MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054
SHA3-384 hash: 54d88692ce5d2453dfafa586728d1292399e3f49d175928633eddb9dcdc5a1f63945168d1c7d482eb1cf046922060393
SHA1 hash: 220ced61561fde72acc5e7e4235c4b60c71500c1
MD5 hash: ade12d8030363e892c1fc08b5fcc8ac7
humanhash: colorado-idaho-summer-wolfram
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:823 bytes
First seen:2025-10-13 05:21:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3i10RBJi10oYVi10ZNIl5Ei10C0LKmpi10E+OQJi10pjMVSi10jT535i10sSOi:3J3eYhNI7CKv+X1jVT1wl0toirJR
TLSH T13E01E9FD7671726B9F088F28E065809D9072D0D031514EF6D8550875F8E911326357FD
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://164.68.99.27/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://164.68.99.27/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://164.68.99.27/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://164.68.99.27/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://164.68.99.27/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://164.68.99.27/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://164.68.99.27/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://164.68.99.27/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://164.68.99.27/systemcl/sh4n/an/an/a
http://164.68.99.27/systemcl/spcn/an/an/a
http://164.68.99.27/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://164.68.99.27/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/68ec8cfbfe81c560ba57bb69/reports/456376c0-a19c-4568-ae3a-8efe3e0cbd80/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-12T12:33:00Z UTC
Last seen:
2025-10-13T03:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a4aa376e-5864-4b60-a5e1-f390ee9ab2bb
Behavior Graph:
Download SVG
%3 guuid=95b212cd-1e00-0000-5a29-0bc47d0b0000 pid=2941 /usr/bin/sudo guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948 /tmp/sample.bin guuid=95b212cd-1e00-0000-5a29-0bc47d0b0000 pid=2941->guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948 execve guuid=24f5e5cf-1e00-0000-5a29-0bc4850b0000 pid=2949 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=24f5e5cf-1e00-0000-5a29-0bc4850b0000 pid=2949 execve guuid=022b2bde-1e00-0000-5a29-0bc4990b0000 pid=2969 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=022b2bde-1e00-0000-5a29-0bc4990b0000 pid=2969 execve guuid=21f693de-1e00-0000-5a29-0bc49b0b0000 pid=2971 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=21f693de-1e00-0000-5a29-0bc49b0b0000 pid=2971 clone guuid=ce3599de-1e00-0000-5a29-0bc49c0b0000 pid=2972 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=ce3599de-1e00-0000-5a29-0bc49c0b0000 pid=2972 execve guuid=e0808ce5-1e00-0000-5a29-0bc4ae0b0000 pid=2990 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=e0808ce5-1e00-0000-5a29-0bc4ae0b0000 pid=2990 execve guuid=3ffdefe5-1e00-0000-5a29-0bc4af0b0000 pid=2991 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=3ffdefe5-1e00-0000-5a29-0bc4af0b0000 pid=2991 clone guuid=ffcdfde5-1e00-0000-5a29-0bc4b00b0000 pid=2992 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=ffcdfde5-1e00-0000-5a29-0bc4b00b0000 pid=2992 execve guuid=204056ed-1e00-0000-5a29-0bc4bd0b0000 pid=3005 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=204056ed-1e00-0000-5a29-0bc4bd0b0000 pid=3005 execve guuid=70b5e6ed-1e00-0000-5a29-0bc4c00b0000 pid=3008 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=70b5e6ed-1e00-0000-5a29-0bc4c00b0000 pid=3008 clone guuid=9475eded-1e00-0000-5a29-0bc4c10b0000 pid=3009 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=9475eded-1e00-0000-5a29-0bc4c10b0000 pid=3009 execve guuid=171e3ef6-1e00-0000-5a29-0bc4ca0b0000 pid=3018 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=171e3ef6-1e00-0000-5a29-0bc4ca0b0000 pid=3018 execve guuid=0a8e82f6-1e00-0000-5a29-0bc4cb0b0000 pid=3019 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=0a8e82f6-1e00-0000-5a29-0bc4cb0b0000 pid=3019 clone guuid=113d95f6-1e00-0000-5a29-0bc4cc0b0000 pid=3020 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=113d95f6-1e00-0000-5a29-0bc4cc0b0000 pid=3020 execve guuid=f9ae3afe-1e00-0000-5a29-0bc4e30b0000 pid=3043 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=f9ae3afe-1e00-0000-5a29-0bc4e30b0000 pid=3043 execve guuid=866f7afe-1e00-0000-5a29-0bc4e50b0000 pid=3045 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=866f7afe-1e00-0000-5a29-0bc4e50b0000 pid=3045 clone guuid=831584fe-1e00-0000-5a29-0bc4e60b0000 pid=3046 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=831584fe-1e00-0000-5a29-0bc4e60b0000 pid=3046 execve guuid=9bc34b02-1f00-0000-5a29-0bc4f50b0000 pid=3061 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=9bc34b02-1f00-0000-5a29-0bc4f50b0000 pid=3061 execve guuid=a6648a02-1f00-0000-5a29-0bc4f60b0000 pid=3062 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=a6648a02-1f00-0000-5a29-0bc4f60b0000 pid=3062 clone guuid=59d89002-1f00-0000-5a29-0bc4f70b0000 pid=3063 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=59d89002-1f00-0000-5a29-0bc4f70b0000 pid=3063 execve guuid=af385106-1f00-0000-5a29-0bc4020c0000 pid=3074 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=af385106-1f00-0000-5a29-0bc4020c0000 pid=3074 execve guuid=9d3b9206-1f00-0000-5a29-0bc4040c0000 pid=3076 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=9d3b9206-1f00-0000-5a29-0bc4040c0000 pid=3076 clone guuid=018ea006-1f00-0000-5a29-0bc4050c0000 pid=3077 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=018ea006-1f00-0000-5a29-0bc4050c0000 pid=3077 execve guuid=12cd1b0d-1f00-0000-5a29-0bc41b0c0000 pid=3099 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=12cd1b0d-1f00-0000-5a29-0bc41b0c0000 pid=3099 execve guuid=a9806d0d-1f00-0000-5a29-0bc41d0c0000 pid=3101 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=a9806d0d-1f00-0000-5a29-0bc41d0c0000 pid=3101 clone guuid=03c6770d-1f00-0000-5a29-0bc41e0c0000 pid=3102 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=03c6770d-1f00-0000-5a29-0bc41e0c0000 pid=3102 execve guuid=d897be10-1f00-0000-5a29-0bc4290c0000 pid=3113 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=d897be10-1f00-0000-5a29-0bc4290c0000 pid=3113 execve guuid=5db50411-1f00-0000-5a29-0bc42b0c0000 pid=3115 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=5db50411-1f00-0000-5a29-0bc42b0c0000 pid=3115 clone guuid=cf1c0d11-1f00-0000-5a29-0bc42c0c0000 pid=3116 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=cf1c0d11-1f00-0000-5a29-0bc42c0c0000 pid=3116 execve guuid=e62ee415-1f00-0000-5a29-0bc4390c0000 pid=3129 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=e62ee415-1f00-0000-5a29-0bc4390c0000 pid=3129 execve guuid=ac062c16-1f00-0000-5a29-0bc43b0c0000 pid=3131 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=ac062c16-1f00-0000-5a29-0bc43b0c0000 pid=3131 clone guuid=c4773916-1f00-0000-5a29-0bc43c0c0000 pid=3132 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=c4773916-1f00-0000-5a29-0bc43c0c0000 pid=3132 execve guuid=bb5ee41c-1f00-0000-5a29-0bc44a0c0000 pid=3146 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=bb5ee41c-1f00-0000-5a29-0bc44a0c0000 pid=3146 execve guuid=4f52251d-1f00-0000-5a29-0bc44c0c0000 pid=3148 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=4f52251d-1f00-0000-5a29-0bc44c0c0000 pid=3148 clone guuid=8dcb311d-1f00-0000-5a29-0bc44d0c0000 pid=3149 /usr/bin/curl net send-data guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=8dcb311d-1f00-0000-5a29-0bc44d0c0000 pid=3149 execve guuid=e5b72423-1f00-0000-5a29-0bc45f0c0000 pid=3167 /usr/bin/chmod guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=e5b72423-1f00-0000-5a29-0bc45f0c0000 pid=3167 execve guuid=6d8ba823-1f00-0000-5a29-0bc4620c0000 pid=3170 /usr/bin/dash guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=6d8ba823-1f00-0000-5a29-0bc4620c0000 pid=3170 clone guuid=4645ba23-1f00-0000-5a29-0bc4630c0000 pid=3171 /usr/bin/rm delete-file guuid=37c787cf-1e00-0000-5a29-0bc4840b0000 pid=2948->guuid=4645ba23-1f00-0000-5a29-0bc4630c0000 pid=3171 execve 8e6b5758-71ad-5d15-b2f4-440297d989d0 164.68.99.27:80 guuid=24f5e5cf-1e00-0000-5a29-0bc4850b0000 pid=2949->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=ce3599de-1e00-0000-5a29-0bc49c0b0000 pid=2972->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=ffcdfde5-1e00-0000-5a29-0bc4b00b0000 pid=2992->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=9475eded-1e00-0000-5a29-0bc4c10b0000 pid=3009->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=113d95f6-1e00-0000-5a29-0bc4cc0b0000 pid=3020->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=831584fe-1e00-0000-5a29-0bc4e60b0000 pid=3046->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=59d89002-1f00-0000-5a29-0bc4f70b0000 pid=3063->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 89B guuid=018ea006-1f00-0000-5a29-0bc4050c0000 pid=3077->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=03c6770d-1f00-0000-5a29-0bc41e0c0000 pid=3102->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=cf1c0d11-1f00-0000-5a29-0bc42c0c0000 pid=3116->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=c4773916-1f00-0000-5a29-0bc43c0c0000 pid=3132->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=8dcb311d-1f00-0000-5a29-0bc44d0c0000 pid=3149->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 91B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-12 12:48:31 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mwo645uxlk2dgafdelhgaopktw3qkkmfjeqp2xbyxntmpolwibka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251013-f3phkabq5v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 659dee76975ab43300a322ce6039ea9db70529854920fd5c38bb66c7b9764054

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3670405/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments