339edf20f11b725f495ebb90ac291b84ca44d71313ae13e
SHA1 hash: aef4554e0a7195d0c125c890215dab75b5bcfede
MD5 hash: 318d3921f12f55540edaa77b9ac6f99f
humanhash: timing-missouri-india-salami
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'157 bytes
First seen:2025-08-03 05:45:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3+AENrp+dOoNniaOYyZLapQpDjOPJO9M3L8heGkUMKMXioO9xzOtdHA:e+dNNiaeZLMEDjqJeWwkpzXioqxz0dg
TLSH T1B121958D0BEAD1DDAA5C5E26B095C1687E4EC1C4B370CF61F0AA79B16988600E035FB6
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.115.36/HBTs/top1miku.arc22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74 Miraielf mirai opendir ua-wget
http://196.251.115.36/HBTs/.ksysda999f47eecd7e38895349eb39c6d2350815b5de5dc06629cd3008ab712b95a49 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.dbusd4fca520cba6b303a00db04c5525f9ebcd91027396a8daea21428623d9c000cd9 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/top1miku.i686d35606a53e34a64f61406a84c406478ebeab1759e43c7b9d8821bf7b707ae2ac Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.115.36/HBTs/.udevmonebf5b2fe63545dd6486a8424d3660e89fec0f5b4d9f5697cf639c71a30e5084f Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.upstart5f346db94dd74ca9f5b9bbef9a3acede4ff545868d9302ce9e9f6afadd174c3e Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.netd3fe3f07475a7f97dbd70d217568915acf9107cf6ac1225758d3068dcca3b894d Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.syncd2e03f8c53cfdc53d28de4014c6d1bf599f6db13e805ddf40ec63fc2728d99615 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.irqbal2cc247d74f81b12e13cfee4617575ac1e0ab5dca352947af77072916b3f91532 Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.rsysl739aef07d54c89858d617dcfaa25a44ea5d28f75efab5c14f884d3b89c24181b Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.modprobea4c5d10e0484cc0b3005ba65e1499780acb68a18b476f846bc8fce1d318f07bf Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.systemd-jdn/an/aelf ua-wget
http://196.251.115.36/HBTs/.kthreadd188e8c19cfc165712b2e5d83a4a79eb6c0f68fe0a03d0811cd2972da755be0ed Miraielf mirai ua-wget
http://196.251.115.36/HBTs/.klogda2d1334928d5ae1368924865254295e14290e36a88dc01c309ae66c04b1ab468 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/688ef7ab73b8ef6f4afbf04e/reports/5c816148-b7c8-40db-8ffb-f5d872e4a23c/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/218b3d33-c086-443b-89e8-dbe570248471
Behavior Graph:
Download SVG
%3 guuid=77c4bffc-1700-0000-1a9d-88d4cd0b0000 pid=3021 /usr/bin/sudo guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028 /tmp/sample.bin guuid=77c4bffc-1700-0000-1a9d-88d4cd0b0000 pid=3021->guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028 execve guuid=31768bfe-1700-0000-1a9d-88d4d60b0000 pid=3030 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=31768bfe-1700-0000-1a9d-88d4d60b0000 pid=3030 execve guuid=98fbc404-1800-0000-1a9d-88d4ed0b0000 pid=3053 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=98fbc404-1800-0000-1a9d-88d4ed0b0000 pid=3053 execve guuid=2eaafd04-1800-0000-1a9d-88d4ef0b0000 pid=3055 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=2eaafd04-1800-0000-1a9d-88d4ef0b0000 pid=3055 clone guuid=509c0905-1800-0000-1a9d-88d4f00b0000 pid=3056 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=509c0905-1800-0000-1a9d-88d4f00b0000 pid=3056 execve guuid=d7a05f0a-1800-0000-1a9d-88d4000c0000 pid=3072 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=d7a05f0a-1800-0000-1a9d-88d4000c0000 pid=3072 execve guuid=14f8e70a-1800-0000-1a9d-88d4020c0000 pid=3074 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=14f8e70a-1800-0000-1a9d-88d4020c0000 pid=3074 clone guuid=2146f90a-1800-0000-1a9d-88d4030c0000 pid=3075 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=2146f90a-1800-0000-1a9d-88d4030c0000 pid=3075 execve guuid=50dafd12-1800-0000-1a9d-88d41b0c0000 pid=3099 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=50dafd12-1800-0000-1a9d-88d41b0c0000 pid=3099 execve guuid=aac63f13-1800-0000-1a9d-88d41c0c0000 pid=3100 