MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059
SHA3-384 hash: f610bb2a85171eac37b7777e7b658219aac94ca404073b21463e97202985ea76e5fc2021ffdc591f444d47fb7f35b6c6
SHA1 hash: 8e53ea144ca98170a4b5a862bdb46b0f5d57c641
MD5 hash: a907cb0f9b975e7e7eaae00e9ebdde81
humanhash: bulldog-fish-georgia-east
File name:penis.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'761 bytes
First seen:2025-10-06 18:34:10 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:UBIJU0KYEI9+WHIT0Y1I9i26YQhIuzrIq6SpIUhIQDbIqRIe93XICAUlI3ymqkg2:UCU5zHD7zr6Sb//V93XX2
TLSH T1D751D5CD13E153B2F9417E1BBBB4C0E07D8990D6D5C46E5170A9BDBA848CE18F40B1DA
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.198/bins/mynode.arcc2a8fe0c60ecfdb74c28246039db8eda0194c422d4bd53e6e93011ed268fc885 Miraimirai opendir
http://196.251.116.198/bins/mynode.powerpcn/an/amirai opendir
http://196.251.116.198/bins/mynode.powerpc-440fpn/an/amirai opendir
http://196.251.116.198/bins/mynode.m68kc8b4962ddd19133d227e0514d876fd3da3d5d76a6d76e38aecf103da0e6cb53e Miraimirai opendir
http://196.251.116.198/bins/mynode.mipse17f7184fd3ebb7051173c2c20afa75a6d05677850bf17a3726b2832f86051b3 Miraimirai opendir
http://196.251.116.198/bins/mynode.mipseln/an/amirai opendir
http://196.251.116.198/bins/mynode.armv4ln/an/amirai opendir
http://196.251.116.198/bins/mynode.armv5l94f26fc412ef1fe3883be76a13c7f025c3b8d5db3114b801564422ace9de12c2 Miraimirai opendir
http://196.251.116.198/bins/mynode.armv6l66250f64756a62335ffb8e834b460a9752370c906241d940997b77228fb41c68 Miraimirai opendir
http://196.251.116.198/bins/mynode.armv7l7bc76a9ac70a4f20ddaed6d5052f302cb5f9ba7f3a86dee55df2798982f51981 Miraimirai opendir
http://196.251.116.198/bins/mynode.sh455bd799a8f8a4beb6fe4ff95c4142bfa721d3f889585216d32554fdd9ffaf24e Gafgytgafgyt mirai opendir
http://196.251.116.198/bins/mynode.x86_64n/an/amirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2025-10-06T16:11:00Z UTC
Last seen:
2025-10-06T16:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a7c4d7f3-92ea-4143-a238-e6561ac37765
Behavior Graph:
Download SVG
%3 guuid=d2344911-1c00-0000-1224-c2dab2090000 pid=2482 /usr/bin/sudo guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490 /tmp/sample.bin guuid=d2344911-1c00-0000-1224-c2dab2090000 pid=2482->guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490 execve guuid=8b23cd13-1c00-0000-1224-c2dabb090000 pid=2491 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=8b23cd13-1c00-0000-1224-c2dabb090000 pid=2491 execve guuid=fc686919-1c00-0000-1224-c2dac8090000 pid=2504 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=fc686919-1c00-0000-1224-c2dac8090000 pid=2504 execve guuid=6c8bbd19-1c00-0000-1224-c2dac9090000 pid=2505 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=6c8bbd19-1c00-0000-1224-c2dac9090000 pid=2505 clone guuid=12b68a1a-1c00-0000-1224-c2dacc090000 pid=2508 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=12b68a1a-1c00-0000-1224-c2dacc090000 pid=2508 execve guuid=f543b31e-1c00-0000-1224-c2dad8090000 pid=2520 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=f543b31e-1c00-0000-1224-c2dad8090000 pid=2520 execve guuid=69e2031f-1c00-0000-1224-c2dada090000 pid=2522 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=69e2031f-1c00-0000-1224-c2dada090000 pid=2522 clone guuid=909c981f-1c00-0000-1224-c2dadf090000 pid=2527 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=909c981f-1c00-0000-1224-c2dadf090000 pid=2527 execve guuid=532b9023-1c00-0000-1224-c2daed090000 pid=2541 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=532b9023-1c00-0000-1224-c2daed090000 pid=2541 execve guuid=e69bc623-1c00-0000-1224-c2daef090000 pid=2543 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=e69bc623-1c00-0000-1224-c2daef090000 pid=2543 clone guuid=10d25024-1c00-0000-1224-c2daf2090000 pid=2546 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=10d25024-1c00-0000-1224-c2daf2090000 pid=2546 execve guuid=0b554828-1c00-0000-1224-c2dafe090000 pid=2558 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=0b554828-1c00-0000-1224-c2dafe090000 pid=2558 execve guuid=e8c78728-1c00-0000-1224-c2da010a0000 pid=2561 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=e8c78728-1c00-0000-1224-c2da010a0000 pid=2561 clone guuid=dcf40c29-1c00-0000-1224-c2da040a0000 pid=2564 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=dcf40c29-1c00-0000-1224-c2da040a0000 pid=2564 execve guuid=cb46182e-1c00-0000-1224-c2da150a0000 pid=2581 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=cb46182e-1c00-0000-1224-c2da150a0000 pid=2581 execve guuid=55ac4b2e-1c00-0000-1224-c2da170a0000 pid=2583 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=55ac4b2e-1c00-0000-1224-c2da170a0000 pid=2583 clone guuid=d729c12e-1c00-0000-1224-c2da1a0a0000 pid=2586 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=d729c12e-1c00-0000-1224-c2da1a0a0000 pid=2586 execve guuid=1d311933-1c00-0000-1224-c2da280a0000 pid=2600 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=1d311933-1c00-0000-1224-c2da280a0000 pid=2600 execve guuid=b1dc8633-1c00-0000-1224-c2da2a0a0000 pid=2602 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=b1dc8633-1c00-0000-1224-c2da2a0a0000 pid=2602 clone guuid=55276e34-1c00-0000-1224-c2da2f0a0000 pid=2607 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=55276e34-1c00-0000-1224-c2da2f0a0000 pid=2607 execve guuid=8bee9c38-1c00-0000-1224-c2da3c0a0000 pid=2620 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=8bee9c38-1c00-0000-1224-c2da3c0a0000 pid=2620 execve guuid=c134f038-1c00-0000-1224-c2da3e0a0000 pid=2622 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=c134f038-1c00-0000-1224-c2da3e0a0000 pid=2622 clone guuid=b2288239-1c00-0000-1224-c2da410a0000 pid=2625 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=b2288239-1c00-0000-1224-c2da410a0000 pid=2625 execve guuid=8ed0823d-1c00-0000-1224-c2da4e0a0000 pid=2638 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=8ed0823d-1c00-0000-1224-c2da4e0a0000 pid=2638 execve guuid=44afc13d-1c00-0000-1224-c2da500a0000 pid=2640 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=44afc13d-1c00-0000-1224-c2da500a0000 pid=2640 clone guuid=ff015e3e-1c00-0000-1224-c2da540a0000 pid=2644 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=ff015e3e-1c00-0000-1224-c2da540a0000 pid=2644 execve guuid=388ede42-1c00-0000-1224-c2da5f0a0000 pid=2655 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=388ede42-1c00-0000-1224-c2da5f0a0000 pid=2655 execve guuid=9acd2443-1c00-0000-1224-c2da610a0000 pid=2657 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=9acd2443-1c00-0000-1224-c2da610a0000 pid=2657 clone guuid=3c2fe243-1c00-0000-1224-c2da660a0000 pid=2662 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=3c2fe243-1c00-0000-1224-c2da660a0000 pid=2662 execve guuid=c6509c48-1c00-0000-1224-c2da740a0000 pid=2676 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=c6509c48-1c00-0000-1224-c2da740a0000 pid=2676 execve guuid=2a17e048-1c00-0000-1224-c2da750a0000 pid=2677 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=2a17e048-1c00-0000-1224-c2da750a0000 pid=2677 clone guuid=5aee7849-1c00-0000-1224-c2da790a0000 pid=2681 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=5aee7849-1c00-0000-1224-c2da790a0000 pid=2681 execve guuid=98571f4e-1c00-0000-1224-c2da870a0000 pid=2695 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=98571f4e-1c00-0000-1224-c2da870a0000 pid=2695 execve guuid=64fd6a4e-1c00-0000-1224-c2da8a0a0000 pid=2698 /usr/bin/dash guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=64fd6a4e-1c00-0000-1224-c2da8a0a0000 pid=2698 clone guuid=c6c04f4f-1c00-0000-1224-c2da8e0a0000 pid=2702 /usr/bin/wget net send-data write-file guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=c6c04f4f-1c00-0000-1224-c2da8e0a0000 pid=2702 execve guuid=71dbaa54-1c00-0000-1224-c2da9c0a0000 pid=2716 /usr/bin/chmod guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=71dbaa54-1c00-0000-1224-c2da9c0a0000 pid=2716 execve guuid=f2e5df54-1c00-0000-1224-c2da9e0a0000 pid=2718 /tmp/mynode.x86_64 guuid=fa3f7913-1c00-0000-1224-c2daba090000 pid=2490->guuid=f2e5df54-1c00-0000-1224-c2da9e0a0000 pid=2718 execve 7858d3dc-3dfb-5210-b288-d53a4ed49fff 196.251.116.198:80 guuid=8b23cd13-1c00-0000-1224-c2dabb090000 pid=2491->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 145B guuid=12b68a1a-1c00-0000-1224-c2dacc090000 pid=2508->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 149B guuid=909c981f-1c00-0000-1224-c2dadf090000 pid=2527->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 155B guuid=10d25024-1c00-0000-1224-c2daf2090000 pid=2546->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 146B guuid=dcf40c29-1c00-0000-1224-c2da040a0000 pid=2564->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 146B guuid=d729c12e-1c00-0000-1224-c2da1a0a0000 pid=2586->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=55276e34-1c00-0000-1224-c2da2f0a0000 pid=2607->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=b2288239-1c00-0000-1224-c2da410a0000 pid=2625->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=ff015e3e-1c00-0000-1224-c2da540a0000 pid=2644->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=3c2fe243-1c00-0000-1224-c2da660a0000 pid=2662->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=5aee7849-1c00-0000-1224-c2da790a0000 pid=2681->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 145B guuid=c6c04f4f-1c00-0000-1224-c2da8e0a0000 pid=2702->7858d3dc-3dfb-5210-b288-d53a4ed49fff send: 148B guuid=ef95e954-1c00-0000-1224-c2da9f0a0000 pid=2719 /tmp/mynode.x86_64 zombie guuid=f2e5df54-1c00-0000-1224-c2da9e0a0000 pid=2718->guuid=ef95e954-1c00-0000-1224-c2da9f0a0000 pid=2719 clone guuid=b695f354-1c00-0000-1224-c2daa00a0000 pid=2720 /tmp/mynode.x86_64 delete-file net send-data write-file zombie guuid=ef95e954-1c00-0000-1224-c2da9f0a0000 pid=2719->guuid=b695f354-1c00-0000-1224-c2daa00a0000 pid=2720 clone 3b34ae22-65ec-5791-983e-07c6a5ab65f5 196.251.116.198:1337 guuid=b695f354-1c00-0000-1224-c2daa00a0000 pid=2720->3b34ae22-65ec-5791-983e-07c6a5ab65f5 send: 32B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-06 18:41:37 UTC
File Type:
Text (Shell)
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nkl7hj2rkn7m4lvzv3qlqciefi2el2d7qfyaargmeg52eefvgbmq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251006-xcjm3atxf1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6a97f3a751537ece2eb9aee0b809042a3445e87f81700044cc21bba210b53059

(this sample)

Mirai

elf c2a8fe0c60ecfdb74c28246039db8eda0194c422d4bd53e6e93011ed268fc885

  
URLhaus
https://urlhaus.abuse.ch/url/3660737/
  
Delivery method
Distributed via web download
  
Dropping
MD5 86ae1093e13982c5710d39abb7beb40c
  
Dropping
SHA256 c2a8fe0c60ecfdb74c28246039db8eda0194c422d4bd53e6e93011ed268fc885

Comments