MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 770db614b0e7b3cd571f12eb94bc8b06c7c151f37c4ecc41656476bbb4d3084e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 770db614b0e7b3cd571f12eb94bc8b06c7c151f37c4ecc41656476bbb4d3084e
SHA3-384 hash: 8128f3482d4b3533df4df30ceb48847c33b14b82155eea512a9e16cf7f181356ee04dfdfc1096024562d6e886bfce1ef
SHA1 hash: 6ec536fa006254cfe7c1a10b096832e29b030c43
MD5 hash: 44f4dafb99216514a2d1476e4303f59f
humanhash: washington-berlin-bulldog-victor
File name:lil
Download: download sample
Signature Mirai
File size:848 bytes
First seen:2026-07-03 01:59:52 UTC
Last seen:2026-07-03 13:15:23 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:kXCKysE2hi0ziQvZohaIjSIFD/X5yjVq9NOX:e9Qp+MsI2IFD/XExqNOX
TLSH T1E901C2C68650BD4080AADA1D25976458F861C3CF16468F74FF6C6D7DEBA8C04B027F98
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://129.121.114.124/E8mcc71b437679db06f6f7bda909fdde306aa0080047fa6b3d63ba0cf0b66cdd062d Miraielf mirai ua-wget
http://129.121.114.124/TwnE5346c531627987f260c115b3839aeb729cdc1d43ab2fe79f522b8da6672e3bf7 Miraielf mirai ua-wget
http://129.121.114.124/fO01b68b78ec310e5043964aefd6b72c217b29b79ba8e372a939994b9264b2a4d31 Miraielf mirai ua-wget
http://129.121.114.124/Jvbm609ebd0f88a38653e61a25d6d68ec130c006eafb891085b7ce6dbcb299dfdc61 Miraielf mirai ua-wget
http://129.121.114.124/0Rw55a195fd83d3cbe9a5d0b4f88c59833776d32a65e807d137bcfa4f9a7c8e1f12 Miraielf mirai ua-wget

Intelligence


File Origin
# of uploads :
3
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader evasive mirai
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-07-02T23:10:00Z UTC
Last seen:
2026-07-04T18:52:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=98732560-1e00-0000-62ba-5eaa55140000 pid=5205 /usr/bin/sudo guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206 /tmp/sample.bin write-file guuid=98732560-1e00-0000-62ba-5eaa55140000 pid=5205->guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206 execve guuid=62273662-1e00-0000-62ba-5eaa57140000 pid=5207 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=62273662-1e00-0000-62ba-5eaa57140000 pid=5207 execve guuid=964a9d62-1e00-0000-62ba-5eaa58140000 pid=5208 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=964a9d62-1e00-0000-62ba-5eaa58140000 pid=5208 execve guuid=28490b63-1e00-0000-62ba-5eaa59140000 pid=5209 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=28490b63-1e00-0000-62ba-5eaa59140000 pid=5209 execve guuid=8bbb7263-1e00-0000-62ba-5eaa5a140000 pid=5210 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=8bbb7263-1e00-0000-62ba-5eaa5a140000 pid=5210 execve guuid=50d0d263-1e00-0000-62ba-5eaa5b140000 pid=5211 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=50d0d263-1e00-0000-62ba-5eaa5b140000 pid=5211 execve guuid=822f3f64-1e00-0000-62ba-5eaa5c140000 pid=5212 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=822f3f64-1e00-0000-62ba-5eaa5c140000 pid=5212 execve guuid=99229964-1e00-0000-62ba-5eaa5d140000 pid=5213 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=99229964-1e00-0000-62ba-5eaa5d140000 pid=5213 execve guuid=3655f464-1e00-0000-62ba-5eaa5e140000 pid=5214 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=3655f464-1e00-0000-62ba-5eaa5e140000 pid=5214 execve guuid=cf5f5465-1e00-0000-62ba-5eaa5f140000 pid=5215 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=cf5f5465-1e00-0000-62ba-5eaa5f140000 pid=5215 execve guuid=049abc65-1e00-0000-62ba-5eaa60140000 pid=5216 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=049abc65-1e00-0000-62ba-5eaa60140000 pid=5216 execve guuid=746c2366-1e00-0000-62ba-5eaa61140000 pid=5217 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=746c2366-1e00-0000-62ba-5eaa61140000 pid=5217 execve guuid=977e8866-1e00-0000-62ba-5eaa62140000 pid=5218 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=977e8866-1e00-0000-62ba-5eaa62140000 pid=5218 execve guuid=ca5bec66-1e00-0000-62ba-5eaa63140000 pid=5219 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=ca5bec66-1e00-0000-62ba-5eaa63140000 pid=5219 execve guuid=0bb95467-1e00-0000-62ba-5eaa64140000 pid=5220 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=0bb95467-1e00-0000-62ba-5eaa64140000 pid=5220 execve guuid=8861bc67-1e00-0000-62ba-5eaa65140000 pid=5221 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=8861bc67-1e00-0000-62ba-5eaa65140000 pid=5221 execve guuid=0ebf1c68-1e00-0000-62ba-5eaa66140000 pid=5222 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=0ebf1c68-1e00-0000-62ba-5eaa66140000 pid=5222 execve guuid=ce377d68-1e00-0000-62ba-5eaa67140000 pid=5223 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=ce377d68-1e00-0000-62ba-5eaa67140000 pid=5223 execve guuid=4d48de68-1e00-0000-62ba-5eaa68140000 pid=5224 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=4d48de68-1e00-0000-62ba-5eaa68140000 pid=5224 execve guuid=00554069-1e00-0000-62ba-5eaa69140000 pid=5225 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=00554069-1e00-0000-62ba-5eaa69140000 pid=5225 execve guuid=22eba369-1e00-0000-62ba-5eaa6a140000 pid=5226 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=22eba369-1e00-0000-62ba-5eaa6a140000 pid=5226 execve guuid=5aa0086a-1e00-0000-62ba-5eaa6b140000 pid=5227 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=5aa0086a-1e00-0000-62ba-5eaa6b140000 pid=5227 execve guuid=52c9676a-1e00-0000-62ba-5eaa6c140000 pid=5228 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=52c9676a-1e00-0000-62ba-5eaa6c140000 pid=5228 execve guuid=3b26c66a-1e00-0000-62ba-5eaa6d140000 pid=5229 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=3b26c66a-1e00-0000-62ba-5eaa6d140000 pid=5229 execve guuid=2859286b-1e00-0000-62ba-5eaa6e140000 pid=5230 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=2859286b-1e00-0000-62ba-5eaa6e140000 pid=5230 execve guuid=9ec2856b-1e00-0000-62ba-5eaa6f140000 pid=5231 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9ec2856b-1e00-0000-62ba-5eaa6f140000 pid=5231 execve guuid=a5d9dd6b-1e00-0000-62ba-5eaa70140000 pid=5232 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a5d9dd6b-1e00-0000-62ba-5eaa70140000 pid=5232 execve guuid=dc263d6c-1e00-0000-62ba-5eaa71140000 pid=5233 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=dc263d6c-1e00-0000-62ba-5eaa71140000 pid=5233 execve guuid=9fe3956c-1e00-0000-62ba-5eaa72140000 pid=5234 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9fe3956c-1e00-0000-62ba-5eaa72140000 pid=5234 execve guuid=d1b1fb6c-1e00-0000-62ba-5eaa73140000 pid=5235 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=d1b1fb6c-1e00-0000-62ba-5eaa73140000 pid=5235 execve guuid=f185576d-1e00-0000-62ba-5eaa74140000 pid=5236 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=f185576d-1e00-0000-62ba-5eaa74140000 pid=5236 execve guuid=5a84b86d-1e00-0000-62ba-5eaa75140000 pid=5237 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=5a84b86d-1e00-0000-62ba-5eaa75140000 pid=5237 execve guuid=1fbf156e-1e00-0000-62ba-5eaa76140000 pid=5238 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=1fbf156e-1e00-0000-62ba-5eaa76140000 pid=5238 execve guuid=c72c826e-1e00-0000-62ba-5eaa77140000 pid=5239 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=c72c826e-1e00-0000-62ba-5eaa77140000 pid=5239 execve guuid=a6ceeb6e-1e00-0000-62ba-5eaa78140000 pid=5240 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a6ceeb6e-1e00-0000-62ba-5eaa78140000 pid=5240 execve guuid=dcac546f-1e00-0000-62ba-5eaa79140000 pid=5241 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=dcac546f-1e00-0000-62ba-5eaa79140000 pid=5241 execve guuid=bb21bc6f-1e00-0000-62ba-5eaa7a140000 pid=5242 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=bb21bc6f-1e00-0000-62ba-5eaa7a140000 pid=5242 execve guuid=dc322170-1e00-0000-62ba-5eaa7b140000 pid=5243 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=dc322170-1e00-0000-62ba-5eaa7b140000 pid=5243 execve guuid=29678570-1e00-0000-62ba-5eaa7c140000 pid=5244 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=29678570-1e00-0000-62ba-5eaa7c140000 pid=5244 execve guuid=902fe370-1e00-0000-62ba-5eaa7d140000 pid=5245 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=902fe370-1e00-0000-62ba-5eaa7d140000 pid=5245 execve guuid=189b5e71-1e00-0000-62ba-5eaa7e140000 pid=5246 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=189b5e71-1e00-0000-62ba-5eaa7e140000 pid=5246 execve guuid=336efa71-1e00-0000-62ba-5eaa7f140000 pid=5247 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=336efa71-1e00-0000-62ba-5eaa7f140000 pid=5247 execve guuid=37ba9172-1e00-0000-62ba-5eaa80140000 pid=5248 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=37ba9172-1e00-0000-62ba-5eaa80140000 pid=5248 execve guuid=4d493773-1e00-0000-62ba-5eaa81140000 pid=5249 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=4d493773-1e00-0000-62ba-5eaa81140000 pid=5249 execve guuid=3a8d9e73-1e00-0000-62ba-5eaa82140000 pid=5250 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=3a8d9e73-1e00-0000-62ba-5eaa82140000 pid=5250 execve guuid=70b7f573-1e00-0000-62ba-5eaa83140000 pid=5251 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=70b7f573-1e00-0000-62ba-5eaa83140000 pid=5251 execve guuid=94a14c74-1e00-0000-62ba-5eaa84140000 pid=5252 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=94a14c74-1e00-0000-62ba-5eaa84140000 pid=5252 execve guuid=8d49a974-1e00-0000-62ba-5eaa85140000 pid=5253 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=8d49a974-1e00-0000-62ba-5eaa85140000 pid=5253 execve guuid=20500e75-1e00-0000-62ba-5eaa86140000 pid=5254 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=20500e75-1e00-0000-62ba-5eaa86140000 pid=5254 execve guuid=08c56a75-1e00-0000-62ba-5eaa87140000 pid=5255 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=08c56a75-1e00-0000-62ba-5eaa87140000 pid=5255 execve guuid=bda6c775-1e00-0000-62ba-5eaa88140000 pid=5256 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=bda6c775-1e00-0000-62ba-5eaa88140000 pid=5256 execve guuid=94102876-1e00-0000-62ba-5eaa89140000 pid=5257 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=94102876-1e00-0000-62ba-5eaa89140000 pid=5257 execve guuid=d8d98976-1e00-0000-62ba-5eaa8a140000 pid=5258 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=d8d98976-1e00-0000-62ba-5eaa8a140000 pid=5258 execve guuid=0d44e576-1e00-0000-62ba-5eaa8b140000 pid=5259 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=0d44e576-1e00-0000-62ba-5eaa8b140000 pid=5259 execve guuid=7afd5277-1e00-0000-62ba-5eaa8c140000 pid=5260 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=7afd5277-1e00-0000-62ba-5eaa8c140000 pid=5260 execve guuid=b05ab477-1e00-0000-62ba-5eaa8d140000 pid=5261 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=b05ab477-1e00-0000-62ba-5eaa8d140000 pid=5261 execve guuid=9a1e1478-1e00-0000-62ba-5eaa8e140000 pid=5262 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9a1e1478-1e00-0000-62ba-5eaa8e140000 pid=5262 execve guuid=98267778-1e00-0000-62ba-5eaa8f140000 pid=5263 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=98267778-1e00-0000-62ba-5eaa8f140000 pid=5263 execve guuid=2127dc78-1e00-0000-62ba-5eaa90140000 pid=5264 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=2127dc78-1e00-0000-62ba-5eaa90140000 pid=5264 execve guuid=f0093879-1e00-0000-62ba-5eaa91140000 pid=5265 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=f0093879-1e00-0000-62ba-5eaa91140000 pid=5265 execve guuid=e3029b79-1e00-0000-62ba-5eaa92140000 pid=5266 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e3029b79-1e00-0000-62ba-5eaa92140000 pid=5266 execve guuid=5bbffa79-1e00-0000-62ba-5eaa93140000 pid=5267 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=5bbffa79-1e00-0000-62ba-5eaa93140000 pid=5267 execve guuid=2a83697a-1e00-0000-62ba-5eaa94140000 pid=5268 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=2a83697a-1e00-0000-62ba-5eaa94140000 pid=5268 execve guuid=ce98d27a-1e00-0000-62ba-5eaa95140000 pid=5269 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=ce98d27a-1e00-0000-62ba-5eaa95140000 pid=5269 execve guuid=be905d7b-1e00-0000-62ba-5eaa96140000 pid=5270 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=be905d7b-1e00-0000-62ba-5eaa96140000 pid=5270 execve guuid=cbd6c67b-1e00-0000-62ba-5eaa97140000 pid=5271 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=cbd6c67b-1e00-0000-62ba-5eaa97140000 pid=5271 execve guuid=9cd1557c-1e00-0000-62ba-5eaa98140000 pid=5272 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9cd1557c-1e00-0000-62ba-5eaa98140000 pid=5272 execve guuid=a3b7b37c-1e00-0000-62ba-5eaa99140000 pid=5273 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a3b7b37c-1e00-0000-62ba-5eaa99140000 pid=5273 execve guuid=60cb567d-1e00-0000-62ba-5eaa9a140000 pid=5274 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=60cb567d-1e00-0000-62ba-5eaa9a140000 pid=5274 execve guuid=f10ec17d-1e00-0000-62ba-5eaa9b140000 pid=5275 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=f10ec17d-1e00-0000-62ba-5eaa9b140000 pid=5275 execve guuid=9e1b5f7e-1e00-0000-62ba-5eaa9c140000 pid=5276 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9e1b5f7e-1e00-0000-62ba-5eaa9c140000 pid=5276 execve guuid=a0f4eb7e-1e00-0000-62ba-5eaa9d140000 pid=5277 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a0f4eb7e-1e00-0000-62ba-5eaa9d140000 pid=5277 execve guuid=ad50837f-1e00-0000-62ba-5eaa9e140000 pid=5278 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=ad50837f-1e00-0000-62ba-5eaa9e140000 pid=5278 execve guuid=1f0b2380-1e00-0000-62ba-5eaa9f140000 pid=5279 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=1f0b2380-1e00-0000-62ba-5eaa9f140000 pid=5279 execve guuid=7598ce80-1e00-0000-62ba-5eaaa0140000 pid=5280 