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=aac63f13-1800-0000-1a9d-88d41c0c0000 pid=3100 clone guuid=d11e5713-1800-0000-1a9d-88d41e0c0000 pid=3102 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=d11e5713-1800-0000-1a9d-88d41e0c0000 pid=3102 execve guuid=3882dc18-1800-0000-1a9d-88d42c0c0000 pid=3116 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=3882dc18-1800-0000-1a9d-88d42c0c0000 pid=3116 execve guuid=f97c1119-1800-0000-1a9d-88d42e0c0000 pid=3118 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=f97c1119-1800-0000-1a9d-88d42e0c0000 pid=3118 clone guuid=d65b1d19-1800-0000-1a9d-88d42f0c0000 pid=3119 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=d65b1d19-1800-0000-1a9d-88d42f0c0000 pid=3119 execve guuid=4648661e-1800-0000-1a9d-88d4430c0000 pid=3139 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=4648661e-1800-0000-1a9d-88d4430c0000 pid=3139 execve guuid=e97ba11e-1800-0000-1a9d-88d4450c0000 pid=3141 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=e97ba11e-1800-0000-1a9d-88d4450c0000 pid=3141 clone guuid=f425ad1e-1800-0000-1a9d-88d4460c0000 pid=3142 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=f425ad1e-1800-0000-1a9d-88d4460c0000 pid=3142 execve guuid=6ca41b24-1800-0000-1a9d-88d4590c0000 pid=3161 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=6ca41b24-1800-0000-1a9d-88d4590c0000 pid=3161 execve guuid=c4b35724-1800-0000-1a9d-88d45a0c0000 pid=3162 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=c4b35724-1800-0000-1a9d-88d45a0c0000 pid=3162 clone guuid=f2a86124-1800-0000-1a9d-88d45b0c0000 pid=3163 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=f2a86124-1800-0000-1a9d-88d45b0c0000 pid=3163 execve guuid=3f92292a-1800-0000-1a9d-88d46c0c0000 pid=3180 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=3f92292a-1800-0000-1a9d-88d46c0c0000 pid=3180 execve guuid=7e3d6e2a-1800-0000-1a9d-88d46e0c0000 pid=3182 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=7e3d6e2a-1800-0000-1a9d-88d46e0c0000 pid=3182 clone guuid=ab0d7c2a-1800-0000-1a9d-88d46f0c0000 pid=3183 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=ab0d7c2a-1800-0000-1a9d-88d46f0c0000 pid=3183 execve guuid=eb09b431-1800-0000-1a9d-88d4740c0000 pid=3188 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=eb09b431-1800-0000-1a9d-88d4740c0000 pid=3188 execve guuid=f30b1432-1800-0000-1a9d-88d4750c0000 pid=3189 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=f30b1432-1800-0000-1a9d-88d4750c0000 pid=3189 clone guuid=02a92232-1800-0000-1a9d-88d4760c0000 pid=3190 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=02a92232-1800-0000-1a9d-88d4760c0000 pid=3190 execve guuid=d79bd538-1800-0000-1a9d-88d4770c0000 pid=3191 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=d79bd538-1800-0000-1a9d-88d4770c0000 pid=3191 execve guuid=cebd3339-1800-0000-1a9d-88d4780c0000 pid=3192 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=cebd3339-1800-0000-1a9d-88d4780c0000 pid=3192 clone guuid=31934139-1800-0000-1a9d-88d4790c0000 pid=3193 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=31934139-1800-0000-1a9d-88d4790c0000 pid=3193 execve guuid=6096993f-1800-0000-1a9d-88d4820c0000 pid=3202 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=6096993f-1800-0000-1a9d-88d4820c0000 pid=3202 execve guuid=cee3d53f-1800-0000-1a9d-88d4840c0000 pid=3204 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=cee3d53f-1800-0000-1a9d-88d4840c0000 pid=3204 clone guuid=02a1dd3f-1800-0000-1a9d-88d4850c0000 pid=3205 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=02a1dd3f-1800-0000-1a9d-88d4850c0000 pid=3205 execve guuid=d07fa745-1800-0000-1a9d-88d4960c0000 pid=3222 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=d07fa745-1800-0000-1a9d-88d4960c0000 pid=3222 execve guuid=4580ec45-1800-0000-1a9d-88d4980c0000 pid=3224 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=4580ec45-1800-0000-1a9d-88d4980c0000 pid=3224 clone guuid=bda2f745-1800-0000-1a9d-88d4990c0000 pid=3225 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=bda2f745-1800-0000-1a9d-88d4990c0000 