MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397
SHA3-384 hash: 101f08c38a760301bb84c428330d4955323c201679686bcc7f9647a28b36c40845b2859cf2a1051934a7592471e3fc05
SHA1 hash: dc0b3853afa441dfd17ad0169efdd70bc46eab0a
MD5 hash: 5eb308b2d4f3c52b3e78b86874f9fedb
humanhash: ten-idaho-emma-fillet
File name:lilin.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:618 bytes
First seen:2025-07-03 11:50:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:bIbXPD3pCVPDN+/I/PN7KFPDrPDEPYKz2LYKzM2YKztYKzl:0LpCV5+/I/V7enczmzMQzVzl
TLSH T173F0A277F178C881A8070D1E30C5C228B8E7C2B415D7EF4CEC9F9525C48861D7022B9C
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.205.133.58/skid.arm4c72b3a3e372704eb64e1f0e9ebd021902928fa8c6df47e15a347fa682d48916 Miraielf mirai ua-wget
http://154.205.133.58/skid.arm5495ce809e735ffcdf61aee835d0dc9201ef56aa045252cfa3e7029aac8a0b891 Miraielf mirai ua-wget
http://154.205.133.58/skid.arm6n/an/an/a
http://154.205.133.58/skid.arm7cac1f84aafd6f3b5d144e2bdad81f759d12515d73fac77cb8ac09678f2c28f52 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
19
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68666ec0900df8e7f8661cb9linux22vpnfull_triage
Tags:
downloader mirai agent virus
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a44054c6-b635-436e-9425-1930c49c0ae9
Behavior Graph:
Download SVG
%3 guuid=d17a2c4d-1a00-0000-ffdc-5ee1a90a0000 pid=2729 /usr/bin/sudo guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735 /tmp/sample.bin guuid=d17a2c4d-1a00-0000-ffdc-5ee1a90a0000 pid=2729->guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735 execve guuid=8d36424f-1a00-0000-ffdc-5ee1b10a0000 pid=2737 /usr/bin/rm guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=8d36424f-1a00-0000-ffdc-5ee1b10a0000 pid=2737 execve guuid=04ccc54f-1a00-0000-ffdc-5ee1b30a0000 pid=2739 /usr/bin/wget net send-data write-file guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=04ccc54f-1a00-0000-ffdc-5ee1b30a0000 pid=2739 execve guuid=32a3a454-1a00-0000-ffdc-5ee1bd0a0000 pid=2749 /usr/bin/chmod guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=32a3a454-1a00-0000-ffdc-5ee1bd0a0000 pid=2749 execve guuid=6cda0755-1a00-0000-ffdc-5ee1bf0a0000 pid=2751 /usr/bin/dash guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=6cda0755-1a00-0000-ffdc-5ee1bf0a0000 pid=2751 clone guuid=5e8bdc55-1a00-0000-ffdc-5ee1c40a0000 pid=2756 /usr/bin/rm guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=5e8bdc55-1a00-0000-ffdc-5ee1c40a0000 pid=2756 execve guuid=e8117156-1a00-0000-ffdc-5ee1c60a0000 pid=2758 /usr/bin/wget net send-data write-file guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=e8117156-1a00-0000-ffdc-5ee1c60a0000 pid=2758 execve guuid=3e7a3a5a-1a00-0000-ffdc-5ee1cd0a0000 pid=2765 /usr/bin/chmod guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=3e7a3a5a-1a00-0000-ffdc-5ee1cd0a0000 pid=2765 execve guuid=be5b995a-1a00-0000-ffdc-5ee1ce0a0000 pid=2766 /usr/bin/dash guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=be5b995a-1a00-0000-ffdc-5ee1ce0a0000 pid=2766 clone guuid=19465a5b-1a00-0000-ffdc-5ee1d00a0000 pid=2768 /usr/bin/rm guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=19465a5b-1a00-0000-ffdc-5ee1d00a0000 pid=2768 execve guuid=310bbc5b-1a00-0000-ffdc-5ee1d10a0000 pid=2769 /usr/bin/wget net send-data guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=310bbc5b-1a00-0000-ffdc-5ee1d10a0000 pid=2769 execve guuid=cb39ba5d-1a00-0000-ffdc-5ee1d20a0000 pid=2770 /usr/bin/chmod guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=cb39ba5d-1a00-0000-ffdc-5ee1d20a0000 pid=2770 execve guuid=7ec8235e-1a00-0000-ffdc-5ee1d30a0000 pid=2771 /tmp/qrtrhvcw guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=7ec8235e-1a00-0000-ffdc-5ee1d30a0000 pid=2771 execve guuid=4aff2e60-1a00-0000-ffdc-5ee1d60a0000 pid=2774 /usr/bin/rm guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=4aff2e60-1a00-0000-ffdc-5ee1d60a0000 pid=2774 execve guuid=0a936960-1a00-0000-ffdc-5ee1d80a0000 pid=2776 /usr/bin/wget net send-data write-file guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=0a936960-1a00-0000-ffdc-5ee1d80a0000 pid=2776 execve guuid=d951f762-1a00-0000-ffdc-5ee1df0a0000 pid=2783 /usr/bin/chmod guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=d951f762-1a00-0000-ffdc-5ee1df0a0000 pid=2783 execve guuid=d4e26563-1a00-0000-ffdc-5ee1e00a0000 pid=2784 /usr/bin/dash guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=d4e26563-1a00-0000-ffdc-5ee1e00a0000 pid=2784 clone guuid=5b542164-1a00-0000-ffdc-5ee1e50a0000 pid=2789 /usr/bin/mount guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=5b542164-1a00-0000-ffdc-5ee1e50a0000 pid=2789 execve guuid=93aa1a65-1a00-0000-ffdc-5ee1e80a0000 pid=2792 /usr/bin/mount guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=93aa1a65-1a00-0000-ffdc-5ee1e80a0000 pid=2792 execve guuid=be54db65-1a00-0000-ffdc-5ee1ea0a0000 pid=2794 /usr/bin/mount guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=be54db65-1a00-0000-ffdc-5ee1ea0a0000 pid=2794 execve guuid=5dad5c66-1a00-0000-ffdc-5ee1eb0a0000 pid=2795 /usr/bin/mount guuid=1b2d024f-1a00-0000-ffdc-5ee1af0a0000 pid=2735->guuid=5dad5c66-1a00-0000-ffdc-5ee1eb0a0000 pid=2795 execve a6b092b1-7e1c-56ee-bf44-eccdde92b493 154.205.133.58:80 guuid=04ccc54f-1a00-0000-ffdc-5ee1b30a0000 pid=2739->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 137B guuid=e8117156-1a00-0000-ffdc-5ee1c60a0000 pid=2758->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B guuid=310bbc5b-1a00-0000-ffdc-5ee1d10a0000 pid=2769->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B guuid=0a936960-1a00-0000-ffdc-5ee1d80a0000 pid=2776->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B
Score:
91%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397/
Verdict:
Malicious
Threat:
downloader.bashdlod/gen2
Link:
https://tip.neiki.dev/file/5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-07-03 11:37:38 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrsx2rpcvshbxxnisrn2af3naevfyeg4hmcqjpwysdekni2fcolq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250703-n1bspawzgy/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads system network configuration
Reads process memory
Reads MAC address of network interface
Reads system routing table
File and Directory Permissions Modification
Executes dropped EXE
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5c657d45e2ac8e1bdda8945ba0176d012a5c10dc3b0504bed890c8a6a3451397

(this sample)

Mirai

elf 2c426c7258e7a7499f88c60b15b8ce60a7edd2877422484a5f81511387de093e

  
URLhaus
https://urlhaus.abuse.ch/url/3574807/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6b506f095da01f97d0a31d7718b5924
  
Dropping
SHA256 2c426c7258e7a7499f88c60b15b8ce60a7edd2877422484a5f81511387de093e

Comments