MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d
SHA3-384 hash: e8ea7dd9517237cdcfcf7caa8e02282b10e3cfedcdafed6d7304ca5fda143017d3c60cbde740c623ca32e54adae3be54
SHA1 hash: 4682e1d5090b0c258e36018308d7f8367d6e1dbc
MD5 hash: 9f4b24cf5d4a7a7ba9e03f7feb78cc53
humanhash: sierra-johnny-cold-grey
File name:kla.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:5'101 bytes
First seen:2026-03-05 07:21:32 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:2RKhEcfEnsTE11U/CU/kNxvHXfF53/JtvH3V:2MG
TLSH T1FFB185C921A24D707DFA9C7366A98819B8C4B543AEC14F1594ECF4F658CCF087B85AB3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.69/bins/px869ee5de7ced64818b1995be2269d12bbfdac5c71bbc96f6dc053edfc09fb64968 Miraielf mirai ua-wget
http://130.12.180.69/bins/pmips09470d26acac5f78d155b4f371c0c7c428d2e9dd8a86e99ae52f6d2a24f31982 Miraielf mirai ua-wget
http://130.12.180.69/bins/pmpslc5b7bcf0c6454b8f6eba13290e394b26d917bf3e7bfa7179963615903df99cf4 Miraielf mirai ua-wget
http://130.12.180.69/bins/parm920ac1054baa05797944f7e50ac72c85f12a44b88216965426160065c310b22c Miraielf mirai ua-wget
http://130.12.180.69/bins/parm580f187a926dd3d9d54e28b65fb8ff6f97f6757a10840780219c7c632fe7d72fb Miraielf mirai ua-wget
http://130.12.180.69/bins/parm6cbd05ce746f97e9ced520f8ed41dd57da46bc0155666bff800a9884817e36db9 Miraielf mirai ua-wget
http://130.12.180.69/bins/parm720aaffdb55736fa2907b097ff5949393041aa6d91c580060a1f4f717676bcd92 Miraielf mirai ua-wget
http://130.12.180.69/bins/pm68ka59b80d777e60b5ec7992d2d655cd19478268e309a38a07a24e0f6ea51b229fc Miraielf mirai ua-wget
http://130.12.180.69/bins/psh467c403e2e095a3a8fe0c07ebf4bf39814f0ae8651bab8bfe249e8cacd3dc16fa Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7af30149-7233-40ae-b739-52245961613e
Behavior Graph:
Download SVG
%3 guuid=87dc10e9-1b00-0000-6bd3-37af800c0000 pid=3200 /usr/bin/sudo guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204 /tmp/sample.bin guuid=87dc10e9-1b00-0000-6bd3-37af800c0000 pid=3200->guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204 execve guuid=b77b34ec-1b00-0000-6bd3-37af860c0000 pid=3206 /usr/bin/cp guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=b77b34ec-1b00-0000-6bd3-37af860c0000 pid=3206 execve guuid=baf807f3-1b00-0000-6bd3-37af8e0c0000 pid=3214 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=baf807f3-1b00-0000-6bd3-37af8e0c0000 pid=3214 execve guuid=93a4fff9-1b00-0000-6bd3-37af950c0000 pid=3221 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=93a4fff9-1b00-0000-6bd3-37af950c0000 pid=3221 execve guuid=bf8bb312-1c00-0000-6bd3-37af960c0000 pid=3222 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=bf8bb312-1c00-0000-6bd3-37af960c0000 pid=3222 execve guuid=8abb3813-1c00-0000-6bd3-37af970c0000 pid=3223 /tmp/robben delete-file net guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=8abb3813-1c00-0000-6bd3-37af970c0000 pid=3223 execve guuid=323aee14-1c00-0000-6bd3-37af9b0c0000 pid=3227 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=323aee14-1c00-0000-6bd3-37af9b0c0000 pid=3227 execve guuid=6310511d-1c00-0000-6bd3-37afa40c0000 pid=3236 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=6310511d-1c00-0000-6bd3-37afa40c0000 pid=3236 execve guuid=1eec2233-1c00-0000-6bd3-37afb70c0000 pid=3255 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=1eec2233-1c00-0000-6bd3-37afb70c0000 pid=3255 execve guuid=3657a333-1c00-0000-6bd3-37afb80c0000 pid=3256 /tmp/robben delete-file net guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=3657a333-1c00-0000-6bd3-37afb80c0000 