MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a
SHA3-384 hash: 66fe35b183f2d61521aff05c9159becb9c81a2fa6dc48e6aa4c37f85cafef61eafaa8df75fc9473879cf0406dad6da89
SHA1 hash: 495250a26900ca878b409921171453c85155bf03
MD5 hash: 2e762fa2509b5b6e69876d48ed56f716
humanhash: cold-king-five-nevada
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:847 bytes
First seen:2025-10-14 06:18:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3uBJzYVgNIl5Ep0LKmpB+OQJqjMVS6T535zSO6Jmtn/QcrJEbR:3J3EYmNI7ZKk+XAj+T1Flpt/LrKR
TLSH T19201F1CCB372B5A39B088F39F0658059D026B8C535964E5ADCD908F8D8DA100E23577E
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.238.26.136/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://194.238.26.136/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://194.238.26.136/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://194.238.26.136/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://194.238.26.136/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://194.238.26.136/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://194.238.26.136/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://194.238.26.136/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://194.238.26.136/systemcl/sh4n/an/an/a
http://194.238.26.136/systemcl/spcn/an/an/a
http://194.238.26.136/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://194.238.26.136/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68edebb171883144ef35b4aa/reports/d134458b-ff81-4e05-8cd7-96018a8abc66/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-13T15:31:00Z UTC
Last seen:
2025-10-13T15:43:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e7bf1446-20a3-461d-aaf5-0bd06b90b864
Behavior Graph:
Download SVG
%3 guuid=51307298-1800-0000-3229-6f18840a0000 pid=2692 /usr/bin/sudo guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699 /tmp/sample.bin guuid=51307298-1800-0000-3229-6f18840a0000 pid=2692->guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699 execve guuid=abff3f9a-1800-0000-3229-6f188d0a0000 pid=2701 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=abff3f9a-1800-0000-3229-6f188d0a0000 pid=2701 execve guuid=270bd1b1-1800-0000-3229-6f18be0a0000 pid=2750 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=270bd1b1-1800-0000-3229-6f18be0a0000 pid=2750 execve guuid=efb348b2-1800-0000-3229-6f18c00a0000 pid=2752 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=efb348b2-1800-0000-3229-6f18c00a0000 pid=2752 clone guuid=11766bb2-1800-0000-3229-6f18c10a0000 pid=2753 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=11766bb2-1800-0000-3229-6f18c10a0000 pid=2753 execve guuid=a58f9bc6-1800-0000-3229-6f18e10a0000 pid=2785 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=a58f9bc6-1800-0000-3229-6f18e10a0000 pid=2785 execve guuid=d08c05c7-1800-0000-3229-6f18e30a0000 pid=2787 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=d08c05c7-1800-0000-3229-6f18e30a0000 pid=2787 clone guuid=47f70dc7-1800-0000-3229-6f18e40a0000 pid=2788 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=47f70dc7-1800-0000-3229-6f18e40a0000 pid=2788 execve guuid=41dbaae1-1800-0000-3229-6f18180b0000 pid=2840 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=41dbaae1-1800-0000-3229-6f18180b0000 pid=2840 execve guuid=4f4f05e2-1800-0000-3229-6f18190b0000 pid=2841 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=4f4f05e2-1800-0000-3229-6f18190b0000 pid=2841 clone guuid=8d4510e2-1800-0000-3229-6f181a0b0000 pid=2842 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=8d4510e2-1800-0000-3229-6f181a0b0000 pid=2842 execve guuid=1b75c1fd-1800-0000-3229-6f18660b0000 pid=2918 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=1b75c1fd-1800-0000-3229-6f18660b0000 pid=2918 execve guuid=78e910fe-1800-0000-3229-6f18680b0000 pid=2920 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=78e910fe-1800-0000-3229-6f18680b0000 pid=2920 clone guuid=e7d41bfe-1800-0000-3229-6f18690b0000 pid=2921 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=e7d41bfe-1800-0000-3229-6f18690b0000 pid=2921 execve guuid=cdc98619-1900-0000-3229-6f189e0b0000 pid=2974 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=cdc98619-1900-0000-3229-6f189e0b0000 pid=2974 execve guuid=7511c619-1900-0000-3229-6f18a00b0000 pid=2976 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=7511c619-1900-0000-3229-6f18a00b0000 pid=2976 clone guuid=2a9bd319-1900-0000-3229-6f18a10b0000 pid=2977 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=2a9bd319-1900-0000-3229-6f18a10b0000 pid=2977 execve guuid=ee842d38-1900-0000-3229-6f18e40b0000 pid=3044 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=ee842d38-1900-0000-3229-6f18e40b0000 pid=3044 execve guuid=cfb5b738-1900-0000-3229-6f18e70b0000 pid=3047 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=cfb5b738-1900-0000-3229-6f18e70b0000 pid=3047 clone guuid=9ad8c838-1900-0000-3229-6f18e80b0000 pid=3048 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=9ad8c838-1900-0000-3229-6f18e80b0000 pid=3048 execve guuid=93f64a53-1900-0000-3229-6f18360c0000 pid=3126 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=93f64a53-1900-0000-3229-6f18360c0000 pid=3126 execve guuid=d3309253-1900-0000-3229-6f18380c0000 pid=3128 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=d3309253-1900-0000-3229-6f18380c0000 pid=3128 clone guuid=88be9c53-1900-0000-3229-6f18390c0000 pid=3129 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=88be9c53-1900-0000-3229-6f18390c0000 pid=3129 execve guuid=a6816d69-1900-0000-3229-6f18670c0000 pid=3175 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=a6816d69-1900-0000-3229-6f18670c0000 pid=3175 execve guuid=1a8ce469-1900-0000-3229-6f18680c0000 pid=3176 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=1a8ce469-1900-0000-3229-6f18680c0000 pid=3176 clone guuid=3740026a-1900-0000-3229-6f18690c0000 pid=3177 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=3740026a-1900-0000-3229-6f18690c0000 pid=3177 execve guuid=a22d057c-1900-0000-3229-6f186c0c0000 pid=3180 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=a22d057c-1900-0000-3229-6f186c0c0000 pid=3180 execve guuid=ef93887c-1900-0000-3229-6f186d0c0000 pid=3181 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=ef93887c-1900-0000-3229-6f186d0c0000 pid=3181 clone guuid=6dafa57c-1900-0000-3229-6f186f0c0000 pid=3183 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=6dafa57c-1900-0000-3229-6f186f0c0000 pid=3183 execve guuid=9f769c8b-1900-0000-3229-6f18820c0000 pid=3202 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=9f769c8b-1900-0000-3229-6f18820c0000 pid=3202 execve guuid=7a901b8c-1900-0000-3229-6f18830c0000 pid=3203 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=7a901b8c-1900-0000-3229-6f18830c0000 pid=3203 clone guuid=3df1388c-1900-0000-3229-6f18840c0000 pid=3204 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=3df1388c-1900-0000-3229-6f18840c0000 pid=3204 execve guuid=8596b9a4-1900-0000-3229-6f188f0c0000 pid=3215 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=8596b9a4-1900-0000-3229-6f188f0c0000 pid=3215 execve guuid=09f428a5-1900-0000-3229-6f18900c0000 pid=3216 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=09f428a5-1900-0000-3229-6f18900c0000 pid=3216 clone guuid=21163ba5-1900-0000-3229-6f18910c0000 pid=3217 /usr/bin/curl net send-data guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=21163ba5-1900-0000-3229-6f18910c0000 pid=3217 execve guuid=a9f045bc-1900-0000-3229-6f18ac0c0000 pid=3244 /usr/bin/chmod guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=a9f045bc-1900-0000-3229-6f18ac0c0000 pid=3244 execve guuid=30ee9bbc-1900-0000-3229-6f18ad0c0000 pid=3245 /usr/bin/dash guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=30ee9bbc-1900-0000-3229-6f18ad0c0000 pid=3245 clone guuid=1b21bbbc-1900-0000-3229-6f18ae0c0000 pid=3246 /usr/bin/rm delete-file guuid=4cd70d9a-1800-0000-3229-6f188b0a0000 pid=2699->guuid=1b21bbbc-1900-0000-3229-6f18ae0c0000 pid=3246 execve 3be432f5-b435-5a84-bbed-10708390af3c 194.238.26.136:80 guuid=abff3f9a-1800-0000-3229-6f188d0a0000 pid=2701->3be432f5-b435-5a84-bbed-10708390af3c send: 90B guuid=11766bb2-1800-0000-3229-6f18c10a0000 pid=2753->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=47f70dc7-1800-0000-3229-6f18e40a0000 pid=2788->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=8d4510e2-1800-0000-3229-6f181a0b0000 pid=2842->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=e7d41bfe-1800-0000-3229-6f18690b0000 pid=2921->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=2a9bd319-1900-0000-3229-6f18a10b0000 pid=2977->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=9ad8c838-1900-0000-3229-6f18e80b0000 pid=3048->3be432f5-b435-5a84-bbed-10708390af3c send: 91B guuid=88be9c53-1900-0000-3229-6f18390c0000 pid=3129->3be432f5-b435-5a84-bbed-10708390af3c send: 90B guuid=3740026a-1900-0000-3229-6f18690c0000 pid=3177->3be432f5-b435-5a84-bbed-10708390af3c send: 90B guuid=6dafa57c-1900-0000-3229-6f186f0c0000 pid=3183->3be432f5-b435-5a84-bbed-10708390af3c send: 90B guuid=3df1388c-1900-0000-3229-6f18840c0000 pid=3204->3be432f5-b435-5a84-bbed-10708390af3c send: 90B guuid=21163ba5-1900-0000-3229-6f18910c0000 pid=3217->3be432f5-b435-5a84-bbed-10708390af3c send: 93B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-13 20:53:23 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k6fsidiel4q2mlqno6iggqgtiz5ue7tqiuy37o4gnrdh2px5akfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251014-g38f4szms2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 578b240d045f21a62e0d77906340d3467b427e704531bfbb866c467d3efd028a

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44
  
URLhaus
https://urlhaus.abuse.ch/url/3677507/
  
Delivery method
Distributed via web download

Comments