MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a
SHA3-384 hash: cc38fd699c68b1f7d068378e4430660351a2d043e18d0af822eecf51b40affc5cdf21e926b7f717de1a644e7e8e2a33e
SHA1 hash: c24711b5d76fd0dc9676dc2e896e49b901bed2b3
MD5 hash: 4174efced142fbcd1f4f2483339d5b43
humanhash: finch-lactose-washington-video
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'129 bytes
First seen:2025-07-09 08:50:43 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:C4H7H5NI6mHoKVHFN+7H82HXcHqSHblHmH33gHxHR:tbnmIWlN+7R3cKS7lGXQRx
TLSH T14E2136FF93D5610704AC8BC630A98508E244C6EBE41E4B3DBE8CC8BA6389E187155F8D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.138.16.35/bins/morte.arm0366f0ad2dbe401e6eb8bfe94197b68feb50555ea7f18580edaefb10d2217be1 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm5ae45041ed0905f227e9c0cf60caaa85442ae2a2d50b3deb981669032a4969b4a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm6a92987877b39d6c9c89b355009924e00594871b1fd95ff0b3fdac40538476f91 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm79a0dc5cbb09dcb13f3168afa62ab90422904df9857e8648ac0a6dc446ded3c9c Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.m68kc9f49bb9be7a2de4496fe53b9e7aeeb481eb0675d35db07aec012e5d93430ec4 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.mips2abfda331a0d2578720099a5e419e16fa54cf72f5e2f07ba5d50101815d535f6 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.mpsl44896c535e200ce8b71196b0413d8660e541586a272bd430e1579337281bc34a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.ppca462773601a873b72af5e8590f08d66fb1ca53c906b0593401448cbca0c42c22 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.sh49c264aee96aa8937d2b7d8accada27b5dbb4c3eac257fb055f8b13c8a16d06be Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.spcf6293cce1ed1fe65837e30ecb24e4687b85ac03e0c0920788266cd4a3f8a0a3a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.x86491501ada8e776460fee2439203f5d607de9094202f32fa549f3a4fbaabaa9c1 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.x86_64454ec3218663dcc6a0c43a96d6a487b3a8288e34bca3f7c8768e0c44a17b040d Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686e2db4c9eb97473767d741linux22vpnfull_triage
Tags:
downloader ransomware trojan mirai
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ff1be3aa-b8bc-47ed-ab7c-780aebe5667d
Behavior Graph:
Download SVG
%3 guuid=f194ccd9-1900-0000-937b-84075a0a0000 pid=2650 /usr/bin/sudo guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657 /tmp/sample.bin guuid=f194ccd9-1900-0000-937b-84075a0a0000 pid=2650->guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657 execve guuid=da0998dd-1900-0000-937b-8407660a0000 pid=2662 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=da0998dd-1900-0000-937b-8407660a0000 pid=2662 execve guuid=f771d0e2-1900-0000-937b-8407750a0000 pid=2677 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=f771d0e2-1900-0000-937b-8407750a0000 pid=2677 execve guuid=991f0ee3-1900-0000-937b-8407760a0000 pid=2678 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=991f0ee3-1900-0000-937b-8407760a0000 pid=2678 clone guuid=769f9ae3-1900-0000-937b-8407790a0000 pid=2681 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=769f9ae3-1900-0000-937b-8407790a0000 pid=2681 execve guuid=aa8cece8-1900-0000-937b-8407890a0000 pid=2697 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=aa8cece8-1900-0000-937b-8407890a0000 pid=2697 execve guuid=bcfd47e9-1900-0000-937b-84078b0a0000 pid=2699 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=bcfd47e9-1900-0000-937b-84078b0a0000 pid=2699 clone guuid=6053ffe9-1900-0000-937b-84078f0a0000 pid=2703 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=6053ffe9-1900-0000-937b-84078f0a0000 pid=2703 execve guuid=ebd24cef-1900-0000-937b-84079c0a0000 pid=2716 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=ebd24cef-1900-0000-937b-84079c0a0000 pid=2716 execve guuid=1a04e1ef-1900-0000-937b-84079f0a0000 pid=2719 