pid=3256 execve guuid=ab93dd5e-1d00-0000-6bd3-37af260f0000 pid=3878 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=ab93dd5e-1d00-0000-6bd3-37af260f0000 pid=3878 execve guuid=780dea64-1d00-0000-6bd3-37af360f0000 pid=3894 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=780dea64-1d00-0000-6bd3-37af360f0000 pid=3894 execve guuid=97d90d70-1d00-0000-6bd3-37af580f0000 pid=3928 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=97d90d70-1d00-0000-6bd3-37af580f0000 pid=3928 execve guuid=799e6170-1d00-0000-6bd3-37af590f0000 pid=3929 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=799e6170-1d00-0000-6bd3-37af590f0000 pid=3929 clone guuid=242c2e71-1d00-0000-6bd3-37af5c0f0000 pid=3932 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=242c2e71-1d00-0000-6bd3-37af5c0f0000 pid=3932 execve guuid=5a762477-1d00-0000-6bd3-37af6f0f0000 pid=3951 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=5a762477-1d00-0000-6bd3-37af6f0f0000 pid=3951 execve guuid=9747c77e-1d00-0000-6bd3-37af870f0000 pid=3975 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=9747c77e-1d00-0000-6bd3-37af870f0000 pid=3975 execve guuid=09d5137f-1d00-0000-6bd3-37af880f0000 pid=3976 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=09d5137f-1d00-0000-6bd3-37af880f0000 pid=3976 clone guuid=1d3cc77f-1d00-0000-6bd3-37af8b0f0000 pid=3979 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=1d3cc77f-1d00-0000-6bd3-37af8b0f0000 pid=3979 execve guuid=6b2b2784-1d00-0000-6bd3-37af970f0000 pid=3991 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=6b2b2784-1d00-0000-6bd3-37af970f0000 pid=3991 execve guuid=b326ad89-1d00-0000-6bd3-37afa20f0000 pid=4002 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=b326ad89-1d00-0000-6bd3-37afa20f0000 pid=4002 execve guuid=3de3068a-1d00-0000-6bd3-37afa40f0000 pid=4004 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=3de3068a-1d00-0000-6bd3-37afa40f0000 pid=4004 clone guuid=8b1ac68a-1d00-0000-6bd3-37afa60f0000 pid=4006 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=8b1ac68a-1d00-0000-6bd3-37afa60f0000 pid=4006 execve guuid=a71f7e90-1d00-0000-6bd3-37afb50f0000 pid=4021 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=a71f7e90-1d00-0000-6bd3-37afb50f0000 pid=4021 execve guuid=fd698d9d-1d00-0000-6bd3-37afe80f0000 pid=4072 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=fd698d9d-1d00-0000-6bd3-37afe80f0000 pid=4072 execve guuid=529ad99d-1d00-0000-6bd3-37afea0f0000 pid=4074 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=529ad99d-1d00-0000-6bd3-37afea0f0000 pid=4074 clone guuid=23bd8b9e-1d00-0000-6bd3-37afee0f0000 pid=4078 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=23bd8b9e-1d00-0000-6bd3-37afee0f0000 pid=4078 execve guuid=34869fa3-1d00-0000-6bd3-37affe0f0000 pid=4094 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=34869fa3-1d00-0000-6bd3-37affe0f0000 pid=4094 execve guuid=66d9f4a9-1d00-0000-6bd3-37af13100000 pid=4115 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=66d9f4a9-1d00-0000-6bd3-37af13100000 pid=4115 execve guuid=77655caa-1d00-0000-6bd3-37af15100000 pid=4117 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=77655caa-1d00-0000-6bd3-37af15100000 pid=4117 clone guuid=28c289ab-1d00-0000-6bd3-37af1a100000 pid=4122 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=28c289ab-1d00-0000-6bd3-37af1a100000 pid=4122 execve guuid=f79290b0-1d00-0000-6bd3-37af28100000 pid=4136 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=f79290b0-1d00-0000-6bd3-37af28100000 pid=4136 execve guuid=ff3dedb6-1d00-0000-6bd3-37af3b100000 