MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570
SHA3-384 hash: 4f0bb129b12a1ebd80e293de4f5b8d5b662df8f3b4108ca8e55699d8d145e60dcff5ad064948f579baf1391b736ea7bf
SHA1 hash: bbc82e79ccd81a15ca8169519cf96e3e7255b908
MD5 hash: 61da9037b76a208851f4f22a70c162f0
humanhash: berlin-cup-nitrogen-lactose
File name:sky.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:295 bytes
First seen:2025-07-19 10:50:44 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hTnnID91/UpWVhenZ7NXordMJT7mOJu4ryOBLj:VnIPTCJSBkTqgluOBLj
TLSH T1AEE02B44D08300BB30738D2DE2F7060C71005E0B04050F2EBC4DE03A4B38C9470716C7
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.1801.13214.459.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687b78ad19132d984883246f/reports/f717aa90-ccb8-4018-a7ed-ad961d770873/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/57d44ece-920f-4fc0-a343-5e535601a1b8
Behavior Graph:
Download SVG
%3 guuid=5a694bba-1600-0000-ca7a-f019c10c0000 pid=3265 /usr/bin/sudo guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272 /tmp/sample.bin guuid=5a694bba-1600-0000-ca7a-f019c10c0000 pid=3265->guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272 execve guuid=3cda57bc-1600-0000-ca7a-f019ca0c0000 pid=3274 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=3cda57bc-1600-0000-ca7a-f019ca0c0000 pid=3274 execve guuid=f0b1d7bc-1600-0000-ca7a-f019cd0c0000 pid=3277 /usr/bin/wget net send-data write-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=f0b1d7bc-1600-0000-ca7a-f019cd0c0000 pid=3277 execve guuid=01a3c4fe-1600-0000-ca7a-f019460d0000 pid=3398 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=01a3c4fe-1600-0000-ca7a-f019460d0000 pid=3398 execve guuid=4eef37ff-1600-0000-ca7a-f019470d0000 pid=3399 /usr/bin/dash guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=4eef37ff-1600-0000-ca7a-f019470d0000 pid=3399 clone guuid=05271e00-1700-0000-ca7a-f0194b0d0000 pid=3403 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=05271e00-1700-0000-ca7a-f0194b0d0000 pid=3403 execve guuid=03d37900-1700-0000-ca7a-f0194c0d0000 pid=3404 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=03d37900-1700-0000-ca7a-f0194c0d0000 pid=3404 execve guuid=9e7cd000-1700-0000-ca7a-f0194e0d0000 pid=3406 /usr/bin/wget net send-data write-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=9e7cd000-1700-0000-ca7a-f0194e0d0000 pid=3406 execve guuid=a3e6cc41-1700-0000-ca7a-f019c10d0000 pid=3521 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=a3e6cc41-1700-0000-ca7a-f019c10d0000 pid=3521 execve guuid=7ef37642-1700-0000-ca7a-f019c30d0000 pid=3523 /usr/bin/dash guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=7ef37642-1700-0000-ca7a-f019c30d0000 pid=3523 clone guuid=954e7b43-1700-0000-ca7a-f019c60d0000 pid=3526 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=954e7b43-1700-0000-ca7a-f019c60d0000 pid=3526 execve guuid=caf4ea43-1700-0000-ca7a-f019c70d0000 pid=3527 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=caf4ea43-1700-0000-ca7a-f019c70d0000 pid=3527 execve guuid=dfd76344-1700-0000-ca7a-f019c80d0000 pid=3528 /usr/bin/wget net send-data write-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=dfd76344-1700-0000-ca7a-f019c80d0000 pid=3528 execve guuid=2a55a684-1700-0000-ca7a-f0193e0e0000 pid=3646 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=2a55a684-1700-0000-ca7a-f0193e0e0000 pid=3646 execve guuid=43b01c85-1700-0000-ca7a-f0193f0e0000 pid=3647 /usr/bin/dash guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=43b01c85-1700-0000-ca7a-f0193f0e0000 pid=3647 clone guuid=62ed0d86-1700-0000-ca7a-f019440e0000 pid=3652 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=62ed0d86-1700-0000-ca7a-f019440e0000 pid=3652 execve guuid=f3367486-1700-0000-ca7a-f019460e0000 pid=3654 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=f3367486-1700-0000-ca7a-f019460e0000 pid=3654 execve guuid=96aadb86-1700-0000-ca7a-f019480e0000 pid=3656 /usr/bin/wget net send-data write-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=96aadb86-1700-0000-ca7a-f019480e0000 pid=3656 execve guuid=88a533c8-1700-0000-ca7a-f019ea0e0000 pid=3818 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=88a533c8-1700-0000-ca7a-f019ea0e0000 pid=3818 execve guuid=c184a7c8-1700-0000-ca7a-f019ef0e0000 pid=3823 /usr/bin/dash guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=c184a7c8-1700-0000-ca7a-f019ef0e0000 pid=3823 clone guuid=068585c9-1700-0000-ca7a-f019f40e0000 pid=3828 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=068585c9-1700-0000-ca7a-f019f40e0000 pid=3828 execve guuid=f860cdc9-1700-0000-ca7a-f019f50e0000 pid=3829 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=f860cdc9-1700-0000-ca7a-f019f50e0000 pid=3829 execve guuid=41c490ca-1700-0000-ca7a-f019f60e0000 pid=3830 /usr/bin/wget net send-data guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=41c490ca-1700-0000-ca7a-f019f60e0000 pid=3830 execve guuid=3deae3e5-1700-0000-ca7a-f019300f0000 pid=3888 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=3deae3e5-1700-0000-ca7a-f019300f0000 pid=3888 execve guuid=199f43e6-1700-0000-ca7a-f019340f0000 pid=3892 /var/tmp/arm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=199f43e6-1700-0000-ca7a-f019340f0000 pid=3892 execve guuid=6c8316e8-1700-0000-ca7a-f019390f0000 pid=3897 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=6c8316e8-1700-0000-ca7a-f019390f0000 pid=3897 execve guuid=1d8b8fe8-1700-0000-ca7a-f0193c0f0000 pid=3900 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=1d8b8fe8-1700-0000-ca7a-f0193c0f0000 pid=3900 execve guuid=07b508e9-1700-0000-ca7a-f0193e0f0000 pid=3902 /usr/bin/wget net send-data guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=07b508e9-1700-0000-ca7a-f0193e0f0000 pid=3902 execve guuid=37320404-1800-0000-ca7a-f0197e0f0000 pid=3966 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=37320404-1800-0000-ca7a-f0197e0f0000 pid=3966 execve guuid=7592b004-1800-0000-ca7a-f019810f0000 pid=3969 /usr/bin/dash guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=7592b004-1800-0000-ca7a-f019810f0000 pid=3969 clone guuid=768e4a07-1800-0000-ca7a-f019890f0000 pid=3977 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=768e4a07-1800-0000-ca7a-f019890f0000 pid=3977 execve guuid=54de9507-1800-0000-ca7a-f0198d0f0000 pid=3981 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=54de9507-1800-0000-ca7a-f0198d0f0000 pid=3981 execve guuid=3d9df307-1800-0000-ca7a-f0198e0f0000 pid=3982 /usr/bin/wget net send-data guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=3d9df307-1800-0000-ca7a-f0198e0f0000 pid=3982 execve guuid=2c6c1422-1800-0000-ca7a-f019d20f0000 pid=4050 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=2c6c1422-1800-0000-ca7a-f019d20f0000 pid=4050 execve guuid=26387f22-1800-0000-ca7a-f019d40f0000 pid=4052 /var/tmp/arm6 guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=26387f22-1800-0000-ca7a-f019d40f0000 pid=4052 execve guuid=80c7ad23-1800-0000-ca7a-f019da0f0000 pid=4058 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=80c7ad23-1800-0000-ca7a-f019da0f0000 pid=4058 execve guuid=15d52824-1800-0000-ca7a-f019de0f0000 pid=4062 /usr/bin/rm guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=15d52824-1800-0000-ca7a-f019de0f0000 pid=4062 execve guuid=1fcb9c24-1800-0000-ca7a-f019df0f0000 pid=4063 /usr/bin/wget net send-data guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=1fcb9c24-1800-0000-ca7a-f019df0f0000 pid=4063 execve guuid=e3bccc3e-1800-0000-ca7a-f0191c100000 pid=4124 /usr/bin/chmod guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=e3bccc3e-1800-0000-ca7a-f0191c100000 pid=4124 execve guuid=b775563f-1800-0000-ca7a-f0191f100000 pid=4127 /var/tmp/arm7 guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=b775563f-1800-0000-ca7a-f0191f100000 pid=4127 execve guuid=7b6f9241-1800-0000-ca7a-f01926100000 pid=4134 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=7b6f9241-1800-0000-ca7a-f01926100000 pid=4134 execve guuid=c914df41-1800-0000-ca7a-f01928100000 pid=4136 /usr/bin/rm delete-file guuid=7d8d27bc-1600-0000-ca7a-f019c80c0000 pid=3272->guuid=c914df41-1800-0000-ca7a-f01928100000 pid=4136 execve 69c450d3-077e-5eaf-a64b-b87e585af084 160.30.21.117:80 guuid=f0b1d7bc-1600-0000-ca7a-f019cd0c0000 pid=3277->69c450d3-077e-5eaf-a64b-b87e585af084 send: 140B guuid=9e7cd000-1700-0000-ca7a-f0194e0d0000 pid=3406->69c450d3-077e-5eaf-a64b-b87e585af084 send: 141B guuid=dfd76344-1700-0000-ca7a-f019c80d0000 pid=3528->69c450d3-077e-5eaf-a64b-b87e585af084 send: 141B guuid=96aadb86-1700-0000-ca7a-f019480e0000 pid=3656->69c450d3-077e-5eaf-a64b-b87e585af084 send: 141B guuid=41c490ca-1700-0000-ca7a-f019f60e0000 pid=3830->69c450d3-077e-5eaf-a64b-b87e585af084 send: 131B guuid=07b508e9-1700-0000-ca7a-f0193e0f0000 pid=3902->69c450d3-077e-5eaf-a64b-b87e585af084 send: 132B guuid=3d9df307-1800-0000-ca7a-f0198e0f0000 pid=3982->69c450d3-077e-5eaf-a64b-b87e585af084 send: 132B guuid=1fcb9c24-1800-0000-ca7a-f019df0f0000 pid=4063->69c450d3-077e-5eaf-a64b-b87e585af084 send: 132B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570/
Verdict:
Malicious
Threat:
Script-Shell.Downloader.MiraiB
Link:
https://tip.neiki.dev/file/6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570
Threat name:
Script-Shell.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2025-07-19 10:51:25 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nlxj6rd6oitwa4rkpu6nvm2ocabm2cxz5w6srwkg3qw723kgmvya._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion linux
Link:
https://tria.ge/reports/250719-mx13qsvpx5/
Behaviour
Changes its process name
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Traces itself
Mirai
Mirai family
Malware Config
C2 Extraction:
phubotnet.duckdns.org
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6aee9f447e722760722a7d3cdab34e1002cd0af9edbd28d946dc2dfd6d466570

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3585869/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3585870/

Comments