pid=3225 execve guuid=948b6649-1800-0000-1a9d-88d4a40c0000 pid=3236 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=948b6649-1800-0000-1a9d-88d4a40c0000 pid=3236 execve guuid=2323bb49-1800-0000-1a9d-88d4a50c0000 pid=3237 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=2323bb49-1800-0000-1a9d-88d4a50c0000 pid=3237 clone guuid=1295c749-1800-0000-1a9d-88d4a60c0000 pid=3238 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=1295c749-1800-0000-1a9d-88d4a60c0000 pid=3238 execve guuid=21ccc14f-1800-0000-1a9d-88d4a70c0000 pid=3239 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=21ccc14f-1800-0000-1a9d-88d4a70c0000 pid=3239 execve guuid=4b581950-1800-0000-1a9d-88d4a80c0000 pid=3240 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=4b581950-1800-0000-1a9d-88d4a80c0000 pid=3240 clone guuid=3a492d50-1800-0000-1a9d-88d4a90c0000 pid=3241 /usr/bin/curl net send-data guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=3a492d50-1800-0000-1a9d-88d4a90c0000 pid=3241 execve guuid=660fcf56-1800-0000-1a9d-88d4aa0c0000 pid=3242 /usr/bin/chmod guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=660fcf56-1800-0000-1a9d-88d4aa0c0000 pid=3242 execve guuid=be3c1657-1800-0000-1a9d-88d4ac0c0000 pid=3244 /usr/bin/dash guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=be3c1657-1800-0000-1a9d-88d4ac0c0000 pid=3244 clone guuid=c1262357-1800-0000-1a9d-88d4ad0c0000 pid=3245 /usr/bin/rm guuid=71ba57fe-1700-0000-1a9d-88d4d40b0000 pid=3028->guuid=c1262357-1800-0000-1a9d-88d4ad0c0000 pid=3245 execve 7c78b54a-8c85-5adc-a27d-cc08a14544fc 196.251.115.36:80 guuid=31768bfe-1700-0000-1a9d-88d4d60b0000 pid=3030->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 95B guuid=509c0905-1800-0000-1a9d-88d4f00b0000 pid=3056->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 89B guuid=2146f90a-1800-0000-1a9d-88d4030c0000 pid=3075->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 89B guuid=d11e5713-1800-0000-1a9d-88d41e0c0000 pid=3102->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 96B guuid=d65b1d19-1800-0000-1a9d-88d42f0c0000 pid=3119->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 91B guuid=f425ad1e-1800-0000-1a9d-88d4460c0000 pid=3142->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 91B guuid=f2a86124-1800-0000-1a9d-88d45b0c0000 pid=3163->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 88B guuid=ab0d7c2a-1800-0000-1a9d-88d46f0c0000 pid=3183->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 89B guuid=02a92232-1800-0000-1a9d-88d4760c0000 pid=3190->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 90B guuid=31934139-1800-0000-1a9d-88d4790c0000 pid=3193->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 89B guuid=02a1dd3f-1800-0000-1a9d-88d4850c0000 pid=3205->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 92B guuid=bda2f745-1800-0000-1a9d-88d4990c0000 pid=3225->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 94B guuid=1295c749-1800-0000-1a9d-88d4a60c0000 pid=3238->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 92B guuid=3a492d50-1800-0000-1a9d-88d4a90c0000 pid=3241->7c78b54a-8c85-5adc-a27d-cc08a14544fc send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99/
Verdict:
Malicious
Threat:
HEUR:Backdoor.Linux.Gafgyt
Link:
https://tip.neiki.dev/file/5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-03 05:46:14 UTC
File Type:
Text
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kzcnwtjxaklmofwktipazgmayov7sgtuy7txic4sgekqtuhfvsmq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250803-ggdplszny3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5644db4d370296c716ca9a1e0c9980c3abf91a74c7e7740b92311509d0e5ac99

(this sample)

Mirai

elf 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74

  
URLhaus
https://urlhaus.abuse.ch/url/3594286/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4a4791844870c281e29e9308494c91f2
  
Dropping
SHA256 22a0259442cc186e532dc5869fb4f71f759cccfb2457c815d25cc86a0e1dfe74
  
URLhaus
https://urlhaus.abuse.ch/url/3592533/

Comments