pid=4155 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=ff3dedb6-1d00-0000-6bd3-37af3b100000 pid=4155 execve guuid=eb425cb7-1d00-0000-6bd3-37af3d100000 pid=4157 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=eb425cb7-1d00-0000-6bd3-37af3d100000 pid=4157 clone guuid=a82a1ab8-1d00-0000-6bd3-37af41100000 pid=4161 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=a82a1ab8-1d00-0000-6bd3-37af41100000 pid=4161 execve guuid=4f76c0bb-1d00-0000-6bd3-37af50100000 pid=4176 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=4f76c0bb-1d00-0000-6bd3-37af50100000 pid=4176 execve guuid=ee85fcbf-1d00-0000-6bd3-37af62100000 pid=4194 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=ee85fcbf-1d00-0000-6bd3-37af62100000 pid=4194 execve guuid=8a133fc0-1d00-0000-6bd3-37af64100000 pid=4196 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=8a133fc0-1d00-0000-6bd3-37af64100000 pid=4196 clone guuid=1f27c5c0-1d00-0000-6bd3-37af67100000 pid=4199 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=1f27c5c0-1d00-0000-6bd3-37af67100000 pid=4199 execve guuid=5ea765c5-1d00-0000-6bd3-37af76100000 pid=4214 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=5ea765c5-1d00-0000-6bd3-37af76100000 pid=4214 execve guuid=26392dca-1d00-0000-6bd3-37af7a100000 pid=4218 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=26392dca-1d00-0000-6bd3-37af7a100000 pid=4218 execve guuid=a1b5ccca-1d00-0000-6bd3-37af7d100000 pid=4221 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=a1b5ccca-1d00-0000-6bd3-37af7d100000 pid=4221 clone guuid=0251cccb-1d00-0000-6bd3-37af83100000 pid=4227 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=0251cccb-1d00-0000-6bd3-37af83100000 pid=4227 execve guuid=113162d0-1d00-0000-6bd3-37af92100000 pid=4242 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=113162d0-1d00-0000-6bd3-37af92100000 pid=4242 execve guuid=e27887d7-1d00-0000-6bd3-37afac100000 pid=4268 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=e27887d7-1d00-0000-6bd3-37afac100000 pid=4268 execve guuid=3ec5c7d7-1d00-0000-6bd3-37afad100000 pid=4269 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=3ec5c7d7-1d00-0000-6bd3-37afad100000 pid=4269 clone guuid=2f986bd8-1d00-0000-6bd3-37afb2100000 pid=4274 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=2f986bd8-1d00-0000-6bd3-37afb2100000 pid=4274 execve guuid=860fac1d-1e00-0000-6bd3-37af24110000 pid=4388 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=860fac1d-1e00-0000-6bd3-37af24110000 pid=4388 execve guuid=f74a7327-1e00-0000-6bd3-37af42110000 pid=4418 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=f74a7327-1e00-0000-6bd3-37af42110000 pid=4418 execve guuid=33afdd27-1e00-0000-6bd3-37af44110000 pid=4420 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=33afdd27-1e00-0000-6bd3-37af44110000 pid=4420 clone guuid=7dc1c429-1e00-0000-6bd3-37af49110000 pid=4425 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=7dc1c429-1e00-0000-6bd3-37af49110000 pid=4425 execve guuid=3a2a592e-1e00-0000-6bd3-37af63110000 pid=4451 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=3a2a592e-1e00-0000-6bd3-37af63110000 pid=4451 execve guuid=2640e233-1e00-0000-6bd3-37af7d110000 pid=4477 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=2640e233-1e00-0000-6bd3-37af7d110000 pid=4477 execve guuid=75072e34-1e00-0000-6bd3-37af7e110000 pid=4478 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=75072e34-1e00-0000-6bd3-37af7e110000 pid=4478 clone guuid=c728d534-1e00-0000-6bd3-37af80110000 pid=4480 