MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240
SHA3-384 hash: 35601c861cc783b96ec21702e9851ebedd6cab0436cb4ef8345bc48b2ee5124522c7f01bf96766c58a3a5693fd406cea
SHA1 hash: 5332100861ee906a1a535c319f74a95463053c08
MD5 hash: 68436923d83ddfcd3900408b014c2152
humanhash: one-juliet-nevada-batman
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'055 bytes
First seen:2025-08-04 06:28:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3/1xQ/tcArEQ/VNI+3BEAQ/GTKRiHQ/5NZIqQ/IQiQ/3TNPcwQ/AL0gQ/FB0Kj:3J3CNI6nKhN+y4Js632HR
TLSH T15C119AFF17E59843963C8FDA70A9D108B24581C3E6AC4BB1B168DC3968C8614B045F3A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/bins/morte.arma1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm54dcdfc88ddee2531c6caee9c75192843af953b42845654a86937ae82df6072ee Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm62ce39c00011d45b712f7310b3d3738c592edcb581b981010f37ddb3853dfdbd9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.arm7d91ec037d4a3bd3da8068121fd9d0447dd5eb7549051e7122b5d217cdb46af81 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.m68kbec7cd4fd3d3921bcb4b581fb9474610cd702b70f5f93d91bc0ee424cfc94dda Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mipsd17de3b065d524a85522d7ed5ab4b15575407c438be1ee5f892445b9148963bd Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.mpsl815ba825cad23a8791a89ce794d1df9048133a152c2b37ed05066b2d8c6a68e9 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.ppcaca86d90aef3a6b4ad4c0bab0bcac9b306e0f3db025b06735ece832013d40c11 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.sh4921022e867133faf030885d2a04b10224417a897c499cd4ee2481ae9c9cd4cb6 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.spc8f7c1622b81de5ba394145552b33b51e86a009392f7884408ba0507ea148b841 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86e41cf98b55686fca887f880de8ebb0d6b05e6b26649b0d95a59729081ac709f5 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/morte.x86_64623a439ec19f826bdd9cd68d00e38279d60b5ccd8f6fab633b1c6e84207c75a1 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6890530c32e61090868c3e06/reports/084899b6-938a-41f1-ac1a-4ae451c47760/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/dc96de4a-38ed-4be5-83c5-5e8b49ddd9d5
Behavior Graph:
Download SVG
%3 guuid=eedf7606-1a00-0000-854a-9c1cf4080000 pid=2292 /usr/bin/sudo guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294 /tmp/sample.bin guuid=eedf7606-1a00-0000-854a-9c1cf4080000 pid=2292->guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294 execve guuid=0a0dbd0a-1a00-0000-854a-9c1cf7080000 pid=2295 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=0a0dbd0a-1a00-0000-854a-9c1cf7080000 pid=2295 execve guuid=c0e34b13-1a00-0000-854a-9c1c08090000 pid=2312 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=c0e34b13-1a00-0000-854a-9c1c08090000 pid=2312 execve guuid=c9788f13-1a00-0000-854a-9c1c0a090000 pid=2314 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=c9788f13-1a00-0000-854a-9c1c0a090000 pid=2314 clone guuid=9085a613-1a00-0000-854a-9c1c0b090000 pid=2315 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=9085a613-1a00-0000-854a-9c1c0b090000 pid=2315 execve guuid=245c2a18-1a00-0000-854a-9c1c14090000 pid=2324 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=245c2a18-1a00-0000-854a-9c1c14090000 pid=2324 execve guuid=cf917318-1a00-0000-854a-9c1c15090000 pid=2325 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=cf917318-1a00-0000-854a-9c1c15090000 pid=2325 clone guuid=d84b8718-1a00-0000-854a-9c1c16090000 pid=2326 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=d84b8718-1a00-0000-854a-9c1c16090000 pid=2326 execve guuid=8718b91d-1a00-0000-854a-9c1c20090000 pid=2336 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=8718b91d-1a00-0000-854a-9c1c20090000 pid=2336 execve guuid=3cfa5c1e-1a00-0000-854a-9c1c23090000 pid=2339 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=3cfa5c1e-1a00-0000-854a-9c1c23090000 pid=2339 clone guuid=366d691e-1a00-0000-854a-9c1c25090000 pid=2341 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=366d691e-1a00-0000-854a-9c1c25090000 pid=2341 execve guuid=1ba94423-1a00-0000-854a-9c1c33090000 pid=2355 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=1ba94423-1a00-0000-854a-9c1c33090000 pid=2355 execve guuid=f7d8a023-1a00-0000-854a-9c1c34090000 pid=2356 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=f7d8a023-1a00-0000-854a-9c1c34090000 pid=2356 clone guuid=96d1b023-1a00-0000-854a-9c1c35090000 pid=2357 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=96d1b023-1a00-0000-854a-9c1c35090000 pid=2357 execve guuid=cacc352a-1a00-0000-854a-9c1c3d090000 pid=2365 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=cacc352a-1a00-0000-854a-9c1c3d090000 pid=2365 execve guuid=f314792a-1a00-0000-854a-9c1c3e090000 pid=2366 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=f314792a-1a00-0000-854a-9c1c3e090000 pid=2366 clone guuid=4671872a-1a00-0000-854a-9c1c3f090000 pid=2367 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=4671872a-1a00-0000-854a-9c1c3f090000 pid=2367 execve guuid=b0ed022f-1a00-0000-854a-9c1c4c090000 pid=2380 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=b0ed022f-1a00-0000-854a-9c1c4c090000 pid=2380 execve guuid=7c22482f-1a00-0000-854a-9c1c4d090000 pid=2381 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=7c22482f-1a00-0000-854a-9c1c4d090000 pid=2381 clone guuid=e865562f-1a00-0000-854a-9c1c4f090000 pid=2383 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=e865562f-1a00-0000-854a-9c1c4f090000 pid=2383 execve guuid=95cbcc37-1a00-0000-854a-9c1c5b090000 pid=2395 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=95cbcc37-1a00-0000-854a-9c1c5b090000 pid=2395 execve guuid=72af1838-1a00-0000-854a-9c1c5c090000 pid=2396 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=72af1838-1a00-0000-854a-9c1c5c090000 pid=2396 clone guuid=12742438-1a00-0000-854a-9c1c5d090000 pid=2397 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=12742438-1a00-0000-854a-9c1c5d090000 pid=2397 execve guuid=6dfc483c-1a00-0000-854a-9c1c5e090000 pid=2398 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=6dfc483c-1a00-0000-854a-9c1c5e090000 pid=2398 execve guuid=aeac903c-1a00-0000-854a-9c1c5f090000 pid=2399 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=aeac903c-1a00-0000-854a-9c1c5f090000 pid=2399 clone guuid=ed139e3c-1a00-0000-854a-9c1c60090000 pid=2400 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=ed139e3c-1a00-0000-854a-9c1c60090000 pid=2400 execve guuid=c24aca41-1a00-0000-854a-9c1c61090000 pid=2401 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=c24aca41-1a00-0000-854a-9c1c61090000 pid=2401 execve guuid=e4902e42-1a00-0000-854a-9c1c62090000 pid=2402 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=e4902e42-1a00-0000-854a-9c1c62090000 pid=2402 clone guuid=84883c42-1a00-0000-854a-9c1c63090000 pid=2403 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=84883c42-1a00-0000-854a-9c1c63090000 pid=2403 execve guuid=56ea6747-1a00-0000-854a-9c1c64090000 pid=2404 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=56ea6747-1a00-0000-854a-9c1c64090000 pid=2404 execve guuid=ab38c647-1a00-0000-854a-9c1c65090000 pid=2405 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=ab38c647-1a00-0000-854a-9c1c65090000 pid=2405 clone guuid=3db6d847-1a00-0000-854a-9c1c66090000 pid=2406 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=3db6d847-1a00-0000-854a-9c1c66090000 pid=2406 execve guuid=0ba8634d-1a00-0000-854a-9c1c67090000 pid=2407 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=0ba8634d-1a00-0000-854a-9c1c67090000 pid=2407 execve guuid=cc0dbb4d-1a00-0000-854a-9c1c68090000 pid=2408 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=cc0dbb4d-1a00-0000-854a-9c1c68090000 pid=2408 clone guuid=05fbc84d-1a00-0000-854a-9c1c69090000 pid=2409 /usr/bin/curl net send-data guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=05fbc84d-1a00-0000-854a-9c1c69090000 pid=2409 execve guuid=f5a32952-1a00-0000-854a-9c1c74090000 pid=2420 /usr/bin/chmod guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=f5a32952-1a00-0000-854a-9c1c74090000 pid=2420 execve guuid=38f28452-1a00-0000-854a-9c1c76090000 pid=2422 /usr/bin/dash guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=38f28452-1a00-0000-854a-9c1c76090000 pid=2422 clone guuid=3dc49852-1a00-0000-854a-9c1c77090000 pid=2423 /usr/bin/rm delete-file guuid=b2ca240a-1a00-0000-854a-9c1cf6080000 pid=2294->guuid=3dc49852-1a00-0000-854a-9c1c77090000 pid=2423 execve f2b0adff-3c28-5b5a-8344-605c6057838c 196.251.116.34:80 guuid=0a0dbd0a-1a00-0000-854a-9c1cf7080000 pid=2295->f2b0adff-3c28-5b5a-8344-605c6057838c send: 92B guuid=9085a613-1a00-0000-854a-9c1c0b090000 pid=2315->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=d84b8718-1a00-0000-854a-9c1c16090000 pid=2326->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=366d691e-1a00-0000-854a-9c1c25090000 pid=2341->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=96d1b023-1a00-0000-854a-9c1c35090000 pid=2357->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=4671872a-1a00-0000-854a-9c1c3f090000 pid=2367->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=e865562f-1a00-0000-854a-9c1c4f090000 pid=2383->f2b0adff-3c28-5b5a-8344-605c6057838c send: 93B guuid=12742438-1a00-0000-854a-9c1c5d090000 pid=2397->f2b0adff-3c28-5b5a-8344-605c6057838c send: 92B guuid=ed139e3c-1a00-0000-854a-9c1c60090000 pid=2400->f2b0adff-3c28-5b5a-8344-605c6057838c send: 92B guuid=84883c42-1a00-0000-854a-9c1c63090000 pid=2403->f2b0adff-3c28-5b5a-8344-605c6057838c send: 92B guuid=3db6d847-1a00-0000-854a-9c1c66090000 pid=2406->f2b0adff-3c28-5b5a-8344-605c6057838c send: 92B guuid=05fbc84d-1a00-0000-854a-9c1c69090000 pid=2409->f2b0adff-3c28-5b5a-8344-605c6057838c send: 95B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240
Threat name:
Linux.Downloader.ShellAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-08-04 06:29:26 UTC
File Type:
Text (Shell)
AV detection:
14 of 37 (37.84%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nefukvewj6x2deu6r775vszrgal2ztc3kj53yi7s7dkq7aqcajaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250804-g841waer2s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 690b4554964fafa1929e8fffdacb313017accc5b527bbc23f2f8d50f82020240

(this sample)

Mirai

elf b9f837260f33f795ed8441f7a233c7c7a6f4eb735a70e3b3411a7385f25c7ab0

Mirai

elf a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

  
URLhaus
https://urlhaus.abuse.ch/url/3586702/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a2f2aec5e15b7c4beb73a49781e1b2bb
  
Dropping
SHA256 a1fa785a37fd03276effde035c81addd23415dfa8ab4ccce30e7deb806d3bb24

Comments