MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd
SHA3-384 hash: fef9b816babeb3ff6b271616dcf778e6f89ea7196f95c833919bb7b42aae93b95a13372493863c6bbedd56c137dcbc0a
SHA1 hash: 749f58b1b90dbd86f456cd27659dfa03c26a61c4
MD5 hash: 520b74376800f81c5944702058d3d4dc
humanhash: paris-oven-neptune-enemy
File name:o.xml
Download: download sample
Signature Mirai
Create hunting rule
File size:735 bytes
First seen:2025-07-15 09:12:55 UTC
Last seen:2025-07-15 22:07:06 UTC
File type: sh
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+MjRWUbM1UbeBc5ZhG+E6:FH8j/wWi2jz80UY1U6u
TLSH T11601266DA1A8DA5204B5C5CBB6F04506C04180CFA2AF57E9F28E092A6F68C4E345330C
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.26.192.12/bins/morte.x866b89288f82c10313cc04d6801994f61ae0f454a8e49ae902416549475d22563e Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BV.Downloader-BJD.4410.612.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f8caf957-0ec1-4f05-b09c-59213291247f
Behavior Graph:
Download SVG
%3 guuid=87a4a623-1900-0000-dd62-b24882110000 pid=4482 /usr/bin/sudo guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488 /tmp/sample.bin guuid=87a4a623-1900-0000-dd62-b24882110000 pid=4482->guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488 execve guuid=eedbfd25-1900-0000-dd62-b2488a110000 pid=4490 /usr/bin/dash guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=eedbfd25-1900-0000-dd62-b2488a110000 pid=4490 clone guuid=71ca0d26-1900-0000-dd62-b2488b110000 pid=4491 /usr/bin/dash guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=71ca0d26-1900-0000-dd62-b2488b110000 pid=4491 clone guuid=5b742b26-1900-0000-dd62-b2488c110000 pid=4492 /usr/bin/curl net send-data write-file guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=5b742b26-1900-0000-dd62-b2488c110000 pid=4492 execve guuid=768a592c-1900-0000-dd62-b24896110000 pid=4502 /usr/bin/wget net send-data write-file guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=768a592c-1900-0000-dd62-b24896110000 pid=4502 execve guuid=0e406431-1900-0000-dd62-b248ae110000 pid=4526 /usr/bin/chmod guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=0e406431-1900-0000-dd62-b248ae110000 pid=4526 execve guuid=94a89a31-1900-0000-dd62-b248af110000 pid=4527 /home/sandbox/morte.x86 net guuid=cf8aac25-1900-0000-dd62-b24888110000 pid=4488->guuid=94a89a31-1900-0000-dd62-b248af110000 pid=4527 execve 5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 194.26.192.12:80 guuid=5b742b26-1900-0000-dd62-b2488c110000 pid=4492->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 91B guuid=768a592c-1900-0000-dd62-b24896110000 pid=4502->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=94a89a31-1900-0000-dd62-b248af110000 pid=4527->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bc9acc31-1900-0000-dd62-b248b0110000 pid=4528 /home/sandbox/morte.x86 guuid=94a89a31-1900-0000-dd62-b248af110000 pid=4527->guuid=bc9acc31-1900-0000-dd62-b248b0110000 pid=4528 clone guuid=2286d631-1900-0000-dd62-b248b2110000 pid=4530 /home/sandbox/morte.x86 write-config zombie guuid=bc9acc31-1900-0000-dd62-b248b0110000 pid=4528->guuid=2286d631-1900-0000-dd62-b248b2110000 pid=4530 clone guuid=d25d1735-1900-0000-dd62-b248c8110000 pid=4552 /usr/bin/dash guuid=2286d631-1900-0000-dd62-b248b2110000 pid=4530->guuid=d25d1735-1900-0000-dd62-b248c8110000 pid=4552 execve guuid=1a5ff436-1900-0000-dd62-b248d7110000 pid=4567 /home/sandbox/morte.x86 delete-file dns net send-data guuid=2286d631-1900-0000-dd62-b248b2110000 pid=4530->guuid=1a5ff436-1900-0000-dd62-b248d7110000 pid=4567 clone guuid=9ef33c35-1900-0000-dd62-b248cb110000 pid=4555 /usr/bin/cp guuid=d25d1735-1900-0000-dd62-b248c8110000 pid=4552->guuid=9ef33c35-1900-0000-dd62-b248cb110000 pid=4555 execve guuid=1a5ff436-1900-0000-dd62-b248d7110000 pid=4567->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 35B 1bbb4005-5fa7-5147-8924-030d465cc44a vipcncnetwork.com:12121 guuid=1a5ff436-1900-0000-dd62-b248d7110000 pid=4567->1bbb4005-5fa7-5147-8924-030d465cc44a send: 26B
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd/
Verdict:
Malicious
Threat:
Script-JS.Downloader.Heuristic
Link:
https://tip.neiki.dev/file/99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd
Threat name:
Script-JS.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-15 09:15:18 UTC
File Type:
Text
AV detection:
3 of 37 (8.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=thogbn3cftwjzdmrbknlainuaabmzz4akmdgudusgq3spmbc436q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250715-k722nsdm7s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 99dc60b7622cec9c8d910a9ab021b40002cce78053066a0e92343727b022e6fd

(this sample)

Mirai

elf 6b89288f82c10313cc04d6801994f61ae0f454a8e49ae902416549475d22563e

  
URLhaus
https://urlhaus.abuse.ch/url/3583630/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3583633/
  
Dropping
MD5 6d10b99d70485751c4eeed04338d9a0c
  
Dropping
SHA256 6b89288f82c10313cc04d6801994f61ae0f454a8e49ae902416549475d22563e

Comments