MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae
SHA3-384 hash: 79946463a60fd516eeff9b918d4105f80560d9c83221f333036283a2784c525465f3412f8aa21b75b7c7a73bec0f0b46
SHA1 hash: 5dcde166835361f674b4cd6a67104e0f0f2b5cbe
MD5 hash: f13a0eb17dd7494225467a1d802642db
humanhash: sweet-india-delta-lamp
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:810 bytes
First seen:2025-08-21 07:52:29 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3O6l3YN8NI7IEKY9+Ic2jrOTTHl0atXr0gNsn:rY3HUI3CbM
TLSH T13501D2DC67F271532B48DD64E06980DC953294D032D80F6AD8562CF6C8E93017175E7B
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.97.74.69/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Mirai32-bit elf mirai Mozi
http://161.97.74.69/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraielf mirai ua-wget
http://161.97.74.69/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraielf mirai ua-wget
http://161.97.74.69/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraielf mirai ua-wget
http://161.97.74.69/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf mirai ua-wget
http://161.97.74.69/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Mirai32-bit elf mirai Mozi
http://161.97.74.69/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf mirai ua-wget
http://161.97.74.69/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf mirai ua-wget
http://161.97.74.69/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf mirai ua-wget
http://161.97.74.69/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf mirai ua-wget
http://161.97.74.69/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Mirai32-bit elf mirai Mozi
http://161.97.74.69/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a6d19ea4bdac9f5ba26ae2/reports/1b0e7b37-f88f-48b2-940a-c2420ab99108/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/390038bc-e1c9-4758-813e-b3865ec2e0b4
Behavior Graph:
Download SVG
%3 guuid=2a068b2c-1900-0000-7652-c10a690b0000 pid=2921 /usr/bin/sudo guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925 /tmp/sample.bin guuid=2a068b2c-1900-0000-7652-c10a690b0000 pid=2921->guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925 execve guuid=490b402f-1900-0000-7652-c10a6f0b0000 pid=2927 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=490b402f-1900-0000-7652-c10a6f0b0000 pid=2927 execve guuid=900b213e-1900-0000-7652-c10a850b0000 pid=2949 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=900b213e-1900-0000-7652-c10a850b0000 pid=2949 execve guuid=c5dd7f3e-1900-0000-7652-c10a860b0000 pid=2950 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=c5dd7f3e-1900-0000-7652-c10a860b0000 pid=2950 clone guuid=2c3f923e-1900-0000-7652-c10a870b0000 pid=2951 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=2c3f923e-1900-0000-7652-c10a870b0000 pid=2951 execve guuid=22d9cb44-1900-0000-7652-c10a900b0000 pid=2960 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=22d9cb44-1900-0000-7652-c10a900b0000 pid=2960 execve guuid=b0eb0f45-1900-0000-7652-c10a910b0000 pid=2961 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=b0eb0f45-1900-0000-7652-c10a910b0000 pid=2961 clone guuid=ec6e1c45-1900-0000-7652-c10a920b0000 pid=2962 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=ec6e1c45-1900-0000-7652-c10a920b0000 pid=2962 execve guuid=353b1550-1900-0000-7652-c10a970b0000 pid=2967 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=353b1550-1900-0000-7652-c10a970b0000 pid=2967 execve guuid=78f95450-1900-0000-7652-c10a990b0000 pid=2969 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=78f95450-1900-0000-7652-c10a990b0000 pid=2969 clone guuid=07155b50-1900-0000-7652-c10a9a0b0000 pid=2970 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=07155b50-1900-0000-7652-c10a9a0b0000 pid=2970 execve guuid=78957864-1900-0000-7652-c10ac20b0000 pid=3010 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=78957864-1900-0000-7652-c10ac20b0000 pid=3010 execve guuid=4557b264-1900-0000-7652-c10ac40b0000 pid=3012 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=4557b264-1900-0000-7652-c10ac40b0000 pid=3012 clone guuid=cdbeba64-1900-0000-7652-c10ac50b0000 pid=3013 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=cdbeba64-1900-0000-7652-c10ac50b0000 pid=3013 execve guuid=28eeef8a-1900-0000-7652-c10a250c0000 pid=3109 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=28eeef8a-1900-0000-7652-c10a250c0000 pid=3109 execve guuid=6794488b-1900-0000-7652-c10a270c0000 pid=3111 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=6794488b-1900-0000-7652-c10a270c0000 pid=3111 clone guuid=8ed3688b-1900-0000-7652-c10a280c0000 pid=3112 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=8ed3688b-1900-0000-7652-c10a280c0000 pid=3112 execve guuid=78d7d093-1900-0000-7652-c10a390c0000 pid=3129 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=78d7d093-1900-0000-7652-c10a390c0000 pid=3129 execve guuid=57228d94-1900-0000-7652-c10a3b0c0000 pid=3131 