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=c728d534-1e00-0000-6bd3-37af80110000 pid=4480 execve guuid=2755ce39-1e00-0000-6bd3-37af8f110000 pid=4495 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=2755ce39-1e00-0000-6bd3-37af8f110000 pid=4495 execve guuid=aaa71042-1e00-0000-6bd3-37afa5110000 pid=4517 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=aaa71042-1e00-0000-6bd3-37afa5110000 pid=4517 execve guuid=d7f9be42-1e00-0000-6bd3-37afa9110000 pid=4521 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=d7f9be42-1e00-0000-6bd3-37afa9110000 pid=4521 clone guuid=1a74da43-1e00-0000-6bd3-37afac110000 pid=4524 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=1a74da43-1e00-0000-6bd3-37afac110000 pid=4524 execve guuid=4964ac4a-1e00-0000-6bd3-37afc4110000 pid=4548 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=4964ac4a-1e00-0000-6bd3-37afc4110000 pid=4548 execve guuid=e55df653-1e00-0000-6bd3-37afdb110000 pid=4571 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=e55df653-1e00-0000-6bd3-37afdb110000 pid=4571 execve guuid=d457a654-1e00-0000-6bd3-37afdd110000 pid=4573 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=d457a654-1e00-0000-6bd3-37afdd110000 pid=4573 clone guuid=6942d055-1e00-0000-6bd3-37afe2110000 pid=4578 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=6942d055-1e00-0000-6bd3-37afe2110000 pid=4578 execve guuid=9856975b-1e00-0000-6bd3-37afed110000 pid=4589 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=9856975b-1e00-0000-6bd3-37afed110000 pid=4589 execve guuid=69de8b63-1e00-0000-6bd3-37af03120000 pid=4611 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=69de8b63-1e00-0000-6bd3-37af03120000 pid=4611 execve guuid=27cddc63-1e00-0000-6bd3-37af04120000 pid=4612 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=27cddc63-1e00-0000-6bd3-37af04120000 pid=4612 clone guuid=622fc764-1e00-0000-6bd3-37af09120000 pid=4617 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=622fc764-1e00-0000-6bd3-37af09120000 pid=4617 execve guuid=3a1b0c6a-1e00-0000-6bd3-37af20120000 pid=4640 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=3a1b0c6a-1e00-0000-6bd3-37af20120000 pid=4640 execve guuid=b101c870-1e00-0000-6bd3-37af39120000 pid=4665 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=b101c870-1e00-0000-6bd3-37af39120000 pid=4665 execve guuid=0fc51171-1e00-0000-6bd3-37af3b120000 pid=4667 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=0fc51171-1e00-0000-6bd3-37af3b120000 pid=4667 clone guuid=7c2ec271-1e00-0000-6bd3-37af40120000 pid=4672 /usr/bin/wget net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=7c2ec271-1e00-0000-6bd3-37af40120000 pid=4672 execve guuid=9a9da477-1e00-0000-6bd3-37af5c120000 pid=4700 /usr/bin/curl net send-data write-file guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=9a9da477-1e00-0000-6bd3-37af5c120000 pid=4700 execve guuid=df7b9b7d-1e00-0000-6bd3-37af6c120000 pid=4716 /usr/bin/chmod guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=df7b9b7d-1e00-0000-6bd3-37af6c120000 pid=4716 execve guuid=56f4e67d-1e00-0000-6bd3-37af6d120000 pid=4717 /usr/bin/bash guuid=ea5c68eb-1b00-0000-6bd3-37af840c0000 pid=3204->guuid=56f4e67d-1e00-0000-6bd3-37af6d120000 pid=4717 clone 5c4c085c-bb49-5f68-8011-b88234c89e07 130.12.180.69:80 guuid=baf807f3-1b00-0000-6bd3-37af8e0c0000 pid=3214->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=93a4fff9-1b00-0000-6bd3-37af950c0000 pid=3221->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=8abb3813-1c00-0000-6bd3-37af970c0000 pid=3223->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224 /tmp/robben net send-data zombie guuid=8abb3813-1c00-0000-6bd3-37af970c0000 pid=3223->guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224 clone guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 6304e4b1-6341-54c8-862e-c67fd80636ce 130.12.180.69:18129 guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224->6304e4b1-6341-54c8-862e-c67fd80636ce send: 12B guuid=9583bd14-1c00-0000-6bd3-37af990c0000 pid=3225 /tmp/robben guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224->guuid=9583bd14-1c00-0000-6bd3-37af990c0000 pid=3225 clone guuid=a12bc714-1c00-0000-6bd3-37af9a0c0000 pid=3226 /tmp/robben guuid=8481ac14-1c00-0000-6bd3-37af980c0000 pid=3224->guuid=a12bc714-1c00-0000-6bd3-37af9a0c0000 pid=3226 clone guuid=323aee14-1c00-0000-6bd3-37af9b0c0000 pid=3227->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=6310511d-1c00-0000-6bd3-37afa40c0000 pid=3236->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B guuid=3657a333-1c00-0000-6bd3-37afb80c0000 pid=3256->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 0637bfa0-18a1-551d-95eb-ed76e272eef1 0.0.0.0:18129 guuid=3657a333-1c00-0000-6bd3-37afb80c0000 pid=3256->0637bfa0-18a1-551d-95eb-ed76e272eef1 con guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876 /tmp/robben net send-data zombie guuid=3657a333-1c00-0000-6bd3-37afb80c0000 pid=3256->guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876 clone guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->6304e4b1-6341-54c8-862e-c67fd80636ce send: 16B guuid=e406e95e-1d00-0000-6bd3-37af270f0000 pid=3879 /tmp/robben guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->guuid=e406e95e-1d00-0000-6bd3-37af270f0000 pid=3879 clone guuid=2494ee5e-1d00-0000-6bd3-37af280f0000 pid=3880 /tmp/robben guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->guuid=2494ee5e-1d00-0000-6bd3-37af280f0000 pid=3880 clone guuid=af996b1f-2500-0000-6bd3-37aff8140000 pid=5368 /tmp/robben net send-data guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->guuid=af996b1f-2500-0000-6bd3-37aff8140000 pid=5368 clone guuid=5cd445d5-2c00-0000-6bd3-37affa140000 pid=5370 /tmp/robben net send-data guuid=797fd05e-1d00-0000-6bd3-37af240f0000 pid=3876->guuid=5cd445d5-2c00-0000-6bd3-37affa140000 pid=5370 clone guuid=ab93dd5e-1d00-0000-6bd3-37af260f0000 pid=3878->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=780dea64-1d00-0000-6bd3-37af360f0000 pid=3894->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=242c2e71-1d00-0000-6bd3-37af5c0f0000 pid=3932->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=5a762477-1d00-0000-6bd3-37af6f0f0000 pid=3951->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=1d3cc77f-1d00-0000-6bd3-37af8b0f0000 pid=3979->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=6b2b2784-1d00-0000-6bd3-37af970f0000 pid=3991->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=8b1ac68a-1d00-0000-6bd3-37afa60f0000 pid=4006->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=a71f7e90-1d00-0000-6bd3-37afb50f0000 pid=4021->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=23bd8b9e-1d00-0000-6bd3-37afee0f0000 pid=4078->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=34869fa3-1d00-0000-6bd3-37affe0f0000 pid=4094->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B guuid=28c289ab-1d00-0000-6bd3-37af1a100000 pid=4122->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=f79290b0-1d00-0000-6bd3-37af28100000 pid=4136->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B guuid=a82a1ab8-1d00-0000-6bd3-37af41100000 pid=4161->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=4f76c0bb-1d00-0000-6bd3-37af50100000 pid=4176->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=1f27c5c0-1d00-0000-6bd3-37af67100000 pid=4199->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=5ea765c5-1d00-0000-6bd3-37af76100000 pid=4214->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=0251cccb-1d00-0000-6bd3-37af83100000 pid=4227->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=113162d0-1d00-0000-6bd3-37af92100000 pid=4242->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=2f986bd8-1d00-0000-6bd3-37afb2100000 pid=4274->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=860fac1d-1e00-0000-6bd3-37af24110000 pid=4388->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=7dc1c429-1e00-0000-6bd3-37af49110000 pid=4425->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=3a2a592e-1e00-0000-6bd3-37af63110000 pid=4451->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=c728d534-1e00-0000-6bd3-37af80110000 pid=4480->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=2755ce39-1e00-0000-6bd3-37af8f110000 pid=4495->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=1a74da43-1e00-0000-6bd3-37afac110000 pid=4524->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=4964ac4a-1e00-0000-6bd3-37afc4110000 pid=4548->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=6942d055-1e00-0000-6bd3-37afe2110000 pid=4578->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 138B guuid=9856975b-1e00-0000-6bd3-37afed110000 pid=4589->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 87B guuid=622fc764-1e00-0000-6bd3-37af09120000 pid=4617->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=3a1b0c6a-1e00-0000-6bd3-37af20120000 pid=4640->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B guuid=7c2ec271-1e00-0000-6bd3-37af40120000 pid=4672->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 137B guuid=9a9da477-1e00-0000-6bd3-37af5c120000 pid=4700->5c4c085c-bb49-5f68-8011-b88234c89e07 send: 86B 5ff96c44-fe2f-531b-9426-29253a1ed710 162.240.3.70:443 guuid=af996b1f-2500-0000-6bd3-37aff8140000 pid=5368->5ff96c44-fe2f-531b-9426-29253a1ed710 send: 791700B guuid=e13d761f-2500-0000-6bd3-37aff9140000 pid=5369 /tmp/robben guuid=af996b1f-2500-0000-6bd3-37aff8140000 pid=5368->guuid=e13d761f-2500-0000-6bd3-37aff9140000 pid=5369 clone bd5ec333-23f0-5443-aee7-8f8318e3da79 111.118.212.245:443 guuid=5cd445d5-2c00-0000-6bd3-37affa140000 pid=5370->bd5ec333-23f0-5443-aee7-8f8318e3da79 send: 32700B guuid=58894cd5-2c00-0000-6bd3-37affb140000 pid=5371 /tmp/robben guuid=5cd445d5-2c00-0000-6bd3-37affa140000 pid=5370->guuid=58894cd5-2c00-0000-6bd3-37affb140000 pid=5371 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mnt2g7mgcx7hfj3nqz5j3ox2qdlrzoxajkmwuamr7uuh7owvfywq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260305-h7a7vaht2y/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Modifies Watchdog functionality
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6367a37d8615/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6367a37d8615fe72a76d867a9dbafa80d71cbae04a996a0191fd287fbad52e2d

(this sample)

Mirai

elf 665151a762454ae029d05b338e4ad61b60050e2d7ab6ef36c3f4d817f480443e

Mirai

elf 9ee5de7ced64818b1995be2269d12bbfdac5c71bbc96f6dc053edfc09fb64968

  
URLhaus
https://urlhaus.abuse.ch/url/3789811/
  
Delivery method
Distributed via web download
  
Dropping
MD5 446d0e75acece0d6078049038033661d
  
Dropping
SHA256 9ee5de7ced64818b1995be2269d12bbfdac5c71bbc96f6dc053edfc09fb64968

Comments