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=1a04e1ef-1900-0000-937b-84079f0a0000 pid=2719 clone guuid=b5207df0-1900-0000-937b-8407a20a0000 pid=2722 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=b5207df0-1900-0000-937b-8407a20a0000 pid=2722 execve guuid=4a777df7-1900-0000-937b-8407b20a0000 pid=2738 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=4a777df7-1900-0000-937b-8407b20a0000 pid=2738 execve guuid=f21adff7-1900-0000-937b-8407b30a0000 pid=2739 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=f21adff7-1900-0000-937b-8407b30a0000 pid=2739 clone guuid=1318bff8-1900-0000-937b-8407b50a0000 pid=2741 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=1318bff8-1900-0000-937b-8407b50a0000 pid=2741 execve guuid=43addcff-1900-0000-937b-8407c70a0000 pid=2759 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=43addcff-1900-0000-937b-8407c70a0000 pid=2759 execve guuid=8d6a2600-1a00-0000-937b-8407c90a0000 pid=2761 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=8d6a2600-1a00-0000-937b-8407c90a0000 pid=2761 clone guuid=a47e1201-1a00-0000-937b-8407cd0a0000 pid=2765 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=a47e1201-1a00-0000-937b-8407cd0a0000 pid=2765 execve guuid=d36f8506-1a00-0000-937b-8407d50a0000 pid=2773 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=d36f8506-1a00-0000-937b-8407d50a0000 pid=2773 execve guuid=9b39df06-1a00-0000-937b-8407d60a0000 pid=2774 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=9b39df06-1a00-0000-937b-8407d60a0000 pid=2774 clone guuid=627fa607-1a00-0000-937b-8407d90a0000 pid=2777 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=627fa607-1a00-0000-937b-8407d90a0000 pid=2777 execve guuid=600df20c-1a00-0000-937b-8407e00a0000 pid=2784 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=600df20c-1a00-0000-937b-8407e00a0000 pid=2784 execve guuid=6d37580d-1a00-0000-937b-8407e10a0000 pid=2785 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=6d37580d-1a00-0000-937b-8407e10a0000 pid=2785 clone guuid=21d0180e-1a00-0000-937b-8407e40a0000 pid=2788 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=21d0180e-1a00-0000-937b-8407e40a0000 pid=2788 execve guuid=9e5f6a13-1a00-0000-937b-8407ec0a0000 pid=2796 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=9e5f6a13-1a00-0000-937b-8407ec0a0000 pid=2796 execve guuid=718af313-1a00-0000-937b-8407ed0a0000 pid=2797 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=718af313-1a00-0000-937b-8407ed0a0000 pid=2797 clone guuid=0a210514-1a00-0000-937b-8407ee0a0000 pid=2798 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=0a210514-1a00-0000-937b-8407ee0a0000 pid=2798 execve guuid=b694001b-1a00-0000-937b-8407fb0a0000 pid=2811 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=b694001b-1a00-0000-937b-8407fb0a0000 pid=2811 execve guuid=b03b691b-1a00-0000-937b-8407fd0a0000 pid=2813 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=b03b691b-1a00-0000-937b-8407fd0a0000 pid=2813 clone guuid=85d2661c-1a00-0000-937b-8407000b0000 pid=2816 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=85d2661c-1a00-0000-937b-8407000b0000 pid=2816 execve guuid=c5636623-1a00-0000-937b-84070c0b0000 pid=2828 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=c5636623-1a00-0000-937b-84070c0b0000 pid=2828 execve guuid=5c49c823-1a00-0000-937b-84070d0b0000 pid=2829 /usr/bin/dash guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=5c49c823-1a00-0000-937b-84070d0b0000 pid=2829 clone guuid=10e9d324-1a00-0000-937b-84070f0b0000 pid=2831 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=10e9d324-1a00-0000-937b-84070f0b0000 pid=2831 execve guuid=479c2f2a-1a00-0000-937b-8407160b0000 pid=2838 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=479c2f2a-1a00-0000-937b-8407160b0000 pid=2838 execve guuid=5eae9b2a-1a00-0000-937b-8407170b0000 pid=2839 /home/sandbox/morte.x86 net guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=5eae9b2a-1a00-0000-937b-8407170b0000 pid=2839 execve guuid=18ed752b-1a00-0000-937b-84071a0b0000 pid=2842 /usr/bin/busybox net send-data write-file guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=18ed752b-1a00-0000-937b-84071a0b0000 pid=2842 execve guuid=7e76c030-1a00-0000-937b-8407240b0000 pid=2852 /usr/bin/chmod guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=7e76c030-1a00-0000-937b-8407240b0000 pid=2852 execve guuid=c64b1631-1a00-0000-937b-8407260b0000 pid=2854 /home/sandbox/morte.x86_64 mprotect-exec net guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=c64b1631-1a00-0000-937b-8407260b0000 pid=2854 execve guuid=25652535-1a00-0000-937b-84072f0b0000 pid=2863 /usr/bin/rm guuid=fd6c14dc-1900-0000-937b-8407610a0000 pid=2657->guuid=25652535-1a00-0000-937b-84072f0b0000 pid=2863 execve e4e03298-99ea-5528-be32-6d1c712fc916 45.138.16.35:80 guuid=da0998dd-1900-0000-937b-8407660a0000 pid=2662->e4e03298-99ea-5528-be32-6d1c712fc916 send: 89B guuid=769f9ae3-1900-0000-937b-8407790a0000 pid=2681->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=6053ffe9-1900-0000-937b-84078f0a0000 pid=2703->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=b5207df0-1900-0000-937b-8407a20a0000 pid=2722->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=1318bff8-1900-0000-937b-8407b50a0000 pid=2741->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=a47e1201-1a00-0000-937b-8407cd0a0000 pid=2765->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=627fa607-1a00-0000-937b-8407d90a0000 pid=2777->e4e03298-99ea-5528-be32-6d1c712fc916 send: 90B guuid=21d0180e-1a00-0000-937b-8407e40a0000 pid=2788->e4e03298-99ea-5528-be32-6d1c712fc916 send: 89B guuid=0a210514-1a00-0000-937b-8407ee0a0000 pid=2798->e4e03298-99ea-5528-be32-6d1c712fc916 send: 89B guuid=85d2661c-1a00-0000-937b-8407000b0000 pid=2816->e4e03298-99ea-5528-be32-6d1c712fc916 send: 89B guuid=10e9d324-1a00-0000-937b-84070f0b0000 pid=2831->e4e03298-99ea-5528-be32-6d1c712fc916 send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=5eae9b2a-1a00-0000-937b-8407170b0000 pid=2839->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8dd9662b-1a00-0000-937b-8407180b0000 pid=2840 /home/sandbox/morte.x86 guuid=5eae9b2a-1a00-0000-937b-8407170b0000 pid=2839->guuid=8dd9662b-1a00-0000-937b-8407180b0000 pid=2840 clone guuid=e00d6c2b-1a00-0000-937b-8407190b0000 pid=2841 /home/sandbox/morte.x86 delete-file dns net send-data zombie guuid=5eae9b2a-1a00-0000-937b-8407170b0000 pid=2839->guuid=e00d6c2b-1a00-0000-937b-8407190b0000 pid=2841 clone guuid=e00d6c2b-1a00-0000-937b-8407190b0000 pid=2841->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 30B 96fddf7d-a0d8-5efa-9fe5-4b09baec8f67 cnnetwork.uk:12121 guuid=e00d6c2b-1a00-0000-937b-8407190b0000 pid=2841->96fddf7d-a0d8-5efa-9fe5-4b09baec8f67 con guuid=4cb47f2b-1a00-0000-937b-84071b0b0000 pid=2843 /home/sandbox/morte.x86 guuid=e00d6c2b-1a00-0000-937b-8407190b0000 pid=2841->guuid=4cb47f2b-1a00-0000-937b-84071b0b0000 pid=2843 clone guuid=18ed752b-1a00-0000-937b-84071a0b0000 pid=2842->e4e03298-99ea-5528-be32-6d1c712fc916 send: 92B guuid=c64b1631-1a00-0000-937b-8407260b0000 pid=2854->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=c64b1631-1a00-0000-937b-8407260b0000 pid=2854->f77ebf5e-2af7-5b09-86f4-388588a8b445 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-09 06:31:59 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mpwmfawcgocp7v6g2hbmiry65ngzebscqqqgzits6rh4v5jegyfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250709-ksd2asfn2t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 63ecc282c23384ffd7c6d1c2c4471eeb4d92064284206ca272f44fcaf524360a

(this sample)

Mirai

elf dab1bcac38e12cdeb1901afdc0d783d4e37ee4985bad95b2b2a1b1a93876bf20

Mirai

elf 05831bc25d19d0a78fc6572a0143dcadc70a22d9d2a1184ac0f4a2bde23c8b7a

  
URLhaus
https://urlhaus.abuse.ch/url/3579503/
  
Delivery method
Distributed via web download
  
Dropping
MD5 25f074af50202002ce65b03ad532e859
  
Dropping
SHA256 05831bc25d19d0a78fc6572a0143dcadc70a22d9d2a1184ac0f4a2bde23c8b7a

Comments