MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb
SHA3-384 hash: 92a7d63b5234d748da322c11f0e3123b3efe20d985dc5044134b43fc9bdc1dd80944e9cbbb9f1d95c971a2cc1bd09a1e
SHA1 hash: 86b7c066a538423e7a3f3fde53ba4dd48030d7ee
MD5 hash: 6426320821d84fe70207913eb12b0f54
humanhash: september-twenty-sad-aspen
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'344 bytes
First seen:2025-10-23 22:00:54 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:AKHKhKuKJbKzKr9KoFKzKUKtK8fa2JKb3TKNYKFpKX:AQsF6bc091cbum2Jo3T2YWpA
TLSH T15C619EC819764A312C95E56333FD450DF1AA7A9280C2CE46DCCBBEF9940DC48B1D9A73
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://143.20.185.225/uranium/cronn25949142e7edafee813dd0e2864449755128a61bd6bd24ffc56572543d8a50bd MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/dbuss-daemon995c76b3f6e0a66ed57512d58bd7773395f453ca1f63a1a43ecdf78e0816358d Miraielf mirai ua-wget
http://143.20.185.225/uranium/dropear0aacd1804b73222693c6e1a7d4b8725b620b1dd4fad84fba781cf06e95bd7b3b MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/inetddc445c656b85599ba9eaf3bdfeaa730e09dc9fdd0c44f23af2d2b247033ff707f MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/klogg3262522de111f95e5134cddc265f7f818aac4821e91ef1cab2cf38a4d949c8ba MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/lighttpddd92a31a12f0d14ba1e09d4df2905893894322f374d1c94cee1f7cbb68ab9b27c MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/lnitb3e89d6e9a2c758b9d093f8c33556b48b018705d7e7147accf402c71da596722 MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/ntppdc1d815c6d9a30657258977bd223f44d9dabe9660dc6988f4e309ce600ba96cb0 MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/profptd49c5c4e8bc023b35e8147728e3b5bbf4af66400841dc6633254a02421660e384 MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/rpcb1nd13142a0e4bb7643b0385fcd612bcc6ce474b18946407510901d3509d127d3b21 Miraielf mirai ua-wget
http://143.20.185.225/uranium/rpc.statdd1c48a29bbae246fca12effdf64036471d9432f43241fbacaf27a57cdbbcc5ec4 MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/sshdd4e583ee064497cc9a976bda8ec994aaa746929a461dda79383cdd53759b7b6ef MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/systemddb0ca8a9c7e0c529ec01a868b9016ba4be63d497cac75363fe5d997c9328e2ffb MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/telnetddbd3d6c55a0debf0616161b1cb93083f6230d9918e0e70888dd7b07a66e799b5d MiraiDEU elf geofenced mirai ua-wget
http://143.20.185.225/uranium/vstfpd85928c5a227ba0e809cb0ba2e9e069e0d4e62da9e41c3c98c1aafb6800443f0d Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-23T18:27:00Z UTC
Last seen:
2025-10-24T09:17:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c65ee31b-dee3-493c-bfe8-61c1bd9fde13
Behavior Graph:
Download SVG
%3 guuid=50d24daa-1500-0000-a75e-49243a0b0000 pid=2874 /usr/bin/sudo guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879 /tmp/sample.bin guuid=50d24daa-1500-0000-a75e-49243a0b0000 pid=2874->guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879 execve guuid=bc387eac-1500-0000-a75e-4924430b0000 pid=2883 /usr/bin/cp guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=bc387eac-1500-0000-a75e-4924430b0000 pid=2883 execve guuid=9c1f45b0-1500-0000-a75e-49244a0b0000 pid=2890 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=9c1f45b0-1500-0000-a75e-49244a0b0000 pid=2890 execve guuid=ecc94abe-1500-0000-a75e-49245d0b0000 pid=2909 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=ecc94abe-1500-0000-a75e-49245d0b0000 pid=2909 execve guuid=5e1c6bcd-1500-0000-a75e-4924710b0000 pid=2929 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=5e1c6bcd-1500-0000-a75e-4924710b0000 pid=2929 execve guuid=5642d8cd-1500-0000-a75e-4924730b0000 pid=2931 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=5642d8cd-1500-0000-a75e-4924730b0000 pid=2931 clone guuid=8271ccce-1500-0000-a75e-4924760b0000 pid=2934 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=8271ccce-1500-0000-a75e-4924760b0000 pid=2934 execve guuid=4cdd5ecf-1500-0000-a75e-4924770b0000 pid=2935 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=4cdd5ecf-1500-0000-a75e-4924770b0000 pid=2935 execve guuid=f74a03d9-1500-0000-a75e-4924780b0000 pid=2936 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=f74a03d9-1500-0000-a75e-4924780b0000 pid=2936 execve guuid=de6669e4-1500-0000-a75e-4924790b0000 pid=2937 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=de6669e4-1500-0000-a75e-4924790b0000 pid=2937 execve guuid=31cafae4-1500-0000-a75e-49247a0b0000 pid=2938 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=31cafae4-1500-0000-a75e-49247a0b0000 pid=2938 clone guuid=520827e6-1500-0000-a75e-49247c0b0000 pid=2940 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=520827e6-1500-0000-a75e-49247c0b0000 pid=2940 execve guuid=ae0f18e7-1500-0000-a75e-49247d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=ae0f18e7-1500-0000-a75e-49247d0b0000 pid=2941 execve guuid=e53ceef2-1500-0000-a75e-4924870b0000 pid=2951 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=e53ceef2-1500-0000-a75e-4924870b0000 pid=2951 execve guuid=047ec3fd-1500-0000-a75e-49249a0b0000 pid=2970 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=047ec3fd-1500-0000-a75e-49249a0b0000 pid=2970 execve guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971 /dev/shm/dropear net guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971 execve guuid=5426542c-1700-0000-a75e-4924840d0000 pid=3460 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=5426542c-1700-0000-a75e-4924840d0000 pid=3460 execve guuid=7f11af2c-1700-0000-a75e-4924860d0000 pid=3462 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=7f11af2c-1700-0000-a75e-4924860d0000 pid=3462 execve guuid=d39d1137-1700-0000-a75e-4924ac0d0000 pid=3500 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=d39d1137-1700-0000-a75e-4924ac0d0000 pid=3500 execve guuid=e96e1842-1700-0000-a75e-4924c20d0000 pid=3522 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=e96e1842-1700-0000-a75e-4924c20d0000 pid=3522 execve guuid=4f2e6e42-1700-0000-a75e-4924c30d0000 pid=3523 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=4f2e6e42-1700-0000-a75e-4924c30d0000 pid=3523 clone guuid=51a69443-1700-0000-a75e-4924c90d0000 pid=3529 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=51a69443-1700-0000-a75e-4924c90d0000 pid=3529 execve guuid=c16fee43-1700-0000-a75e-4924cb0d0000 pid=3531 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=c16fee43-1700-0000-a75e-4924cb0d0000 pid=3531 execve guuid=f0105a4d-1700-0000-a75e-4924de0d0000 pid=3550 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=f0105a4d-1700-0000-a75e-4924de0d0000 pid=3550 execve guuid=66268058-1700-0000-a75e-4924fc0d0000 pid=3580 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=66268058-1700-0000-a75e-4924fc0d0000 pid=3580 execve guuid=d932de58-1700-0000-a75e-4924fe0d0000 pid=3582 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=d932de58-1700-0000-a75e-4924fe0d0000 pid=3582 clone guuid=d062c159-1700-0000-a75e-4924020e0000 pid=3586 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=d062c159-1700-0000-a75e-4924020e0000 pid=3586 execve guuid=a9a7295a-1700-0000-a75e-4924040e0000 pid=3588 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=a9a7295a-1700-0000-a75e-4924040e0000 pid=3588 execve guuid=9c26d065-1700-0000-a75e-4924190e0000 pid=3609 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=9c26d065-1700-0000-a75e-4924190e0000 pid=3609 execve guuid=e9528f72-1700-0000-a75e-4924330e0000 pid=3635 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=e9528f72-1700-0000-a75e-4924330e0000 pid=3635 execve guuid=976ae572-1700-0000-a75e-4924340e0000 pid=3636 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=976ae572-1700-0000-a75e-4924340e0000 pid=3636 clone guuid=4e2a9a73-1700-0000-a75e-4924390e0000 pid=3641 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=4e2a9a73-1700-0000-a75e-4924390e0000 pid=3641 execve guuid=76f8ff73-1700-0000-a75e-49243a0e0000 pid=3642 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=76f8ff73-1700-0000-a75e-49243a0e0000 pid=3642 execve guuid=86eae57b-1700-0000-a75e-4924560e0000 pid=3670 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=86eae57b-1700-0000-a75e-4924560e0000 pid=3670 execve guuid=1222a984-1700-0000-a75e-49246a0e0000 pid=3690 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=1222a984-1700-0000-a75e-49246a0e0000 pid=3690 execve guuid=94eb0385-1700-0000-a75e-49246e0e0000 pid=3694 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=94eb0385-1700-0000-a75e-49246e0e0000 pid=3694 clone guuid=c88cb185-1700-0000-a75e-4924730e0000 pid=3699 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=c88cb185-1700-0000-a75e-4924730e0000 pid=3699 execve guuid=05220886-1700-0000-a75e-4924750e0000 pid=3701 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=05220886-1700-0000-a75e-4924750e0000 pid=3701 execve guuid=3efe1b8f-1700-0000-a75e-49248b0e0000 pid=3723 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=3efe1b8f-1700-0000-a75e-49248b0e0000 pid=3723 execve guuid=38cd8a9a-1700-0000-a75e-4924b00e0000 pid=3760 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=38cd8a9a-1700-0000-a75e-4924b00e0000 pid=3760 execve guuid=89c6fb9a-1700-0000-a75e-4924b10e0000 pid=3761 /dev/shm/ntppd net guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=89c6fb9a-1700-0000-a75e-4924b10e0000 pid=3761 execve guuid=5f90034f-1800-0000-a75e-492457100000 pid=4183 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=5f90034f-1800-0000-a75e-492457100000 pid=4183 execve guuid=316f874f-1800-0000-a75e-49245a100000 pid=4186 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=316f874f-1800-0000-a75e-49245a100000 pid=4186 execve guuid=ce927f5c-1800-0000-a75e-492471100000 pid=4209 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=ce927f5c-1800-0000-a75e-492471100000 pid=4209 execve guuid=e0fdae67-1800-0000-a75e-49248e100000 pid=4238 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=e0fdae67-1800-0000-a75e-49248e100000 pid=4238 execve guuid=87521a68-1800-0000-a75e-49248f100000 pid=4239 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=87521a68-1800-0000-a75e-49248f100000 pid=4239 clone guuid=01772d69-1800-0000-a75e-492493100000 pid=4243 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=01772d69-1800-0000-a75e-492493100000 pid=4243 execve guuid=46c88869-1800-0000-a75e-492497100000 pid=4247 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=46c88869-1800-0000-a75e-492497100000 pid=4247 execve guuid=5eadb273-1800-0000-a75e-4924b1100000 pid=4273 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=5eadb273-1800-0000-a75e-4924b1100000 pid=4273 execve guuid=efc4db7f-1800-0000-a75e-4924d7100000 pid=4311 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=efc4db7f-1800-0000-a75e-4924d7100000 pid=4311 execve guuid=4c335f80-1800-0000-a75e-4924db100000 pid=4315 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=4c335f80-1800-0000-a75e-4924db100000 pid=4315 clone guuid=db957981-1800-0000-a75e-4924df100000 pid=4319 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=db957981-1800-0000-a75e-4924df100000 pid=4319 execve guuid=c7780182-1800-0000-a75e-4924e1100000 pid=4321 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=c7780182-1800-0000-a75e-4924e1100000 pid=4321 execve guuid=cc8daf8b-1800-0000-a75e-4924fc100000 pid=4348 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=cc8daf8b-1800-0000-a75e-4924fc100000 pid=4348 execve guuid=3f746497-1800-0000-a75e-492424110000 pid=4388 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=3f746497-1800-0000-a75e-492424110000 pid=4388 execve guuid=87ddb297-1800-0000-a75e-492428110000 pid=4392 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=87ddb297-1800-0000-a75e-492428110000 pid=4392 clone guuid=351b4298-1800-0000-a75e-49242d110000 pid=4397 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=351b4298-1800-0000-a75e-49242d110000 pid=4397 execve guuid=8045cd98-1800-0000-a75e-49242f110000 pid=4399 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=8045cd98-1800-0000-a75e-49242f110000 pid=4399 execve guuid=883a4da2-1800-0000-a75e-49244f110000 pid=4431 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=883a4da2-1800-0000-a75e-49244f110000 pid=4431 execve guuid=36f9a6ad-1800-0000-a75e-492476110000 pid=4470 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=36f9a6ad-1800-0000-a75e-492476110000 pid=4470 execve guuid=a95438ae-1800-0000-a75e-492478110000 pid=4472 /dev/shm/sshdd mprotect-exec net guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=a95438ae-1800-0000-a75e-492478110000 pid=4472 execve guuid=3b731926-1900-0000-a75e-492402130000 pid=4866 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=3b731926-1900-0000-a75e-492402130000 pid=4866 execve guuid=b908a926-1900-0000-a75e-492405130000 pid=4869 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=b908a926-1900-0000-a75e-492405130000 pid=4869 execve guuid=3afa9c30-1900-0000-a75e-49241f130000 pid=4895 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=3afa9c30-1900-0000-a75e-49241f130000 pid=4895 execve guuid=cc33e93d-1900-0000-a75e-492447130000 pid=4935 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=cc33e93d-1900-0000-a75e-492447130000 pid=4935 execve guuid=1359713e-1900-0000-a75e-49244a130000 pid=4938 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=1359713e-1900-0000-a75e-49244a130000 pid=4938 clone guuid=467c4e3f-1900-0000-a75e-49244d130000 pid=4941 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=467c4e3f-1900-0000-a75e-49244d130000 pid=4941 execve guuid=0e37d03f-1900-0000-a75e-492450130000 pid=4944 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=0e37d03f-1900-0000-a75e-492450130000 pid=4944 execve guuid=f53d504b-1900-0000-a75e-49246b130000 pid=4971 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=f53d504b-1900-0000-a75e-49246b130000 pid=4971 execve guuid=3f1eee59-1900-0000-a75e-49248b130000 pid=5003 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=3f1eee59-1900-0000-a75e-49248b130000 pid=5003 execve guuid=c0cb745a-1900-0000-a75e-49248e130000 pid=5006 /usr/bin/bash guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=c0cb745a-1900-0000-a75e-49248e130000 pid=5006 clone guuid=176ea95c-1900-0000-a75e-492494130000 pid=5012 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=176ea95c-1900-0000-a75e-492494130000 pid=5012 execve guuid=4f49405d-1900-0000-a75e-492495130000 pid=5013 /usr/bin/wget net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=4f49405d-1900-0000-a75e-492495130000 pid=5013 execve guuid=9bd6b366-1900-0000-a75e-4924a4130000 pid=5028 /usr/bin/curl net send-data write-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=9bd6b366-1900-0000-a75e-4924a4130000 pid=5028 execve guuid=479d1272-1900-0000-a75e-4924c0130000 pid=5056 /usr/bin/chmod guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=479d1272-1900-0000-a75e-4924c0130000 pid=5056 execve guuid=8eab6272-1900-0000-a75e-4924c2130000 pid=5058 /dev/shm/vstfpd net guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=8eab6272-1900-0000-a75e-4924c2130000 pid=5058 execve guuid=787f59ea-1900-0000-a75e-4924b7140000 pid=5303 /usr/bin/rm delete-file guuid=076f21ac-1500-0000-a75e-49243f0b0000 pid=2879->guuid=787f59ea-1900-0000-a75e-4924b7140000 pid=5303 execve d5466fdd-d2e6-50d9-9f3d-61d919bad8ae 143.20.185.225:80 guuid=9c1f45b0-1500-0000-a75e-49244a0b0000 pid=2890->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 142B guuid=ecc94abe-1500-0000-a75e-49245d0b0000 pid=2909->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 91B guuid=4cdd5ecf-1500-0000-a75e-4924770b0000 pid=2935->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 149B guuid=f74a03d9-1500-0000-a75e-4924780b0000 pid=2936->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 98B guuid=ae0f18e7-1500-0000-a75e-49247d0b0000 pid=2941->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 144B guuid=e53ceef2-1500-0000-a75e-4924870b0000 pid=2951->d5466fdd-d2e6-50d9-9f3d-61d919bad8ae send: 93B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1e9cabff-1500-0000-a75e-49249d0b0000 pid=2973 /dev/shm/dropear guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971->guuid=1e9cabff-1500-0000-a75e-49249d0b0000 pid=2973 clone guuid=ce89372c-1700-0000-a75e-4924820d0000 pid=3458 /dev/shm/dropear guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971->guuid=ce89372c-1700-0000-a75e-4924820d0000 pid=3458 clone guuid=9cfc3b2c-1700-0000-a75e-4924830d0000 pid=3459 /dev/shm/dropear net send-data zombie guuid=a2326efe-1500-0000-a75e-49249b0b0000 pid=2971->guuid=9cfc3b2c-1700-0000-a75e-4924830d0000 pid=3459 clone guuid=5e01bdff-1500-0000-a75e-49249e0b0000 pid=2974 /dev/shm/dropear guuid=1e9cabff-1500-0000-a75e-49249d0b0000 pid=2973->guuid=5e01bdff-1500-0000-a75e-49249e0b0000 pid=2974 clone guuid=0b41c5ff-1500-0000-a75e-49249f0b0000 pid=2975 /dev/shm/dropear dns net send-data zombie guuid=1e9cabff-1500-0000-a75e-49249d0b0000 pid=2973->guuid=0b41c5ff-1500-0000-a75e-49249f0b0000 pid=2975 clone guuid=0b41c5ff-1500-0000-a75e-49249f0b0000 pid=2975->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 88B 3fab0f00-3357-525d-a73a-5d87926e5242 ultrauraniummirai.ddns.net:12121 guuid=0b41c5ff-1500-0000-a75e-49249f0b0000 pid=2975->3fab0f00-3357-525d-a73a-5d87926e5242 con guuid=9cfc3b2c-1700-0000-a75e-4924830d0000 pid=3459->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 440B guuid=9cfc3b2c-1700-0000-a75e-4924830d0000 pid=3459->3fab0f00-3357-525d-a73a-5d87926e5242 con 246e595c-878b-55ba-8c4d-e4e9bbd3066b ultrauraniummirai.ddns.net:80 guuid=7f11af2c-1700-0000-a75e-4924860d0000 pid=3462->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 143B guuid=d39d1137-1700-0000-a75e-4924ac0d0000 pid=3500->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 92B guuid=c16fee43-1700-0000-a75e-4924cb0d0000 pid=3531->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 142B guuid=f0105a4d-1700-0000-a75e-4924de0d0000 pid=3550->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 91B guuid=a9a7295a-1700-0000-a75e-4924040e0000 pid=3588->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 146B guuid=9c26d065-1700-0000-a75e-4924190e0000 pid=3609->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 95B guuid=76f8ff73-1700-0000-a75e-49243a0e0000 pid=3642->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 141B guuid=86eae57b-1700-0000-a75e-4924560e0000 pid=3670->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 90B guuid=05220886-1700-0000-a75e-4924750e0000 pid=3701->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 142B guuid=3efe1b8f-1700-0000-a75e-49248b0e0000 pid=3723->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 91B guuid=89c6fb9a-1700-0000-a75e-4924b10e0000 pid=3761->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 20112da4-18db-5ed3-a7fe-3e95e0262224 0.0.0.0:235 guuid=89c6fb9a-1700-0000-a75e-4924b10e0000 pid=3761->20112da4-18db-5ed3-a7fe-3e95e0262224 con guuid=316f874f-1800-0000-a75e-49245a100000 pid=4186->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 144B guuid=ce927f5c-1800-0000-a75e-492471100000 pid=4209->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 93B guuid=46c88869-1800-0000-a75e-492497100000 pid=4247->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 144B guuid=5eadb273-1800-0000-a75e-4924b1100000 pid=4273->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 93B guuid=c7780182-1800-0000-a75e-4924e1100000 pid=4321->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 147B guuid=cc8daf8b-1800-0000-a75e-4924fc100000 pid=4348->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 96B guuid=8045cd98-1800-0000-a75e-49242f110000 pid=4399->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 142B guuid=883a4da2-1800-0000-a75e-49244f110000 pid=4431->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 91B guuid=a95438ae-1800-0000-a75e-492478110000 pid=4472->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a95438ae-1800-0000-a75e-492478110000 pid=4472->20112da4-18db-5ed3-a7fe-3e95e0262224 con guuid=b908a926-1900-0000-a75e-492405130000 pid=4869->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 145B guuid=3afa9c30-1900-0000-a75e-49241f130000 pid=4895->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 94B guuid=0e37d03f-1900-0000-a75e-492450130000 pid=4944->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 145B guuid=f53d504b-1900-0000-a75e-49246b130000 pid=4971->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 94B guuid=4f49405d-1900-0000-a75e-492495130000 pid=5013->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 143B guuid=9bd6b366-1900-0000-a75e-4924a4130000 pid=5028->246e595c-878b-55ba-8c4d-e4e9bbd3066b send: 92B guuid=8eab6272-1900-0000-a75e-4924c2130000 pid=5058->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8eab6272-1900-0000-a75e-4924c2130000 pid=5058->20112da4-18db-5ed3-a7fe-3e95e0262224 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-10-23 22:01:44 UTC
File Type:
Text (Shell)
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbj5hbqmbsm54yroqhzpmb6f5cfvre2hjd4ljplwksqigqnxgdfq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251023-1xj14sbl3y/
Behaviour
Reads runtime system information
Writes file to shm directory
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware Config
C2 Extraction:
ultrauraniummirai.ddns.net
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8053d3860c0c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 8053d3860c0c99de622e81f2f607c5e88b58934748f8b4bd7654a08341b730cb

(this sample)

Mirai

elf c91c9dfebf8e9c7f1733e9c37994efc285a35c29824031298eb43f31e6f84c41

Mirai

elf b3e89d6e9a2c758b9d093f8c33556b48b018705d7e7147accf402c71da596722

  
URLhaus
https://urlhaus.abuse.ch/url/3634099/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3671102/
  
URLhaus
https://urlhaus.abuse.ch/url/3684275/
  
Dropping
MD5 7c3f6e9227edcd23c98d360104e11cda
  
Dropping
SHA256 b3e89d6e9a2c758b9d093f8c33556b48b018705d7e7147accf402c71da596722

Comments