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=57228d94-1900-0000-7652-c10a3b0c0000 pid=3131 clone guuid=fa68a494-1900-0000-7652-c10a3c0c0000 pid=3132 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=fa68a494-1900-0000-7652-c10a3c0c0000 pid=3132 execve guuid=f326349d-1900-0000-7652-c10a570c0000 pid=3159 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=f326349d-1900-0000-7652-c10a570c0000 pid=3159 execve guuid=a83c839d-1900-0000-7652-c10a590c0000 pid=3161 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=a83c839d-1900-0000-7652-c10a590c0000 pid=3161 clone guuid=ae6d8f9d-1900-0000-7652-c10a5a0c0000 pid=3162 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=ae6d8f9d-1900-0000-7652-c10a5a0c0000 pid=3162 execve guuid=ff9a57a3-1900-0000-7652-c10a6b0c0000 pid=3179 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=ff9a57a3-1900-0000-7652-c10a6b0c0000 pid=3179 execve guuid=a64d98a3-1900-0000-7652-c10a6c0c0000 pid=3180 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=a64d98a3-1900-0000-7652-c10a6c0c0000 pid=3180 clone guuid=56b5a5a3-1900-0000-7652-c10a6d0c0000 pid=3181 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=56b5a5a3-1900-0000-7652-c10a6d0c0000 pid=3181 execve guuid=3aadc7a7-1900-0000-7652-c10a750c0000 pid=3189 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=3aadc7a7-1900-0000-7652-c10a750c0000 pid=3189 execve guuid=7e7b12a8-1900-0000-7652-c10a770c0000 pid=3191 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=7e7b12a8-1900-0000-7652-c10a770c0000 pid=3191 clone guuid=5d9a1ca8-1900-0000-7652-c10a780c0000 pid=3192 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=5d9a1ca8-1900-0000-7652-c10a780c0000 pid=3192 execve guuid=87c2e1b5-1900-0000-7652-c10a8b0c0000 pid=3211 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=87c2e1b5-1900-0000-7652-c10a8b0c0000 pid=3211 execve guuid=33fe34b6-1900-0000-7652-c10a8c0c0000 pid=3212 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=33fe34b6-1900-0000-7652-c10a8c0c0000 pid=3212 clone guuid=0b954bb6-1900-0000-7652-c10a8d0c0000 pid=3213 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=0b954bb6-1900-0000-7652-c10a8d0c0000 pid=3213 execve guuid=dae40fc0-1900-0000-7652-c10aa10c0000 pid=3233 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=dae40fc0-1900-0000-7652-c10aa10c0000 pid=3233 execve guuid=9cbb8dc0-1900-0000-7652-c10aa20c0000 pid=3234 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=9cbb8dc0-1900-0000-7652-c10aa20c0000 pid=3234 clone guuid=ed04a8c0-1900-0000-7652-c10aa30c0000 pid=3235 /usr/bin/curl net send-data guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=ed04a8c0-1900-0000-7652-c10aa30c0000 pid=3235 execve guuid=7657ddca-1900-0000-7652-c10ab50c0000 pid=3253 /usr/bin/chmod guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=7657ddca-1900-0000-7652-c10ab50c0000 pid=3253 execve guuid=3a9935cb-1900-0000-7652-c10ab60c0000 pid=3254 /usr/bin/dash guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=3a9935cb-1900-0000-7652-c10ab60c0000 pid=3254 clone guuid=9ab540cb-1900-0000-7652-c10ab70c0000 pid=3255 /usr/bin/rm delete-file guuid=1ab1e72e-1900-0000-7652-c10a6d0b0000 pid=2925->guuid=9ab540cb-1900-0000-7652-c10ab70c0000 pid=3255 execve 1859fa66-700c-573f-a69b-967c040da2df 161.97.74.69:80 guuid=490b402f-1900-0000-7652-c10a6f0b0000 pid=2927->1859fa66-700c-573f-a69b-967c040da2df send: 88B guuid=2c3f923e-1900-0000-7652-c10a870b0000 pid=2951->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=ec6e1c45-1900-0000-7652-c10a920b0000 pid=2962->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=07155b50-1900-0000-7652-c10a9a0b0000 pid=2970->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=cdbeba64-1900-0000-7652-c10ac50b0000 pid=3013->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=8ed3688b-1900-0000-7652-c10a280c0000 pid=3112->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=fa68a494-1900-0000-7652-c10a3c0c0000 pid=3132->1859fa66-700c-573f-a69b-967c040da2df send: 89B guuid=ae6d8f9d-1900-0000-7652-c10a5a0c0000 pid=3162->1859fa66-700c-573f-a69b-967c040da2df send: 88B guuid=56b5a5a3-1900-0000-7652-c10a6d0c0000 pid=3181->1859fa66-700c-573f-a69b-967c040da2df send: 88B guuid=5d9a1ca8-1900-0000-7652-c10a780c0000 pid=3192->1859fa66-700c-573f-a69b-967c040da2df send: 88B guuid=0b954bb6-1900-0000-7652-c10a8d0c0000 pid=3213->1859fa66-700c-573f-a69b-967c040da2df send: 88B guuid=ed04a8c0-1900-0000-7652-c10aa30c0000 pid=3235->1859fa66-700c-573f-a69b-967c040da2df send: 91B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-08-21 06:35:39 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4fobmyjf7ia73mcghk5olbagmc7lafamefdxmt7h73bsiesywxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250821-jssn1s1sbz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 770ae0b3092fd00fed8231d5d72c203305f580a0610a3bb27f3ff6192092c5ae

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3607790/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments