MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58
SHA3-384 hash: 6e99b2f04422f7bbe0a1fa416c0585b35a3014aebe8ad6cc458608283945424e2a888656ba70ae16c9f4db2d155c96c2
SHA1 hash: bf80d691e5644725fe56a4f0ea6a083ec9963082
MD5 hash: 92168006c0bbea186d4ddc0abc6da286
humanhash: idaho-connecticut-bacon-louisiana
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'254 bytes
First seen:2025-09-14 12:15:44 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:ix6jx1ZxkXxFZxjNxL1xA/x27xDZLxy/xxBxVVxAvxD4DBgJsxZBk:qyBgJp
TLSH T1146170FA13818637ACE2C9D332AC844462A144AB58EF1FB55FDD38E51E8CEC92C41E51
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://2.57.19.247/00101010101001/morte.x868d8dc3a9caa12496460338afd42866b44f18e22dc156bacee9b7bea49945f43c Miraimirai opendir
http://2.57.19.247/00101010101001/morte.mips9ebe963dfc3902de9b590d6c3f6871d8e76e21a4e7e83a215cc5c34a386d0dbf Miraimirai opendir
http://2.57.19.247/00101010101001/morte.arc5f7fc8f6f5d1acadfd7ead7ef70cca05e9ae407fabd1fd43013a6d12c99de727 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.i468n/an/aelf ua-wget
http://2.57.19.247/00101010101001/morte.i686b9ad3346d22213ee49f7c328189d8def165b89f48cd7669fe5a4bae8b506ebd2 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.x86_645c789b7d0db75ff04f71a3df555fae5a5d7d2c3803b1f391e2e413859b72cc1f Miraimirai opendir
http://2.57.19.247/00101010101001/morte.mpslde3f25965ba41587e3af9b4e52f39cf0f1fde70611ec0f2f18901ea95ff4cba9 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.arm0efe4d46e790b965ab04e6769779ecad67d11e1821692c8baba5cb05ecb06707 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.arm53503f81fa8dde5041f79b293600ef2bedea591769b259647267d7731aef71b74 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.arm64d52151d99231192cb3cbec58df62057a692012cbc32c622f6268892d780ab0a Miraimirai opendir
http://2.57.19.247/00101010101001/morte.arm753d0df61a237dc3a64fec61e6f74abec1052ee8b790ba2a3fe3cd87a9ebefa7d Miraimirai opendir
http://2.57.19.247/00101010101001/morte.ppc282859af6e084a7164f4444e8e14291a059722337f5c7430e96bb7cbf03847ef Miraimirai opendir
http://2.57.19.247/00101010101001/morte.spc13e370ad7dd736419e96e5b8c8ab0321a8f44b0418e63c318257bc492cb9c841 Miraimirai opendir
http://2.57.19.247/00101010101001/morte.m68k30ca894f1ee8d85655cbcc68a6ad93730cda55760fc616b197ef237134a6649e Miraimirai opendir
http://2.57.19.247/00101010101001/morte.sh406d01c29698173e390c98e97a1f59bf8c5b9b67acf501c5097f18330969da016 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-14T09:28:00Z UTC
Last seen:
2025-09-14T09:28:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e9735432-c325-4920-aeb2-519e5ba2351b
Behavior Graph:
Download SVG
%3 guuid=9a3c9689-1a00-0000-749a-0b0d6c0b0000 pid=2924 /usr/bin/sudo guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929 /tmp/sample.bin guuid=9a3c9689-1a00-0000-749a-0b0d6c0b0000 pid=2924->guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929 execve guuid=722ebe8c-1a00-0000-749a-0b0d720b0000 pid=2930 /usr/bin/cp guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=722ebe8c-1a00-0000-749a-0b0d720b0000 pid=2930 execve guuid=fab1b893-1a00-0000-749a-0b0d7d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=fab1b893-1a00-0000-749a-0b0d7d0b0000 pid=2941 execve guuid=52e4119f-1a00-0000-749a-0b0d950b0000 pid=2965 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=52e4119f-1a00-0000-749a-0b0d950b0000 pid=2965 execve guuid=a35638b7-1a00-0000-749a-0b0db80b0000 pid=3000 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=a35638b7-1a00-0000-749a-0b0db80b0000 pid=3000 execve guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001 /tmp/morte.x86 net guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001 execve guuid=e4ca58e5-1b00-0000-749a-0b0da90d0000 pid=3497 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=e4ca58e5-1b00-0000-749a-0b0da90d0000 pid=3497 execve guuid=22e7e5e5-1b00-0000-749a-0b0dad0d0000 pid=3501 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=22e7e5e5-1b00-0000-749a-0b0dad0d0000 pid=3501 execve guuid=0ac5c6f0-1b00-0000-749a-0b0dc10d0000 pid=3521 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=0ac5c6f0-1b00-0000-749a-0b0dc10d0000 pid=3521 execve guuid=b14099fc-1b00-0000-749a-0b0ddb0d0000 pid=3547 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=b14099fc-1b00-0000-749a-0b0ddb0d0000 pid=3547 execve guuid=0e55f0fc-1b00-0000-749a-0b0ddd0d0000 pid=3549 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=0e55f0fc-1b00-0000-749a-0b0ddd0d0000 pid=3549 clone guuid=60fb99fd-1b00-0000-749a-0b0de20d0000 pid=3554 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=60fb99fd-1b00-0000-749a-0b0de20d0000 pid=3554 execve guuid=0b60e7fd-1b00-0000-749a-0b0de40d0000 pid=3556 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=0b60e7fd-1b00-0000-749a-0b0de40d0000 pid=3556 execve guuid=6751bc09-1c00-0000-749a-0b0d060e0000 pid=3590 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=6751bc09-1c00-0000-749a-0b0d060e0000 pid=3590 execve guuid=d6ea9215-1c00-0000-749a-0b0d110e0000 pid=3601 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=d6ea9215-1c00-0000-749a-0b0d110e0000 pid=3601 execve guuid=65cc0516-1c00-0000-749a-0b0d130e0000 pid=3603 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=65cc0516-1c00-0000-749a-0b0d130e0000 pid=3603 clone guuid=a7eca316-1c00-0000-749a-0b0d160e0000 pid=3606 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=a7eca316-1c00-0000-749a-0b0d160e0000 pid=3606 execve guuid=7f4cef16-1c00-0000-749a-0b0d180e0000 pid=3608 /usr/bin/wget net send-data guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=7f4cef16-1c00-0000-749a-0b0d180e0000 pid=3608 execve guuid=9a19111c-1c00-0000-749a-0b0d250e0000 pid=3621 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=9a19111c-1c00-0000-749a-0b0d250e0000 pid=3621 execve guuid=a0377d22-1c00-0000-749a-0b0d380e0000 pid=3640 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=a0377d22-1c00-0000-749a-0b0d380e0000 pid=3640 execve guuid=d458dd22-1c00-0000-749a-0b0d3b0e0000 pid=3643 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=d458dd22-1c00-0000-749a-0b0d3b0e0000 pid=3643 clone guuid=f0b80f23-1c00-0000-749a-0b0d3d0e0000 pid=3645 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=f0b80f23-1c00-0000-749a-0b0d3d0e0000 pid=3645 execve guuid=ab367723-1c00-0000-749a-0b0d3e0e0000 pid=3646 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=ab367723-1c00-0000-749a-0b0d3e0e0000 pid=3646 execve guuid=1565d62c-1c00-0000-749a-0b0d5c0e0000 pid=3676 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=1565d62c-1c00-0000-749a-0b0d5c0e0000 pid=3676 execve guuid=81d5ac37-1c00-0000-749a-0b0d7b0e0000 pid=3707 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=81d5ac37-1c00-0000-749a-0b0d7b0e0000 pid=3707 execve guuid=e9973d38-1c00-0000-749a-0b0d7d0e0000 pid=3709 /tmp/morte.i686 net guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=e9973d38-1c00-0000-749a-0b0d7d0e0000 pid=3709 execve guuid=518c8ab0-1c00-0000-749a-0b0df00f0000 pid=4080 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=518c8ab0-1c00-0000-749a-0b0df00f0000 pid=4080 execve guuid=600924b1-1c00-0000-749a-0b0df30f0000 pid=4083 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=600924b1-1c00-0000-749a-0b0df30f0000 pid=4083 execve guuid=30f491bb-1c00-0000-749a-0b0d0d100000 pid=4109 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=30f491bb-1c00-0000-749a-0b0d0d100000 pid=4109 execve guuid=3dc7f5c7-1c00-0000-749a-0b0d35100000 pid=4149 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=3dc7f5c7-1c00-0000-749a-0b0d35100000 pid=4149 execve guuid=ac2272c8-1c00-0000-749a-0b0d36100000 pid=4150 /tmp/morte.x86_64 mprotect-exec net guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=ac2272c8-1c00-0000-749a-0b0d36100000 pid=4150 execve guuid=44f15640-1d00-0000-749a-0b0d9c110000 pid=4508 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=44f15640-1d00-0000-749a-0b0d9c110000 pid=4508 execve guuid=8bac6e41-1d00-0000-749a-0b0d9d110000 pid=4509 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=8bac6e41-1d00-0000-749a-0b0d9d110000 pid=4509 execve guuid=9a0b204c-1d00-0000-749a-0b0db6110000 pid=4534 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=9a0b204c-1d00-0000-749a-0b0db6110000 pid=4534 execve guuid=e458c657-1d00-0000-749a-0b0dd3110000 pid=4563 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=e458c657-1d00-0000-749a-0b0dd3110000 pid=4563 execve guuid=474f1558-1d00-0000-749a-0b0dd7110000 pid=4567 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=474f1558-1d00-0000-749a-0b0dd7110000 pid=4567 clone guuid=84063359-1d00-0000-749a-0b0ddb110000 pid=4571 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=84063359-1d00-0000-749a-0b0ddb110000 pid=4571 execve guuid=1dced259-1d00-0000-749a-0b0de0110000 pid=4576 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=1dced259-1d00-0000-749a-0b0de0110000 pid=4576 execve guuid=35b26b63-1d00-0000-749a-0b0d10120000 pid=4624 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=35b26b63-1d00-0000-749a-0b0d10120000 pid=4624 execve guuid=f513ac6e-1d00-0000-749a-0b0d33120000 pid=4659 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=f513ac6e-1d00-0000-749a-0b0d33120000 pid=4659 execve guuid=391d066f-1d00-0000-749a-0b0d35120000 pid=4661 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=391d066f-1d00-0000-749a-0b0d35120000 pid=4661 clone guuid=1b38cf6f-1d00-0000-749a-0b0d38120000 pid=4664 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=1b38cf6f-1d00-0000-749a-0b0d38120000 pid=4664 execve guuid=e976a371-1d00-0000-749a-0b0d3d120000 pid=4669 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=e976a371-1d00-0000-749a-0b0d3d120000 pid=4669 execve guuid=17ec9379-1d00-0000-749a-0b0d5c120000 pid=4700 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=17ec9379-1d00-0000-749a-0b0d5c120000 pid=4700 execve guuid=71719583-1d00-0000-749a-0b0d82120000 pid=4738 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=71719583-1d00-0000-749a-0b0d82120000 pid=4738 execve guuid=80d8d483-1d00-0000-749a-0b0d83120000 pid=4739 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=80d8d483-1d00-0000-749a-0b0d83120000 pid=4739 clone guuid=8f96be84-1d00-0000-749a-0b0d88120000 pid=4744 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=8f96be84-1d00-0000-749a-0b0d88120000 pid=4744 execve guuid=68391385-1d00-0000-749a-0b0d8c120000 pid=4748 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=68391385-1d00-0000-749a-0b0d8c120000 pid=4748 execve guuid=a230be8e-1d00-0000-749a-0b0db0120000 pid=4784 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=a230be8e-1d00-0000-749a-0b0db0120000 pid=4784 execve guuid=63dc339a-1d00-0000-749a-0b0dd1120000 pid=4817 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=63dc339a-1d00-0000-749a-0b0dd1120000 pid=4817 execve guuid=494eaa9a-1d00-0000-749a-0b0dd4120000 pid=4820 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=494eaa9a-1d00-0000-749a-0b0dd4120000 pid=4820 clone guuid=d010799b-1d00-0000-749a-0b0dd8120000 pid=4824 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=d010799b-1d00-0000-749a-0b0dd8120000 pid=4824 execve guuid=4990c5aa-1d00-0000-749a-0b0d07130000 pid=4871 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=4990c5aa-1d00-0000-749a-0b0d07130000 pid=4871 execve guuid=6acb45b4-1d00-0000-749a-0b0d27130000 pid=4903 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=6acb45b4-1d00-0000-749a-0b0d27130000 pid=4903 execve guuid=ea6257c1-1d00-0000-749a-0b0d51130000 pid=4945 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=ea6257c1-1d00-0000-749a-0b0d51130000 pid=4945 execve guuid=59becdc1-1d00-0000-749a-0b0d54130000 pid=4948 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=59becdc1-1d00-0000-749a-0b0d54130000 pid=4948 clone guuid=b0b2cac2-1d00-0000-749a-0b0d59130000 pid=4953 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=b0b2cac2-1d00-0000-749a-0b0d59130000 pid=4953 execve guuid=b9fa44c3-1d00-0000-749a-0b0d5c130000 pid=4956 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=b9fa44c3-1d00-0000-749a-0b0d5c130000 pid=4956 execve guuid=1d05c8cc-1d00-0000-749a-0b0d7b130000 pid=4987 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=1d05c8cc-1d00-0000-749a-0b0d7b130000 pid=4987 execve guuid=ffd2ddd7-1d00-0000-749a-0b0da9130000 pid=5033 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=ffd2ddd7-1d00-0000-749a-0b0da9130000 pid=5033 execve guuid=f92537d8-1d00-0000-749a-0b0dac130000 pid=5036 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=f92537d8-1d00-0000-749a-0b0dac130000 pid=5036 clone guuid=5c8d97d9-1d00-0000-749a-0b0db2130000 pid=5042 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=5c8d97d9-1d00-0000-749a-0b0db2130000 pid=5042 execve guuid=15d24bda-1d00-0000-749a-0b0db6130000 pid=5046 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=15d24bda-1d00-0000-749a-0b0db6130000 pid=5046 execve guuid=cf3794e5-1d00-0000-749a-0b0dda130000 pid=5082 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=cf3794e5-1d00-0000-749a-0b0dda130000 pid=5082 execve guuid=03f8abf2-1d00-0000-749a-0b0d0e140000 pid=5134 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=03f8abf2-1d00-0000-749a-0b0d0e140000 pid=5134 execve guuid=617982f3-1d00-0000-749a-0b0d12140000 pid=5138 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=617982f3-1d00-0000-749a-0b0d12140000 pid=5138 clone guuid=3edd29f4-1d00-0000-749a-0b0d15140000 pid=5141 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=3edd29f4-1d00-0000-749a-0b0d15140000 pid=5141 execve guuid=112773f4-1d00-0000-749a-0b0d18140000 pid=5144 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=112773f4-1d00-0000-749a-0b0d18140000 pid=5144 execve guuid=33cdefff-1d00-0000-749a-0b0d3f140000 pid=5183 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=33cdefff-1d00-0000-749a-0b0d3f140000 pid=5183 execve guuid=f7d1fa0c-1e00-0000-749a-0b0d65140000 pid=5221 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=f7d1fa0c-1e00-0000-749a-0b0d65140000 pid=5221 execve guuid=87ad640d-1e00-0000-749a-0b0d68140000 pid=5224 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=87ad640d-1e00-0000-749a-0b0d68140000 pid=5224 clone guuid=c2a1e40f-1e00-0000-749a-0b0d71140000 pid=5233 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=c2a1e40f-1e00-0000-749a-0b0d71140000 pid=5233 execve guuid=18892410-1e00-0000-749a-0b0d73140000 pid=5235 /usr/bin/wget net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=18892410-1e00-0000-749a-0b0d73140000 pid=5235 execve guuid=701cab1a-1e00-0000-749a-0b0da6140000 pid=5286 /usr/bin/curl net send-data write-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=701cab1a-1e00-0000-749a-0b0da6140000 pid=5286 execve guuid=b9152f26-1e00-0000-749a-0b0db4140000 pid=5300 /usr/bin/chmod guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=b9152f26-1e00-0000-749a-0b0db4140000 pid=5300 execve guuid=cb728c26-1e00-0000-749a-0b0db5140000 pid=5301 /usr/bin/bash guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=cb728c26-1e00-0000-749a-0b0db5140000 pid=5301 clone guuid=e890db28-1e00-0000-749a-0b0db7140000 pid=5303 /usr/bin/rm delete-file guuid=61123e8c-1a00-0000-749a-0b0d710b0000 pid=2929->guuid=e890db28-1e00-0000-749a-0b0db7140000 pid=5303 execve e864f552-8cdd-51e5-821e-20027b52108e 2.57.19.247:80 guuid=fab1b893-1a00-0000-749a-0b0d7d0b0000 pid=2941->e864f552-8cdd-51e5-821e-20027b52108e send: 150B guuid=52e4119f-1a00-0000-749a-0b0d950b0000 pid=2965->e864f552-8cdd-51e5-821e-20027b52108e send: 99B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1d1693b8-1a00-0000-749a-0b0dba0b0000 pid=3002 /tmp/morte.x86 guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001->guuid=1d1693b8-1a00-0000-749a-0b0dba0b0000 pid=3002 clone guuid=ff7140e5-1b00-0000-749a-0b0da70d0000 pid=3495 /tmp/morte.x86 guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001->guuid=ff7140e5-1b00-0000-749a-0b0da70d0000 pid=3495 clone guuid=bc9b46e5-1b00-0000-749a-0b0da80d0000 pid=3496 /tmp/morte.x86 net send-data zombie guuid=9ea4d1b7-1a00-0000-749a-0b0db90b0000 pid=3001->guuid=bc9b46e5-1b00-0000-749a-0b0da80d0000 pid=3496 clone guuid=430e9cb8-1a00-0000-749a-0b0dbb0b0000 pid=3003 /tmp/morte.x86 guuid=1d1693b8-1a00-0000-749a-0b0dba0b0000 pid=3002->guuid=430e9cb8-1a00-0000-749a-0b0dbb0b0000 pid=3003 clone guuid=10aca0b8-1a00-0000-749a-0b0dbc0b0000 pid=3004 /tmp/morte.x86 dns net send-data zombie guuid=1d1693b8-1a00-0000-749a-0b0dba0b0000 pid=3002->guuid=10aca0b8-1a00-0000-749a-0b0dbc0b0000 pid=3004 clone guuid=10aca0b8-1a00-0000-749a-0b0dbc0b0000 pid=3004->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 72B afe40ab5-368a-522a-859b-595bcb76d603 xc355.bounceme.net:12121 guuid=10aca0b8-1a00-0000-749a-0b0dbc0b0000 pid=3004->afe40ab5-368a-522a-859b-595bcb76d603 con guuid=bc9b46e5-1b00-0000-749a-0b0da80d0000 pid=3496->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 180B fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c xc355.bounceme.net:80 guuid=bc9b46e5-1b00-0000-749a-0b0da80d0000 pid=3496->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 15B guuid=22e7e5e5-1b00-0000-749a-0b0dad0d0000 pid=3501->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=0ac5c6f0-1b00-0000-749a-0b0dc10d0000 pid=3521->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=0b60e7fd-1b00-0000-749a-0b0de40d0000 pid=3556->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 150B guuid=6751bc09-1c00-0000-749a-0b0d060e0000 pid=3590->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 99B guuid=7f4cef16-1c00-0000-749a-0b0d180e0000 pid=3608->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=9a19111c-1c00-0000-749a-0b0d250e0000 pid=3621->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=ab367723-1c00-0000-749a-0b0d3e0e0000 pid=3646->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=1565d62c-1c00-0000-749a-0b0d5c0e0000 pid=3676->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=e9973d38-1c00-0000-749a-0b0d7d0e0000 pid=3709->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=e9973d38-1c00-0000-749a-0b0d7d0e0000 pid=3709->f77ebf5e-2af7-5b09-86f4-388588a8b445 con guuid=600924b1-1c00-0000-749a-0b0df30f0000 pid=4083->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 153B guuid=30f491bb-1c00-0000-749a-0b0d0d100000 pid=4109->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 102B guuid=ac2272c8-1c00-0000-749a-0b0d36100000 pid=4150->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ac2272c8-1c00-0000-749a-0b0d36100000 pid=4150->f77ebf5e-2af7-5b09-86f4-388588a8b445 con guuid=8bac6e41-1d00-0000-749a-0b0d9d110000 pid=4509->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=9a0b204c-1d00-0000-749a-0b0db6110000 pid=4534->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=1dced259-1d00-0000-749a-0b0de0110000 pid=4576->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 150B guuid=35b26b63-1d00-0000-749a-0b0d10120000 pid=4624->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 99B guuid=e976a371-1d00-0000-749a-0b0d3d120000 pid=4669->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=17ec9379-1d00-0000-749a-0b0d5c120000 pid=4700->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=68391385-1d00-0000-749a-0b0d8c120000 pid=4748->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=a230be8e-1d00-0000-749a-0b0db0120000 pid=4784->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=4990c5aa-1d00-0000-749a-0b0d07130000 pid=4871->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=6acb45b4-1d00-0000-749a-0b0d27130000 pid=4903->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=b9fa44c3-1d00-0000-749a-0b0d5c130000 pid=4956->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 150B guuid=1d05c8cc-1d00-0000-749a-0b0d7b130000 pid=4987->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 99B guuid=15d24bda-1d00-0000-749a-0b0db6130000 pid=5046->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 150B guuid=cf3794e5-1d00-0000-749a-0b0dda130000 pid=5082->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 99B guuid=112773f4-1d00-0000-749a-0b0d18140000 pid=5144->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 151B guuid=33cdefff-1d00-0000-749a-0b0d3f140000 pid=5183->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 100B guuid=18892410-1e00-0000-749a-0b0d73140000 pid=5235->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 150B guuid=701cab1a-1e00-0000-749a-0b0da6140000 pid=5286->fec8fc72-bd6d-5c90-b4ef-df2fcd863b2c send: 99B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-09-14 12:20:48 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pz77xoy2ako2lj7grdhnp3jveqr5a4qqtp64ejnpd466fd6pbjma._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250914-pgyzjssry2/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware Config
C2 Extraction:
xc355.bounceme.net
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7e7ffbbb1a029da5a7e688ced7ed352423d072109bfdc225af1f3de28fcf0a58

(this sample)

Mirai

elf 8d8dc3a9caa12496460338afd42866b44f18e22dc156bacee9b7bea49945f43c

  
URLhaus
https://urlhaus.abuse.ch/url/3623871/
  
Delivery method
Distributed via web download
  
Dropping
MD5 42bddba3e1dfc046d18e8c114dda45e7
  
Dropping
SHA256 8d8dc3a9caa12496460338afd42866b44f18e22dc156bacee9b7bea49945f43c

Comments