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=7598ce80-1e00-0000-62ba-5eaaa0140000 pid=5280 execve guuid=94318281-1e00-0000-62ba-5eaaa1140000 pid=5281 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=94318281-1e00-0000-62ba-5eaaa1140000 pid=5281 execve guuid=27555582-1e00-0000-62ba-5eaaa2140000 pid=5282 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=27555582-1e00-0000-62ba-5eaaa2140000 pid=5282 execve guuid=4271e382-1e00-0000-62ba-5eaaa3140000 pid=5283 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=4271e382-1e00-0000-62ba-5eaaa3140000 pid=5283 execve guuid=2cb47983-1e00-0000-62ba-5eaaa4140000 pid=5284 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=2cb47983-1e00-0000-62ba-5eaaa4140000 pid=5284 execve guuid=713c0284-1e00-0000-62ba-5eaaa5140000 pid=5285 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=713c0284-1e00-0000-62ba-5eaaa5140000 pid=5285 execve guuid=4d397c84-1e00-0000-62ba-5eaaa6140000 pid=5286 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=4d397c84-1e00-0000-62ba-5eaaa6140000 pid=5286 execve guuid=e84d1f85-1e00-0000-62ba-5eaaa7140000 pid=5287 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e84d1f85-1e00-0000-62ba-5eaaa7140000 pid=5287 execve guuid=11f4da85-1e00-0000-62ba-5eaaa8140000 pid=5288 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=11f4da85-1e00-0000-62ba-5eaaa8140000 pid=5288 execve guuid=52267c86-1e00-0000-62ba-5eaaa9140000 pid=5289 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=52267c86-1e00-0000-62ba-5eaaa9140000 pid=5289 execve guuid=f3bc4587-1e00-0000-62ba-5eaaaa140000 pid=5290 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=f3bc4587-1e00-0000-62ba-5eaaaa140000 pid=5290 execve guuid=14e2f487-1e00-0000-62ba-5eaaab140000 pid=5291 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=14e2f487-1e00-0000-62ba-5eaaab140000 pid=5291 execve guuid=99edbf88-1e00-0000-62ba-5eaaac140000 pid=5292 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=99edbf88-1e00-0000-62ba-5eaaac140000 pid=5292 execve guuid=926b9089-1e00-0000-62ba-5eaaad140000 pid=5293 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=926b9089-1e00-0000-62ba-5eaaad140000 pid=5293 execve guuid=276c3c8a-1e00-0000-62ba-5eaaae140000 pid=5294 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=276c3c8a-1e00-0000-62ba-5eaaae140000 pid=5294 execve guuid=85adbf8a-1e00-0000-62ba-5eaaaf140000 pid=5295 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=85adbf8a-1e00-0000-62ba-5eaaaf140000 pid=5295 execve guuid=1e8c3f8b-1e00-0000-62ba-5eaab0140000 pid=5296 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=1e8c3f8b-1e00-0000-62ba-5eaab0140000 pid=5296 execve guuid=4c31e38b-1e00-0000-62ba-5eaab1140000 pid=5297 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=4c31e38b-1e00-0000-62ba-5eaab1140000 pid=5297 execve guuid=a0484b8c-1e00-0000-62ba-5eaab2140000 pid=5298 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a0484b8c-1e00-0000-62ba-5eaab2140000 pid=5298 execve guuid=6758008d-1e00-0000-62ba-5eaab3140000 pid=5299 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=6758008d-1e00-0000-62ba-5eaab3140000 pid=5299 execve guuid=9012618d-1e00-0000-62ba-5eaab4140000 pid=5300 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9012618d-1e00-0000-62ba-5eaab4140000 pid=5300 execve guuid=e2501a8e-1e00-0000-62ba-5eaab5140000 pid=5301 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e2501a8e-1e00-0000-62ba-5eaab5140000 pid=5301 execve guuid=e7df788e-1e00-0000-62ba-5eaab6140000 pid=5302 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e7df788e-1e00-0000-62ba-5eaab6140000 pid=5302 execve guuid=83cc278f-1e00-0000-62ba-5eaab7140000 pid=5303 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=83cc278f-1e00-0000-62ba-5eaab7140000 pid=5303 execve guuid=9da9948f-1e00-0000-62ba-5eaab8140000 pid=5304 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=9da9948f-1e00-0000-62ba-5eaab8140000 pid=5304 execve guuid=56214590-1e00-0000-62ba-5eaab9140000 pid=5305 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=56214590-1e00-0000-62ba-5eaab9140000 pid=5305 execve guuid=5be2a790-1e00-0000-62ba-5eaaba140000 pid=5306 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=5be2a790-1e00-0000-62ba-5eaaba140000 pid=5306 execve guuid=b1950b91-1e00-0000-62ba-5eaabb140000 pid=5307 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=b1950b91-1e00-0000-62ba-5eaabb140000 pid=5307 execve guuid=8b71a991-1e00-0000-62ba-5eaabc140000 pid=5308 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=8b71a991-1e00-0000-62ba-5eaabc140000 pid=5308 execve guuid=d8160c92-1e00-0000-62ba-5eaabd140000 pid=5309 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=d8160c92-1e00-0000-62ba-5eaabd140000 pid=5309 execve guuid=559b6992-1e00-0000-62ba-5eaabe140000 pid=5310 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=559b6992-1e00-0000-62ba-5eaabe140000 pid=5310 execve guuid=774bc892-1e00-0000-62ba-5eaabf140000 pid=5311 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=774bc892-1e00-0000-62ba-5eaabf140000 pid=5311 execve guuid=8db13493-1e00-0000-62ba-5eaac0140000 pid=5312 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=8db13493-1e00-0000-62ba-5eaac0140000 pid=5312 execve guuid=6083cd93-1e00-0000-62ba-5eaac1140000 pid=5313 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=6083cd93-1e00-0000-62ba-5eaac1140000 pid=5313 execve guuid=7b703794-1e00-0000-62ba-5eaac2140000 pid=5314 /usr/bin/ls guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=7b703794-1e00-0000-62ba-5eaac2140000 pid=5314 execve guuid=a1220595-1e00-0000-62ba-5eaac3140000 pid=5315 /usr/bin/rm guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=a1220595-1e00-0000-62ba-5eaac3140000 pid=5315 execve guuid=1b204b95-1e00-0000-62ba-5eaac4140000 pid=5316 /usr/bin/wget net send-data write-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=1b204b95-1e00-0000-62ba-5eaac4140000 pid=5316 execve guuid=bdc187ad-1e00-0000-62ba-5eaac5140000 pid=5317 /usr/bin/chmod guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=bdc187ad-1e00-0000-62ba-5eaac5140000 pid=5317 execve guuid=caeec8ad-1e00-0000-62ba-5eaac6140000 pid=5318 /usr/bin/dash guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=caeec8ad-1e00-0000-62ba-5eaac6140000 pid=5318 clone guuid=c30966ae-1e00-0000-62ba-5eaac8140000 pid=5320 /usr/bin/rm guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=c30966ae-1e00-0000-62ba-5eaac8140000 pid=5320 execve guuid=914cb1ae-1e00-0000-62ba-5eaac9140000 pid=5321 /usr/bin/wget net send-data write-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=914cb1ae-1e00-0000-62ba-5eaac9140000 pid=5321 execve guuid=1edff2c6-1e00-0000-62ba-5eaaca140000 pid=5322 /usr/bin/chmod guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=1edff2c6-1e00-0000-62ba-5eaaca140000 pid=5322 execve guuid=97ce35c7-1e00-0000-62ba-5eaacb140000 pid=5323 /usr/bin/dash guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=97ce35c7-1e00-0000-62ba-5eaacb140000 pid=5323 clone guuid=b766c2c7-1e00-0000-62ba-5eaacd140000 pid=5325 /usr/bin/rm guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=b766c2c7-1e00-0000-62ba-5eaacd140000 pid=5325 execve guuid=296606c8-1e00-0000-62ba-5eaace140000 pid=5326 /usr/bin/wget net send-data write-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=296606c8-1e00-0000-62ba-5eaace140000 pid=5326 execve guuid=06887fe7-1e00-0000-62ba-5eaacf140000 pid=5327 /usr/bin/chmod guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=06887fe7-1e00-0000-62ba-5eaacf140000 pid=5327 execve guuid=ce2ac6e7-1e00-0000-62ba-5eaad0140000 pid=5328 /usr/bin/dash guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=ce2ac6e7-1e00-0000-62ba-5eaad0140000 pid=5328 clone guuid=d02462e8-1e00-0000-62ba-5eaad2140000 pid=5330 /usr/bin/rm guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=d02462e8-1e00-0000-62ba-5eaad2140000 pid=5330 execve guuid=809ba6e8-1e00-0000-62ba-5eaad3140000 pid=5331 /usr/bin/wget net send-data write-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=809ba6e8-1e00-0000-62ba-5eaad3140000 pid=5331 execve guuid=e5941107-1f00-0000-62ba-5eaad4140000 pid=5332 /usr/bin/chmod guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e5941107-1f00-0000-62ba-5eaad4140000 pid=5332 execve guuid=e1749507-1f00-0000-62ba-5eaad5140000 pid=5333 /usr/bin/dash guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=e1749507-1f00-0000-62ba-5eaad5140000 pid=5333 clone guuid=368ec108-1f00-0000-62ba-5eaad7140000 pid=5335 /usr/bin/rm guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=368ec108-1f00-0000-62ba-5eaad7140000 pid=5335 execve guuid=51eb7c09-1f00-0000-62ba-5eaad8140000 pid=5336 /usr/bin/wget net send-data write-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=51eb7c09-1f00-0000-62ba-5eaad8140000 pid=5336 execve guuid=772f3c2a-1f00-0000-62ba-5eaad9140000 pid=5337 /usr/bin/chmod guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=772f3c2a-1f00-0000-62ba-5eaad9140000 pid=5337 execve guuid=2545c02a-1f00-0000-62ba-5eaada140000 pid=5338 /usr/bin/dash guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=2545c02a-1f00-0000-62ba-5eaada140000 pid=5338 clone guuid=6369012c-1f00-0000-62ba-5eaadc140000 pid=5340 /usr/bin/rm delete-file guuid=b40ff261-1e00-0000-62ba-5eaa56140000 pid=5206->guuid=6369012c-1f00-0000-62ba-5eaadc140000 pid=5340 execve 801186e6-5fe8-5959-a7b4-832d8d66e7aa 129.121.114.124:80 guuid=1b204b95-1e00-0000-62ba-5eaac4140000 pid=5316->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 134B guuid=914cb1ae-1e00-0000-62ba-5eaac9140000 pid=5321->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 134B guuid=296606c8-1e00-0000-62ba-5eaace140000 pid=5326->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 133B guuid=809ba6e8-1e00-0000-62ba-5eaad3140000 pid=5331->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 134B guuid=51eb7c09-1f00-0000-62ba-5eaad8140000 pid=5336->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 133B
Threat name:
Document-HTML.Trojan.Bash
Status:
Malicious
First seen:
2026-07-03 02:01:04 UTC
File Type:
Text (Shell)
AV detection:
11 of 23 (47.83%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 770db614b0e7b3cd571f12eb94bc8b06c7c151f37c4ecc41656476bbb4d3084e

(this sample)

  
Delivery method
Distributed via web download

Comments