MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99ec0e5a73529d9bc0ee7c385e46c802a2f94be1dabdc2aa954f2ba8de2b4d58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: 99ec0e5a73529d9bc0ee7c385e46c802a2f94be1dabdc2aa954f2ba8de2b4d58
SHA3-384 hash: 1cb3fdb51c6e2bb54fd9d8022856f5451f677e353b29230a6fe838cbb0dc5369e07bdb6973ada6f8849dea019ae01e33
SHA1 hash: f880cd67abafc6a22a96efeb4b49e38aef2fbb6d
MD5 hash: 363b3d42d09ab34082f195b01c743c84
humanhash: apart-red-zebra-river
File name:massload
Download: download sample
Signature Mirai
File size:3'042 bytes
First seen:2026-07-02 23:02:02 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:rMpzaC56ZLaQRN9ahHJHCzXXaejrNZ3dt2TOti:r8+s6bhdri
TLSH T19951F8AC55611A774112FFB2B4118B2E35BFADC512A36B1C939D36AACC6C804F93C5C6
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence


File Origin
# of uploads :
1
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=91c19144-1900-0000-c26f-93c56f0f0000 pid=3951 /usr/bin/sudo guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958 /tmp/sample.bin guuid=91c19144-1900-0000-c26f-93c56f0f0000 pid=3951->guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958 execve guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326 clone guuid=c5296aa8-1900-0000-c26f-93c5ee100000 pid=4334 /usr/bin/cp write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c5296aa8-1900-0000-c26f-93c5ee100000 pid=4334 execve guuid=958d76ad-1900-0000-c26f-93c500110000 pid=4352 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=958d76ad-1900-0000-c26f-93c500110000 pid=4352 execve guuid=e461adad-1900-0000-c26f-93c504110000 pid=4356 /usr/bin/rm delete-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=e461adad-1900-0000-c26f-93c504110000 pid=4356 execve guuid=7eb7f1ad-1900-0000-c26f-93c506110000 pid=4358 /usr/bin/rm guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=7eb7f1ad-1900-0000-c26f-93c506110000 pid=4358 execve guuid=d58a34ae-1900-0000-c26f-93c509110000 pid=4361 /usr/bin/wget net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=d58a34ae-1900-0000-c26f-93c509110000 pid=4361 execve guuid=3f28e3b4-1900-0000-c26f-93c520110000 pid=4384 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=3f28e3b4-1900-0000-c26f-93c520110000 pid=4384 execve guuid=5b0326b5-1900-0000-c26f-93c521110000 pid=4385 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=5b0326b5-1900-0000-c26f-93c521110000 pid=4385 clone guuid=8582b0b5-1900-0000-c26f-93c525110000 pid=4389 /usr/bin/wget net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=8582b0b5-1900-0000-c26f-93c525110000 pid=4389 execve guuid=c9d2d2ba-1900-0000-c26f-93c53c110000 pid=4412 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c9d2d2ba-1900-0000-c26f-93c53c110000 pid=4412 execve guuid=3e5c1abb-1900-0000-c26f-93c53d110000 pid=4413 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=3e5c1abb-1900-0000-c26f-93c53d110000 pid=4413 clone guuid=9dd753bc-1900-0000-c26f-93c544110000 pid=4420 /usr/bin/wget net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=9dd753bc-1900-0000-c26f-93c544110000 pid=4420 execve guuid=68a47dc1-1900-0000-c26f-93c556110000 pid=4438 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=68a47dc1-1900-0000-c26f-93c556110000 pid=4438 execve guuid=d403d4c1-1900-0000-c26f-93c559110000 pid=4441 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=d403d4c1-1900-0000-c26f-93c559110000 pid=4441 clone guuid=76da70c2-1900-0000-c26f-93c55b110000 pid=4443 /usr/bin/wget net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=76da70c2-1900-0000-c26f-93c55b110000 pid=4443 execve guuid=129948c8-1900-0000-c26f-93c56f110000 pid=4463 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=129948c8-1900-0000-c26f-93c56f110000 pid=4463 execve guuid=0f8a83c8-1900-0000-c26f-93c570110000 pid=4464 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=0f8a83c8-1900-0000-c26f-93c570110000 pid=4464 clone guuid=f63a08c9-1900-0000-c26f-93c574110000 pid=4468 /usr/bin/wget net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=f63a08c9-1900-0000-c26f-93c574110000 pid=4468 execve guuid=69d686cd-1900-0000-c26f-93c583110000 pid=4483 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=69d686cd-1900-0000-c26f-93c583110000 pid=4483 execve guuid=5574c2cd-1900-0000-c26f-93c586110000 pid=4486 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=5574c2cd-1900-0000-c26f-93c586110000 pid=4486 clone guuid=c1e039ce-1900-0000-c26f-93c58b110000 pid=4491 /usr/bin/curl net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c1e039ce-1900-0000-c26f-93c58b110000 pid=4491 execve guuid=ae866bd8-1900-0000-c26f-93c5be110000 pid=4542 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=ae866bd8-1900-0000-c26f-93c5be110000 pid=4542 execve guuid=d56ca8d8-1900-0000-c26f-93c5c0110000 pid=4544 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=d56ca8d8-1900-0000-c26f-93c5c0110000 pid=4544 clone guuid=467c8bd9-1900-0000-c26f-93c5c8110000 pid=4552 /usr/bin/curl net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=467c8bd9-1900-0000-c26f-93c5c8110000 pid=4552 execve guuid=55aa47e1-1900-0000-c26f-93c5e4110000 pid=4580 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=55aa47e1-1900-0000-c26f-93c5e4110000 pid=4580 execve guuid=90647de1-1900-0000-c26f-93c5e6110000 pid=4582 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=90647de1-1900-0000-c26f-93c5e6110000 pid=4582 clone guuid=0d09f7e1-1900-0000-c26f-93c5ea110000 pid=4586 /usr/bin/curl net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=0d09f7e1-1900-0000-c26f-93c5ea110000 pid=4586 execve guuid=a8123deb-1900-0000-c26f-93c5fd110000 pid=4605 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=a8123deb-1900-0000-c26f-93c5fd110000 pid=4605 execve guuid=d0e079eb-1900-0000-c26f-93c5fe110000 pid=4606 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=d0e079eb-1900-0000-c26f-93c5fe110000 pid=4606 clone guuid=9554f7eb-1900-0000-c26f-93c502120000 pid=4610 /usr/bin/curl net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=9554f7eb-1900-0000-c26f-93c502120000 pid=4610 execve guuid=5b6a72f2-1900-0000-c26f-93c51d120000 pid=4637 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=5b6a72f2-1900-0000-c26f-93c51d120000 pid=4637 execve guuid=0109c3f2-1900-0000-c26f-93c51f120000 pid=4639 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=0109c3f2-1900-0000-c26f-93c51f120000 pid=4639 clone guuid=ff664af3-1900-0000-c26f-93c522120000 pid=4642 /usr/bin/curl net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=ff664af3-1900-0000-c26f-93c522120000 pid=4642 execve guuid=c877c3f8-1900-0000-c26f-93c526120000 pid=4646 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c877c3f8-1900-0000-c26f-93c526120000 pid=4646 execve guuid=08a931f9-1900-0000-c26f-93c527120000 pid=4647 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=08a931f9-1900-0000-c26f-93c527120000 pid=4647 clone guuid=3d40e9fa-1900-0000-c26f-93c529120000 pid=4649 /usr/bin/busybox net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=3d40e9fa-1900-0000-c26f-93c529120000 pid=4649 execve guuid=b7949f07-1a00-0000-c26f-93c52a120000 pid=4650 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=b7949f07-1a00-0000-c26f-93c52a120000 pid=4650 execve guuid=89911e08-1a00-0000-c26f-93c52b120000 pid=4651 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=89911e08-1a00-0000-c26f-93c52b120000 pid=4651 clone guuid=7b04a908-1a00-0000-c26f-93c52d120000 pid=4653 /usr/bin/busybox net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=7b04a908-1a00-0000-c26f-93c52d120000 pid=4653 execve guuid=84e88415-1a00-0000-c26f-93c52e120000 pid=4654 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=84e88415-1a00-0000-c26f-93c52e120000 pid=4654 execve guuid=9046f515-1a00-0000-c26f-93c52f120000 pid=4655 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=9046f515-1a00-0000-c26f-93c52f120000 pid=4655 clone guuid=2c46ea16-1a00-0000-c26f-93c531120000 pid=4657 /usr/bin/busybox net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=2c46ea16-1a00-0000-c26f-93c531120000 pid=4657 execve guuid=38d93423-1a00-0000-c26f-93c53e120000 pid=4670 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=38d93423-1a00-0000-c26f-93c53e120000 pid=4670 execve guuid=235f7423-1a00-0000-c26f-93c53f120000 pid=4671 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=235f7423-1a00-0000-c26f-93c53f120000 pid=4671 clone guuid=6587f923-1a00-0000-c26f-93c544120000 pid=4676 /usr/bin/busybox net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=6587f923-1a00-0000-c26f-93c544120000 pid=4676 execve guuid=7479d131-1a00-0000-c26f-93c57d120000 pid=4733 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=7479d131-1a00-0000-c26f-93c57d120000 pid=4733 execve guuid=c2ae2e32-1a00-0000-c26f-93c57f120000 pid=4735 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c2ae2e32-1a00-0000-c26f-93c57f120000 pid=4735 clone guuid=11760333-1a00-0000-c26f-93c581120000 pid=4737 /usr/bin/busybox net send-data write-file guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=11760333-1a00-0000-c26f-93c581120000 pid=4737 execve guuid=0e6fb83e-1a00-0000-c26f-93c59a120000 pid=4762 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=0e6fb83e-1a00-0000-c26f-93c59a120000 pid=4762 execve guuid=f8d2f63e-1a00-0000-c26f-93c59c120000 pid=4764 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=f8d2f63e-1a00-0000-c26f-93c59c120000 pid=4764 clone guuid=03e1803f-1a00-0000-c26f-93c5a0120000 pid=4768 /usr/bin/busybox send-data guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=03e1803f-1a00-0000-c26f-93c5a0120000 pid=4768 execve guuid=a510b242-1d00-0000-c26f-93c59d140000 pid=5277 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=a510b242-1d00-0000-c26f-93c59d140000 pid=5277 execve guuid=fb702943-1d00-0000-c26f-93c59e140000 pid=5278 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=fb702943-1d00-0000-c26f-93c59e140000 pid=5278 clone guuid=3d332744-1d00-0000-c26f-93c5a0140000 pid=5280 /usr/bin/busybox send-data guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=3d332744-1d00-0000-c26f-93c5a0140000 pid=5280 execve guuid=58f9cf47-2000-0000-c26f-93c5a1140000 pid=5281 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=58f9cf47-2000-0000-c26f-93c5a1140000 pid=5281 execve guuid=bef16048-2000-0000-c26f-93c5a2140000 pid=5282 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=bef16048-2000-0000-c26f-93c5a2140000 pid=5282 clone guuid=c0dc7c49-2000-0000-c26f-93c5a4140000 pid=5284 /usr/bin/busybox send-data guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=c0dc7c49-2000-0000-c26f-93c5a4140000 pid=5284 execve guuid=bd2d0f4d-2300-0000-c26f-93c5a5140000 pid=5285 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=bd2d0f4d-2300-0000-c26f-93c5a5140000 pid=5285 execve guuid=10f64e4d-2300-0000-c26f-93c5a6140000 pid=5286 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=10f64e4d-2300-0000-c26f-93c5a6140000 pid=5286 clone guuid=880adf4d-2300-0000-c26f-93c5a8140000 pid=5288 /usr/bin/busybox send-data guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=880adf4d-2300-0000-c26f-93c5a8140000 pid=5288 execve guuid=b6c64b51-2600-0000-c26f-93c5a9140000 pid=5289 /usr/bin/chmod guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=b6c64b51-2600-0000-c26f-93c5a9140000 pid=5289 execve guuid=10cbd651-2600-0000-c26f-93c5aa140000 pid=5290 /usr/bin/dash guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=10cbd651-2600-0000-c26f-93c5aa140000 pid=5290 clone guuid=70910453-2600-0000-c26f-93c5ac140000 pid=5292 /usr/bin/busybox send-data guuid=bba74b46-1900-0000-c26f-93c5760f0000 pid=3958->guuid=70910453-2600-0000-c26f-93c5ac140000 pid=5292 execve guuid=eb8a65a7-1900-0000-c26f-93c5e8100000 pid=4328 /usr/bin/cat guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326->guuid=eb8a65a7-1900-0000-c26f-93c5e8100000 pid=4328 execve guuid=9d9371a7-1900-0000-c26f-93c5e9100000 pid=4329 /usr/bin/grep guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326->guuid=9d9371a7-1900-0000-c26f-93c5e9100000 pid=4329 execve guuid=63c179a7-1900-0000-c26f-93c5ea100000 pid=4330 /usr/bin/grep guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326->guuid=63c179a7-1900-0000-c26f-93c5ea100000 pid=4330 execve guuid=ae8e85a7-1900-0000-c26f-93c5eb100000 pid=4331 /usr/bin/grep guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326->guuid=ae8e85a7-1900-0000-c26f-93c5eb100000 pid=4331 execve guuid=d6418ca7-1900-0000-c26f-93c5ec100000 pid=4332 /usr/bin/cut guuid=136857a7-1900-0000-c26f-93c5e6100000 pid=4326->guuid=d6418ca7-1900-0000-c26f-93c5ec100000 pid=4332 execve bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 217.60.195.160:80 guuid=d58a34ae-1900-0000-c26f-93c509110000 pid=4361->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 141B guuid=8582b0b5-1900-0000-c26f-93c525110000 pid=4389->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 141B guuid=9dd753bc-1900-0000-c26f-93c544110000 pid=4420->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 140B guuid=76da70c2-1900-0000-c26f-93c55b110000 pid=4443->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 141B guuid=f63a08c9-1900-0000-c26f-93c574110000 pid=4468->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 141B guuid=c1e039ce-1900-0000-c26f-93c58b110000 pid=4491->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 90B guuid=467c8bd9-1900-0000-c26f-93c5c8110000 pid=4552->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 90B guuid=0d09f7e1-1900-0000-c26f-93c5ea110000 pid=4586->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 89B guuid=9554f7eb-1900-0000-c26f-93c502120000 pid=4610->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 90B guuid=ff664af3-1900-0000-c26f-93c522120000 pid=4642->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 90B 3ac26282-937a-57ba-86cc-45022200ec76 217.60.195.160:21 guuid=3d40e9fa-1900-0000-c26f-93c529120000 pid=4649->3ac26282-937a-57ba-86cc-45022200ec76 send: 94B 6516c623-38ef-5818-864b-be91f1f6454c 217.60.195.160:40423 guuid=3d40e9fa-1900-0000-c26f-93c529120000 pid=4649->6516c623-38ef-5818-864b-be91f1f6454c con guuid=7b04a908-1a00-0000-c26f-93c52d120000 pid=4653->3ac26282-937a-57ba-86cc-45022200ec76 send: 94B b941d8eb-0b40-506e-bb48-0853acf0c176 217.60.195.160:32821 guuid=7b04a908-1a00-0000-c26f-93c52d120000 pid=4653->b941d8eb-0b40-506e-bb48-0853acf0c176 con guuid=2c46ea16-1a00-0000-c26f-93c531120000 pid=4657->3ac26282-937a-57ba-86cc-45022200ec76 send: 92B e51e6c01-311f-55d1-ade7-7d4471996b52 217.60.195.160:43603 guuid=2c46ea16-1a00-0000-c26f-93c531120000 pid=4657->e51e6c01-311f-55d1-ade7-7d4471996b52 con guuid=6587f923-1a00-0000-c26f-93c544120000 pid=4676->3ac26282-937a-57ba-86cc-45022200ec76 send: 94B f2c24955-ead3-5474-8be8-5168ed9b8814 217.60.195.160:38927 guuid=6587f923-1a00-0000-c26f-93c544120000 pid=4676->f2c24955-ead3-5474-8be8-5168ed9b8814 con guuid=11760333-1a00-0000-c26f-93c581120000 pid=4737->3ac26282-937a-57ba-86cc-45022200ec76 send: 94B 8cf3b784-f0c9-51b2-a243-43f753f90e1a 217.60.195.160:38567 guuid=11760333-1a00-0000-c26f-93c581120000 pid=4737->8cf3b784-f0c9-51b2-a243-43f753f90e1a con 0f16abbe-b4a1-5f88-8d6b-5172f254797c 217.60.195.160:69 guuid=03e1803f-1a00-0000-c26f-93c5a0120000 pid=4768->0f16abbe-b4a1-5f88-8d6b-5172f254797c send: 348B guuid=3d332744-1d00-0000-c26f-93c5a0140000 pid=5280->0f16abbe-b4a1-5f88-8d6b-5172f254797c send: 348B guuid=c0dc7c49-2000-0000-c26f-93c5a4140000 pid=5284->0f16abbe-b4a1-5f88-8d6b-5172f254797c send: 336B guuid=880adf4d-2300-0000-c26f-93c5a8140000 pid=5288->0f16abbe-b4a1-5f88-8d6b-5172f254797c send: 348B guuid=70910453-2600-0000-c26f-93c5ac140000 pid=5292->0f16abbe-b4a1-5f88-8d6b-5172f254797c send: 232B
Threat name:
Linux.Worm.Mirai
Status:
Malicious
First seen:
2026-07-02 23:05:42 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery linux
Behaviour
Reads runtime system information
System Network Configuration Discovery
Reads process memory
Enumerates running processes
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 99ec0e5a73529d9bc0ee7c385e46c802a2f94be1dabdc2aa954f2ba8de2b4d58

(this sample)

  
Delivery method
Distributed via web download

Comments