MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587
SHA3-384 hash: 38895f24cd6eac61e6a22d20a5efd370b3fa01853e92051da66c62ef4d53ffe33d8407aa90f925efc089ead6a61140cc
SHA1 hash: 683b7e4d5ec68f5ee59a00bd5171286787579ccc
MD5 hash: 9b5df31ec2400b4e93c2a406eb89bea2
humanhash: social-chicken-low-saturn
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'953 bytes
First seen:2025-10-01 05:40:24 UTC
Last seen:2025-10-01 21:00:45 UTC
File type: sh
MIME type:text/plain
ssdeep 48:LtpmXCpR0Lp4hwpmqeqppd2+p1I4pDmWkpmXvpEt1pe/apZN2vpE+:LtpmXCpR0Lp4hwpmqeqpp8+p1I4pDmtU
TLSH T16D41C3F924DB728DDB590C2ED0097AB9549BFB9B7B2B8C74C18A707B30C65111011EC7
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.armd3faf2de0fb79017b35e4eaa2e39ca9c89c1c735d25b46039918994c94d50d4d Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.arm53b035c979fc08d7b0d39349dadf683d4ecf5ef4c788e289725416f77040ca9a8 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.arm601b5a91d088219e935608cdcdd7e916f27352ed9e33bed0c613ff935d15f6cd0 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.arm72180867f5563b75b43c1187f94639475defc2043580413dd98848a8e658056b2 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.sh4fc6b2719eabf8b7f0990ec9807ae539ea5d66d54d67e7f06f38bb48930968abb Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.ppc8ce1e3c2edb48be313b85d4ea8cdbd27eef82e50c360871e67dc887b024519fa Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.mips0b1e69a4c5657d5bcc92a39f89b22b977a76ac433ea30f2d185ede6e0959dae9 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.mpslea9a2795a24cf511993c145ec04064473b0b96dfae9e7f43058dc4bf14c56725 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.spc1b384502c49ac52b3e10dd52cab028e074b75f23624fcd445b64c37b385ec69a Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.x86d88a78a5f16ad036e1befa5353881dfdb9123021fa336f857d3be95a3be93a57 Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.x86_64c5c3df0a78876adc125979f5d7c8a02c38566199898dd8b506eaffd1ce40fcba Miraielf mirai
http://213.209.143.62/nwfaiehg4ewijfgriehgirehaughrarg.i586n/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
exploit mirai
Link:
https://www.filescan.io/uploads/68dcbefc6c140e5b35fffdfa/reports/da700c3d-a2ac-4e62-824c-34c4635e01b1/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-01T03:41:00Z UTC
Last seen:
2025-10-01T04:05:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/58438c22-c031-4ad0-a336-8c75b3aefa2a
Behavior Graph:
Download SVG
%3 guuid=3ddf3caf-1900-0000-cdf0-1a94da0c0000 pid=3290 /usr/bin/sudo guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295 /tmp/sample.bin guuid=3ddf3caf-1900-0000-cdf0-1a94da0c0000 pid=3290->guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295 execve guuid=f72669b2-1900-0000-cdf0-1a94e10c0000 pid=3297 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=f72669b2-1900-0000-cdf0-1a94e10c0000 pid=3297 execve guuid=ede5a3bb-1900-0000-cdf0-1a94f70c0000 pid=3319 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=ede5a3bb-1900-0000-cdf0-1a94f70c0000 pid=3319 execve guuid=af2f22bc-1900-0000-cdf0-1a94f90c0000 pid=3321 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=af2f22bc-1900-0000-cdf0-1a94f90c0000 pid=3321 clone guuid=580347bc-1900-0000-cdf0-1a94fa0c0000 pid=3322 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=580347bc-1900-0000-cdf0-1a94fa0c0000 pid=3322 execve guuid=c2a025cd-1900-0000-cdf0-1a94090d0000 pid=3337 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=c2a025cd-1900-0000-cdf0-1a94090d0000 pid=3337 execve guuid=e826abcd-1900-0000-cdf0-1a940c0d0000 pid=3340 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=e826abcd-1900-0000-cdf0-1a940c0d0000 pid=3340 clone guuid=873bc1cd-1900-0000-cdf0-1a940e0d0000 pid=3342 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=873bc1cd-1900-0000-cdf0-1a940e0d0000 pid=3342 execve guuid=180a9ae6-1900-0000-cdf0-1a94410d0000 pid=3393 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=180a9ae6-1900-0000-cdf0-1a94410d0000 pid=3393 execve guuid=c36e0fe7-1900-0000-cdf0-1a94420d0000 pid=3394 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=c36e0fe7-1900-0000-cdf0-1a94420d0000 pid=3394 clone guuid=9e7720e7-1900-0000-cdf0-1a94430d0000 pid=3395 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=9e7720e7-1900-0000-cdf0-1a94430d0000 pid=3395 execve guuid=1a0932f9-1900-0000-cdf0-1a94740d0000 pid=3444 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=1a0932f9-1900-0000-cdf0-1a94740d0000 pid=3444 execve guuid=d97bb6f9-1900-0000-cdf0-1a94770d0000 pid=3447 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=d97bb6f9-1900-0000-cdf0-1a94770d0000 pid=3447 clone guuid=3665c9f9-1900-0000-cdf0-1a94780d0000 pid=3448 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=3665c9f9-1900-0000-cdf0-1a94780d0000 pid=3448 execve guuid=9d037e00-1a00-0000-cdf0-1a948a0d0000 pid=3466 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=9d037e00-1a00-0000-cdf0-1a948a0d0000 pid=3466 execve guuid=65dbc300-1a00-0000-cdf0-1a948c0d0000 pid=3468 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=65dbc300-1a00-0000-cdf0-1a948c0d0000 pid=3468 clone guuid=dc29c900-1a00-0000-cdf0-1a948d0d0000 pid=3469 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=dc29c900-1a00-0000-cdf0-1a948d0d0000 pid=3469 execve guuid=fe969810-1a00-0000-cdf0-1a94b00d0000 pid=3504 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=fe969810-1a00-0000-cdf0-1a94b00d0000 pid=3504 execve guuid=88994b11-1a00-0000-cdf0-1a94b10d0000 pid=3505 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=88994b11-1a00-0000-cdf0-1a94b10d0000 pid=3505 clone guuid=09d96111-1a00-0000-cdf0-1a94b20d0000 pid=3506 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=09d96111-1a00-0000-cdf0-1a94b20d0000 pid=3506 execve guuid=92ddef1a-1a00-0000-cdf0-1a94c70d0000 pid=3527 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=92ddef1a-1a00-0000-cdf0-1a94c70d0000 pid=3527 execve guuid=b837391b-1a00-0000-cdf0-1a94c80d0000 pid=3528 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=b837391b-1a00-0000-cdf0-1a94c80d0000 pid=3528 clone guuid=8daa441b-1a00-0000-cdf0-1a94c90d0000 pid=3529 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=8daa441b-1a00-0000-cdf0-1a94c90d0000 pid=3529 execve guuid=998c462f-1a00-0000-cdf0-1a94ec0d0000 pid=3564 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=998c462f-1a00-0000-cdf0-1a94ec0d0000 pid=3564 execve guuid=de82af2f-1a00-0000-cdf0-1a94ed0d0000 pid=3565 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=de82af2f-1a00-0000-cdf0-1a94ed0d0000 pid=3565 clone guuid=fc4fcd2f-1a00-0000-cdf0-1a94ef0d0000 pid=3567 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=fc4fcd2f-1a00-0000-cdf0-1a94ef0d0000 pid=3567 execve guuid=8368203c-1a00-0000-cdf0-1a940c0e0000 pid=3596 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=8368203c-1a00-0000-cdf0-1a940c0e0000 pid=3596 execve guuid=71e46f3c-1a00-0000-cdf0-1a940e0e0000 pid=3598 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=71e46f3c-1a00-0000-cdf0-1a940e0e0000 pid=3598 clone guuid=b831883c-1a00-0000-cdf0-1a940f0e0000 pid=3599 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=b831883c-1a00-0000-cdf0-1a940f0e0000 pid=3599 execve guuid=37bddf45-1a00-0000-cdf0-1a94250e0000 pid=3621 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=37bddf45-1a00-0000-cdf0-1a94250e0000 pid=3621 execve guuid=58446d46-1a00-0000-cdf0-1a94280e0000 pid=3624 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=58446d46-1a00-0000-cdf0-1a94280e0000 pid=3624 clone guuid=49147346-1a00-0000-cdf0-1a94290e0000 pid=3625 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=49147346-1a00-0000-cdf0-1a94290e0000 pid=3625 execve guuid=65523655-1a00-0000-cdf0-1a944a0e0000 pid=3658 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=65523655-1a00-0000-cdf0-1a944a0e0000 pid=3658 execve guuid=18679755-1a00-0000-cdf0-1a944c0e0000 pid=3660 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=18679755-1a00-0000-cdf0-1a944c0e0000 pid=3660 clone guuid=e9e9a855-1a00-0000-cdf0-1a944d0e0000 pid=3661 /usr/bin/curl net send-data guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=e9e9a855-1a00-0000-cdf0-1a944d0e0000 pid=3661 execve guuid=2b716d59-1a00-0000-cdf0-1a94590e0000 pid=3673 /usr/bin/chmod guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=2b716d59-1a00-0000-cdf0-1a94590e0000 pid=3673 execve guuid=4db0ce59-1a00-0000-cdf0-1a945b0e0000 pid=3675 /usr/bin/dash guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=4db0ce59-1a00-0000-cdf0-1a945b0e0000 pid=3675 clone guuid=511de459-1a00-0000-cdf0-1a945c0e0000 pid=3676 /usr/bin/rm delete-file guuid=1778fab1-1900-0000-cdf0-1a94df0c0000 pid=3295->guuid=511de459-1a00-0000-cdf0-1a945c0e0000 pid=3676 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=f72669b2-1900-0000-cdf0-1a94e10c0000 pid=3297->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 114B guuid=580347bc-1900-0000-cdf0-1a94fa0c0000 pid=3322->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B guuid=873bc1cd-1900-0000-cdf0-1a940e0d0000 pid=3342->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B guuid=9e7720e7-1900-0000-cdf0-1a94430d0000 pid=3395->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B guuid=3665c9f9-1900-0000-cdf0-1a94780d0000 pid=3448->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 114B guuid=dc29c900-1a00-0000-cdf0-1a948d0d0000 pid=3469->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 114B guuid=09d96111-1a00-0000-cdf0-1a94b20d0000 pid=3506->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B guuid=8daa441b-1a00-0000-cdf0-1a94c90d0000 pid=3529->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B guuid=fc4fcd2f-1a00-0000-cdf0-1a94ef0d0000 pid=3567->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 114B guuid=b831883c-1a00-0000-cdf0-1a940f0e0000 pid=3599->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 114B guuid=49147346-1a00-0000-cdf0-1a94290e0000 pid=3625->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 117B guuid=e9e9a855-1a00-0000-cdf0-1a944d0e0000 pid=3661->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 115B
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-01 05:23:45 UTC
File Type:
Text
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nffy6xga4b4gkfv5xcjwvu3joztyngifjcsql233cbx6pyudywdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251001-gdcm5sbj21/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 694b8f5cc0e0786516bdb8936ad369766786990548a505eb7b106fe7e283c587

(this sample)

Mirai

elf 97778fa2f2bc29d52906cd64db05724ddb33ff2a2c5054dd3dda1d7c936b47dc

Mirai

elf d3faf2de0fb79017b35e4eaa2e39ca9c89c1c735d25b46039918994c94d50d4d

  
URLhaus
https://urlhaus.abuse.ch/url/3636148/
  
Delivery method
Distributed via web download
  
Dropping
MD5 35e0f834610b73e633c0c4980b62345a
  
Dropping
SHA256 d3faf2de0fb79017b35e4eaa2e39ca9c89c1c735d25b46039918994c94d50d4d

Comments