MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a
SHA3-384 hash: 1baa0d5eec66921dd1d42e56efa1f9025c9f074532e64d6b7312a7f2c1150fa5d6b01e07b2319c6a10828cd12ae33534
SHA1 hash: da7436e427d7031763cc6cce01db087ab6e8b4e9
MD5 hash: c60c9024519c6abf8c480e958a50ca31
humanhash: arkansas-gee-ohio-july
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'089 bytes
First seen:2025-09-27 02:44:29 UTC
Last seen:2025-09-29 11:25:28 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3H+xxH+paLxH+JNIQQAxH+SvK2HxH+AKAxH+0HxH+MxH+n5xH+XHxH+RcAxH+I:3J3pNICKHxEKOEdn
TLSH T15E1129F80059911A2A186F11B05E85396CF7F7E6653299F1903FE423B5CB1E17B21F36
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget
http://213.209.143.44/UnHAnaAW.i5863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
50
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68d74fe0674d5fd6aa0e2c75/reports/9b9e882a-3253-444d-b653-3f996177f37a/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-27T02:30:00Z UTC
Last seen:
2025-09-27T02:30:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/218eba10-ca1f-4432-abf8-414eecd03bcd
Behavior Graph:
Download SVG
%3 guuid=b1a764ce-1600-0000-5531-b19dfb0c0000 pid=3323 /usr/bin/sudo guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326 /tmp/sample.bin guuid=b1a764ce-1600-0000-5531-b19dfb0c0000 pid=3323->guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326 execve guuid=e0571cd1-1600-0000-5531-b19d000d0000 pid=3328 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=e0571cd1-1600-0000-5531-b19d000d0000 pid=3328 execve guuid=f73363d9-1600-0000-5531-b19d150d0000 pid=3349 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=f73363d9-1600-0000-5531-b19d150d0000 pid=3349 execve guuid=1773a7d9-1600-0000-5531-b19d170d0000 pid=3351 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=1773a7d9-1600-0000-5531-b19d170d0000 pid=3351 clone guuid=4d2db3d9-1600-0000-5531-b19d180d0000 pid=3352 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=4d2db3d9-1600-0000-5531-b19d180d0000 pid=3352 execve guuid=53a57fe0-1600-0000-5531-b19d280d0000 pid=3368 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=53a57fe0-1600-0000-5531-b19d280d0000 pid=3368 execve guuid=41b5cee0-1600-0000-5531-b19d2a0d0000 pid=3370 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=41b5cee0-1600-0000-5531-b19d2a0d0000 pid=3370 clone guuid=623edbe0-1600-0000-5531-b19d2b0d0000 pid=3371 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=623edbe0-1600-0000-5531-b19d2b0d0000 pid=3371 execve guuid=ba7f86e6-1600-0000-5531-b19d390d0000 pid=3385 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=ba7f86e6-1600-0000-5531-b19d390d0000 pid=3385 execve guuid=8627e5e6-1600-0000-5531-b19d3a0d0000 pid=3386 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=8627e5e6-1600-0000-5531-b19d3a0d0000 pid=3386 clone guuid=9dc9f2e6-1600-0000-5531-b19d3b0d0000 pid=3387 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=9dc9f2e6-1600-0000-5531-b19d3b0d0000 pid=3387 execve guuid=042846ed-1600-0000-5531-b19d490d0000 pid=3401 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=042846ed-1600-0000-5531-b19d490d0000 pid=3401 execve guuid=8e0baeed-1600-0000-5531-b19d4b0d0000 pid=3403 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=8e0baeed-1600-0000-5531-b19d4b0d0000 pid=3403 clone guuid=af0fbfed-1600-0000-5531-b19d4c0d0000 pid=3404 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=af0fbfed-1600-0000-5531-b19d4c0d0000 pid=3404 execve guuid=7f10f9f5-1600-0000-5531-b19d670d0000 pid=3431 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=7f10f9f5-1600-0000-5531-b19d670d0000 pid=3431 execve guuid=b66941f6-1600-0000-5531-b19d690d0000 pid=3433 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=b66941f6-1600-0000-5531-b19d690d0000 pid=3433 clone guuid=57574ff6-1600-0000-5531-b19d6a0d0000 pid=3434 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=57574ff6-1600-0000-5531-b19d6a0d0000 pid=3434 execve guuid=6e004e00-1700-0000-5531-b19d830d0000 pid=3459 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=6e004e00-1700-0000-5531-b19d830d0000 pid=3459 execve guuid=3a2cea00-1700-0000-5531-b19d860d0000 pid=3462 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=3a2cea00-1700-0000-5531-b19d860d0000 pid=3462 clone guuid=83130601-1700-0000-5531-b19d870d0000 pid=3463 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=83130601-1700-0000-5531-b19d870d0000 pid=3463 execve guuid=97c2e507-1700-0000-5531-b19d980d0000 pid=3480 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=97c2e507-1700-0000-5531-b19d980d0000 pid=3480 execve guuid=d24e6308-1700-0000-5531-b19d9a0d0000 pid=3482 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=d24e6308-1700-0000-5531-b19d9a0d0000 pid=3482 clone guuid=936fac08-1700-0000-5531-b19d9c0d0000 pid=3484 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=936fac08-1700-0000-5531-b19d9c0d0000 pid=3484 execve guuid=2aee750f-1700-0000-5531-b19dac0d0000 pid=3500 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=2aee750f-1700-0000-5531-b19dac0d0000 pid=3500 execve guuid=abd1c70f-1700-0000-5531-b19dad0d0000 pid=3501 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=abd1c70f-1700-0000-5531-b19dad0d0000 pid=3501 clone guuid=3ae8da0f-1700-0000-5531-b19dae0d0000 pid=3502 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=3ae8da0f-1700-0000-5531-b19dae0d0000 pid=3502 execve guuid=872c911a-1700-0000-5531-b19dbe0d0000 pid=3518 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=872c911a-1700-0000-5531-b19dbe0d0000 pid=3518 execve guuid=8929cb1a-1700-0000-5531-b19dc00d0000 pid=3520 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=8929cb1a-1700-0000-5531-b19dc00d0000 pid=3520 clone guuid=446bd51a-1700-0000-5531-b19dc10d0000 pid=3521 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=446bd51a-1700-0000-5531-b19dc10d0000 pid=3521 execve guuid=386bb524-1700-0000-5531-b19dd80d0000 pid=3544 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=386bb524-1700-0000-5531-b19dd80d0000 pid=3544 execve guuid=ee9d1a25-1700-0000-5531-b19dd90d0000 pid=3545 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=ee9d1a25-1700-0000-5531-b19dd90d0000 pid=3545 clone guuid=fd0c2b25-1700-0000-5531-b19dda0d0000 pid=3546 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=fd0c2b25-1700-0000-5531-b19dda0d0000 pid=3546 execve guuid=40e0362b-1700-0000-5531-b19dec0d0000 pid=3564 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=40e0362b-1700-0000-5531-b19dec0d0000 pid=3564 execve guuid=64297c2b-1700-0000-5531-b19dee0d0000 pid=3566 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=64297c2b-1700-0000-5531-b19dee0d0000 pid=3566 clone guuid=17a1882b-1700-0000-5531-b19def0d0000 pid=3567 /usr/bin/curl net send-data guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=17a1882b-1700-0000-5531-b19def0d0000 pid=3567 execve guuid=8becf632-1700-0000-5531-b19dff0d0000 pid=3583 /usr/bin/chmod guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=8becf632-1700-0000-5531-b19dff0d0000 pid=3583 execve guuid=0d6b6833-1700-0000-5531-b19d010e0000 pid=3585 /usr/bin/dash guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=0d6b6833-1700-0000-5531-b19d010e0000 pid=3585 clone guuid=d14c8133-1700-0000-5531-b19d020e0000 pid=3586 /usr/bin/rm delete-file guuid=7e1cd0d0-1600-0000-5531-b19dfe0c0000 pid=3326->guuid=d14c8133-1700-0000-5531-b19d020e0000 pid=3586 execve 9a5bfd7d-6ca1-5e69-b1de-790583636c52 213.209.143.44:80 guuid=e0571cd1-1600-0000-5531-b19d000d0000 pid=3328->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=4d2db3d9-1600-0000-5531-b19d180d0000 pid=3352->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B guuid=623edbe0-1600-0000-5531-b19d2b0d0000 pid=3371->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B guuid=9dc9f2e6-1600-0000-5531-b19d3b0d0000 pid=3387->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B guuid=af0fbfed-1600-0000-5531-b19d4c0d0000 pid=3404->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=57574ff6-1600-0000-5531-b19d6a0d0000 pid=3434->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=83130601-1700-0000-5531-b19d870d0000 pid=3463->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B guuid=936fac08-1700-0000-5531-b19d9c0d0000 pid=3484->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B guuid=3ae8da0f-1700-0000-5531-b19dae0d0000 pid=3502->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=446bd51a-1700-0000-5531-b19dc10d0000 pid=3521->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=fd0c2b25-1700-0000-5531-b19dda0d0000 pid=3546->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 93B guuid=17a1882b-1700-0000-5531-b19def0d0000 pid=3567->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 91B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-27 02:45:24 UTC
File Type:
Text
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6tqbryzomhhvkgt4rddek3w4tprbuj6hktrgdbx7as4rs2mqjfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250927-c832csak4x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 77a700c719730e7aa8d3e446322b76e4df10d13e3aa7130c37f825c8cb4c824a

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3532736/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments