MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fb12cadd426f5a3559ef0bd846559c539fea7e7fa4b79424214247e51fa65a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 9fb12cadd426f5a3559ef0bd846559c539fea7e7fa4b79424214247e51fa65a2
SHA3-384 hash: 0180f58cd7eed5c948ca8be0ab87d7f17324573920466c6a056ae063780e23435fc8b2aa254ef242fdfcba42c2fae91c
SHA1 hash: 1852cafec7f1ea6df95b2362bf2fd2718d079857
MD5 hash: a6c39dbf9e99d90f758fc41ef381f8e1
humanhash: asparagus-xray-august-hydrogen
File name:1.sh
Download: download sample
Signature Mirai
File size:6'389 bytes
First seen:2025-09-15 15:04:03 UTC
Last seen:2025-09-16 13:50:21 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 192:6V3mBH6OBq2jp83dOC12i0k7s4AgnAMNPOZvNPOZvoofIkXNwDpSGpiekUr8orx8:6V3mBH6OBq2jp83dOC12i0k7s4AgnAMN
TLSH T1BED146F2B4C6527CDE9FCC3AA1512ABD1086B98B5A4B4D6447EE34667C8AFCC1C409C3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mipsn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arcn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsln/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.armn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7n/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppcn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spcn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68kn/an/aelf ua-wget
http://103.77.241.144/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4n/an/aelf ua-wget

Intelligence


File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-15T12:08:00Z UTC
Last seen:
2025-09-15T12:08:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Status:
terminated
Behavior Graph:
%3 guuid=94adec0d-1700-0000-30ef-ac57c20d0000 pid=3522 /usr/bin/sudo guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523 /tmp/sample.bin guuid=94adec0d-1700-0000-30ef-ac57c20d0000 pid=3522->guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523 execve guuid=ad006e11-1700-0000-30ef-ac57c40d0000 pid=3524 /usr/bin/cp guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=ad006e11-1700-0000-30ef-ac57c40d0000 pid=3524 execve guuid=6ba15317-1700-0000-30ef-ac57d20d0000 pid=3538 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=6ba15317-1700-0000-30ef-ac57d20d0000 pid=3538 execve guuid=9480e534-1700-0000-30ef-ac57100e0000 pid=3600 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=9480e534-1700-0000-30ef-ac57100e0000 pid=3600 execve guuid=cc9b1b54-1700-0000-30ef-ac57370e0000 pid=3639 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=cc9b1b54-1700-0000-30ef-ac57370e0000 pid=3639 execve guuid=9a949b54-1700-0000-30ef-ac573a0e0000 pid=3642 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=9a949b54-1700-0000-30ef-ac573a0e0000 pid=3642 clone guuid=1b7fdc54-1700-0000-30ef-ac573b0e0000 pid=3643 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=1b7fdc54-1700-0000-30ef-ac573b0e0000 pid=3643 execve guuid=bd728555-1700-0000-30ef-ac573e0e0000 pid=3646 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=bd728555-1700-0000-30ef-ac573e0e0000 pid=3646 execve guuid=8444d970-1700-0000-30ef-ac57880e0000 pid=3720 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=8444d970-1700-0000-30ef-ac57880e0000 pid=3720 execve guuid=53e1df8f-1700-0000-30ef-ac57db0e0000 pid=3803 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=53e1df8f-1700-0000-30ef-ac57db0e0000 pid=3803 execve guuid=c9846b90-1700-0000-30ef-ac57de0e0000 pid=3806 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=c9846b90-1700-0000-30ef-ac57de0e0000 pid=3806 clone guuid=57dbad90-1700-0000-30ef-ac57e00e0000 pid=3808 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=57dbad90-1700-0000-30ef-ac57e00e0000 pid=3808 execve guuid=4f293f91-1700-0000-30ef-ac57e30e0000 pid=3811 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=4f293f91-1700-0000-30ef-ac57e30e0000 pid=3811 execve guuid=676fa6ac-1700-0000-30ef-ac57260f0000 pid=3878 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=676fa6ac-1700-0000-30ef-ac57260f0000 pid=3878 execve guuid=4a443ecc-1700-0000-30ef-ac576d0f0000 pid=3949 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=4a443ecc-1700-0000-30ef-ac576d0f0000 pid=3949 execve guuid=ee60c8cc-1700-0000-30ef-ac576f0f0000 pid=3951 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=ee60c8cc-1700-0000-30ef-ac576f0f0000 pid=3951 clone guuid=06d20ecd-1700-0000-30ef-ac57700f0000 pid=3952 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=06d20ecd-1700-0000-30ef-ac57700f0000 pid=3952 execve guuid=6690a1cd-1700-0000-30ef-ac57720f0000 pid=3954 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=6690a1cd-1700-0000-30ef-ac57720f0000 pid=3954 execve guuid=ef6850ea-1700-0000-30ef-ac57b10f0000 pid=4017 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=ef6850ea-1700-0000-30ef-ac57b10f0000 pid=4017 execve guuid=3f351c08-1800-0000-30ef-ac57f20f0000 pid=4082 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=3f351c08-1800-0000-30ef-ac57f20f0000 pid=4082 execve guuid=93a2a008-1800-0000-30ef-ac57f50f0000 pid=4085 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=93a2a008-1800-0000-30ef-ac57f50f0000 pid=4085 clone guuid=ca9efa08-1800-0000-30ef-ac57f70f0000 pid=4087 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=ca9efa08-1800-0000-30ef-ac57f70f0000 pid=4087 execve guuid=38a78c09-1800-0000-30ef-ac57f80f0000 pid=4088 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=38a78c09-1800-0000-30ef-ac57f80f0000 pid=4088 execve guuid=59193926-1800-0000-30ef-ac573b100000 pid=4155 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=59193926-1800-0000-30ef-ac573b100000 pid=4155 execve guuid=93a8a543-1800-0000-30ef-ac577a100000 pid=4218 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=93a8a543-1800-0000-30ef-ac577a100000 pid=4218 execve guuid=c0f82444-1800-0000-30ef-ac577c100000 pid=4220 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=c0f82444-1800-0000-30ef-ac577c100000 pid=4220 clone guuid=a2c36044-1800-0000-30ef-ac577d100000 pid=4221 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=a2c36044-1800-0000-30ef-ac577d100000 pid=4221 execve guuid=a6bee844-1800-0000-30ef-ac577f100000 pid=4223 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=a6bee844-1800-0000-30ef-ac577f100000 pid=4223 execve guuid=e4415560-1800-0000-30ef-ac57c9100000 pid=4297 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e4415560-1800-0000-30ef-ac57c9100000 pid=4297 execve guuid=56bf287e-1800-0000-30ef-ac5716110000 pid=4374 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=56bf287e-1800-0000-30ef-ac5716110000 pid=4374 execve guuid=f22d9a7e-1800-0000-30ef-ac5717110000 pid=4375 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=f22d9a7e-1800-0000-30ef-ac5717110000 pid=4375 clone guuid=404bd27e-1800-0000-30ef-ac571b110000 pid=4379 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=404bd27e-1800-0000-30ef-ac571b110000 pid=4379 execve guuid=40ef347f-1800-0000-30ef-ac571c110000 pid=4380 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=40ef347f-1800-0000-30ef-ac571c110000 pid=4380 execve guuid=22a8c99b-1800-0000-30ef-ac5772110000 pid=4466 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=22a8c99b-1800-0000-30ef-ac5772110000 pid=4466 execve guuid=e09fe1b9-1800-0000-30ef-ac57b3110000 pid=4531 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e09fe1b9-1800-0000-30ef-ac57b3110000 pid=4531 execve guuid=e03a5fba-1800-0000-30ef-ac57b5110000 pid=4533 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e03a5fba-1800-0000-30ef-ac57b5110000 pid=4533 clone guuid=1a3ba2ba-1800-0000-30ef-ac57b7110000 pid=4535 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=1a3ba2ba-1800-0000-30ef-ac57b7110000 pid=4535 execve guuid=9cc027bb-1800-0000-30ef-ac57b9110000 pid=4537 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=9cc027bb-1800-0000-30ef-ac57b9110000 pid=4537 execve guuid=fa3467d8-1800-0000-30ef-ac570b120000 pid=4619 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=fa3467d8-1800-0000-30ef-ac570b120000 pid=4619 execve guuid=588321f6-1800-0000-30ef-ac5769120000 pid=4713 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=588321f6-1800-0000-30ef-ac5769120000 pid=4713 execve guuid=169a76f6-1800-0000-30ef-ac576b120000 pid=4715 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=169a76f6-1800-0000-30ef-ac576b120000 pid=4715 clone guuid=30e51bf7-1800-0000-30ef-ac576e120000 pid=4718 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=30e51bf7-1800-0000-30ef-ac576e120000 pid=4718 execve guuid=887464f7-1800-0000-30ef-ac5770120000 pid=4720 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=887464f7-1800-0000-30ef-ac5770120000 pid=4720 execve guuid=86927311-1900-0000-30ef-ac57b2120000 pid=4786 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=86927311-1900-0000-30ef-ac57b2120000 pid=4786 execve guuid=26ec932d-1900-0000-30ef-ac57fd120000 pid=4861 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=26ec932d-1900-0000-30ef-ac57fd120000 pid=4861 execve guuid=a09f192e-1900-0000-30ef-ac5700130000 pid=4864 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=a09f192e-1900-0000-30ef-ac5700130000 pid=4864 clone guuid=80e85a2e-1900-0000-30ef-ac5701130000 pid=4865 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=80e85a2e-1900-0000-30ef-ac5701130000 pid=4865 execve guuid=8effe22e-1900-0000-30ef-ac5704130000 pid=4868 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=8effe22e-1900-0000-30ef-ac5704130000 pid=4868 execve guuid=37821e4a-1900-0000-30ef-ac574e130000 pid=4942 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=37821e4a-1900-0000-30ef-ac574e130000 pid=4942 execve guuid=3cf0ab67-1900-0000-30ef-ac578e130000 pid=5006 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=3cf0ab67-1900-0000-30ef-ac578e130000 pid=5006 execve guuid=0e2b2f68-1900-0000-30ef-ac5790130000 pid=5008 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=0e2b2f68-1900-0000-30ef-ac5790130000 pid=5008 clone guuid=c57d6f68-1900-0000-30ef-ac5791130000 pid=5009 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=c57d6f68-1900-0000-30ef-ac5791130000 pid=5009 execve guuid=2c846f69-1900-0000-30ef-ac5794130000 pid=5012 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=2c846f69-1900-0000-30ef-ac5794130000 pid=5012 execve guuid=6ca8c285-1900-0000-30ef-ac57cc130000 pid=5068 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=6ca8c285-1900-0000-30ef-ac57cc130000 pid=5068 execve guuid=e6a38aa1-1900-0000-30ef-ac570f140000 pid=5135 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e6a38aa1-1900-0000-30ef-ac570f140000 pid=5135 execve guuid=477a1fa2-1900-0000-30ef-ac5713140000 pid=5139 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=477a1fa2-1900-0000-30ef-ac5713140000 pid=5139 clone guuid=e437c1a2-1900-0000-30ef-ac5715140000 pid=5141 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e437c1a2-1900-0000-30ef-ac5715140000 pid=5141 execve guuid=73f41ba3-1900-0000-30ef-ac5717140000 pid=5143 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=73f41ba3-1900-0000-30ef-ac5717140000 pid=5143 execve guuid=74d788bf-1900-0000-30ef-ac5754140000 pid=5204 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=74d788bf-1900-0000-30ef-ac5754140000 pid=5204 execve guuid=a77e1cdd-1900-0000-30ef-ac5797140000 pid=5271 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=a77e1cdd-1900-0000-30ef-ac5797140000 pid=5271 execve guuid=783f5add-1900-0000-30ef-ac5798140000 pid=5272 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=783f5add-1900-0000-30ef-ac5798140000 pid=5272 clone guuid=120796dd-1900-0000-30ef-ac579a140000 pid=5274 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=120796dd-1900-0000-30ef-ac579a140000 pid=5274 execve guuid=fc2c13de-1900-0000-30ef-ac579c140000 pid=5276 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=fc2c13de-1900-0000-30ef-ac579c140000 pid=5276 execve guuid=731a09f8-1900-0000-30ef-ac57a5140000 pid=5285 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=731a09f8-1900-0000-30ef-ac57a5140000 pid=5285 execve guuid=14e00e13-1a00-0000-30ef-ac57a6140000 pid=5286 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=14e00e13-1a00-0000-30ef-ac57a6140000 pid=5286 execve guuid=13846a13-1a00-0000-30ef-ac57a7140000 pid=5287 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=13846a13-1a00-0000-30ef-ac57a7140000 pid=5287 clone guuid=323a9913-1a00-0000-30ef-ac57a8140000 pid=5288 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=323a9913-1a00-0000-30ef-ac57a8140000 pid=5288 execve guuid=498af313-1a00-0000-30ef-ac57a9140000 pid=5289 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=498af313-1a00-0000-30ef-ac57a9140000 pid=5289 execve guuid=ca688031-1a00-0000-30ef-ac57aa140000 pid=5290 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=ca688031-1a00-0000-30ef-ac57aa140000 pid=5290 execve guuid=0a078551-1a00-0000-30ef-ac57ab140000 pid=5291 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=0a078551-1a00-0000-30ef-ac57ab140000 pid=5291 execve guuid=f45f4452-1a00-0000-30ef-ac57ac140000 pid=5292 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=f45f4452-1a00-0000-30ef-ac57ac140000 pid=5292 clone guuid=2d819a52-1a00-0000-30ef-ac57ad140000 pid=5293 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=2d819a52-1a00-0000-30ef-ac57ad140000 pid=5293 execve guuid=6d025253-1a00-0000-30ef-ac57ae140000 pid=5294 /usr/bin/wget net send-data guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=6d025253-1a00-0000-30ef-ac57ae140000 pid=5294 execve guuid=d06f336f-1a00-0000-30ef-ac57af140000 pid=5295 /usr/bin/curl net send-data write-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=d06f336f-1a00-0000-30ef-ac57af140000 pid=5295 execve guuid=3ef75b8d-1a00-0000-30ef-ac57b0140000 pid=5296 /usr/bin/chmod guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=3ef75b8d-1a00-0000-30ef-ac57b0140000 pid=5296 execve guuid=e23a188e-1a00-0000-30ef-ac57b1140000 pid=5297 /usr/bin/bash guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=e23a188e-1a00-0000-30ef-ac57b1140000 pid=5297 clone guuid=a3996c8e-1a00-0000-30ef-ac57b2140000 pid=5298 /usr/bin/rm delete-file guuid=b6296210-1700-0000-30ef-ac57c30d0000 pid=3523->guuid=a3996c8e-1a00-0000-30ef-ac57b2140000 pid=5298 execve 8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 103.77.241.144:80 guuid=6ba15317-1700-0000-30ef-ac57d20d0000 pid=3538->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=9480e534-1700-0000-30ef-ac57100e0000 pid=3600->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B guuid=bd728555-1700-0000-30ef-ac573e0e0000 pid=3646->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=8444d970-1700-0000-30ef-ac57880e0000 pid=3720->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=4f293f91-1700-0000-30ef-ac57e30e0000 pid=3811->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=676fa6ac-1700-0000-30ef-ac57260f0000 pid=3878->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B guuid=6690a1cd-1700-0000-30ef-ac57720f0000 pid=3954->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=ef6850ea-1700-0000-30ef-ac57b10f0000 pid=4017->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=38a78c09-1800-0000-30ef-ac57f80f0000 pid=4088->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=59193926-1800-0000-30ef-ac573b100000 pid=4155->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=a6bee844-1800-0000-30ef-ac577f100000 pid=4223->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 217B guuid=e4415560-1800-0000-30ef-ac57c9100000 pid=4297->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 166B guuid=40ef347f-1800-0000-30ef-ac571c110000 pid=4380->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=22a8c99b-1800-0000-30ef-ac5772110000 pid=4466->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=9cc027bb-1800-0000-30ef-ac57b9110000 pid=4537->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=fa3467d8-1800-0000-30ef-ac570b120000 pid=4619->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B guuid=887464f7-1800-0000-30ef-ac5770120000 pid=4720->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=86927311-1900-0000-30ef-ac57b2120000 pid=4786->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=8effe22e-1900-0000-30ef-ac5704130000 pid=4868->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=37821e4a-1900-0000-30ef-ac574e130000 pid=4942->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=2c846f69-1900-0000-30ef-ac5794130000 pid=5012->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=6ca8c285-1900-0000-30ef-ac57cc130000 pid=5068->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=73f41ba3-1900-0000-30ef-ac5717140000 pid=5143->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=74d788bf-1900-0000-30ef-ac5754140000 pid=5204->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B guuid=fc2c13de-1900-0000-30ef-ac579c140000 pid=5276->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=731a09f8-1900-0000-30ef-ac57a5140000 pid=5285->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B guuid=498af313-1a00-0000-30ef-ac57a9140000 pid=5289->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 215B guuid=ca688031-1a00-0000-30ef-ac57aa140000 pid=5290->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 164B guuid=6d025253-1a00-0000-30ef-ac57ae140000 pid=5294->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 214B guuid=d06f336f-1a00-0000-30ef-ac57af140000 pid=5295->8339bf61-d5d0-5d3e-bdae-2b1ca3dd64d3 send: 163B
Threat name:
Script-Shell.Downloader.Heuristic
Status:
Malicious
First seen:
2025-09-15 15:04:44 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9fb12cadd426f5a3559ef0bd846559c539fea7e7fa4b79424214247e51fa65a2

(this sample)

  
Delivery method
Distributed via web download

Comments