MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642
SHA3-384 hash: d6a7c6072cb1a840a69606ee2f6f05e2caf21fc455aa946d8649effcc177d6bf2b20d92dee06ed3f1b8e3455ee389533
SHA1 hash: 96430b92f58cc5255990997d379eeb6453f5e6bb
MD5 hash: e0f77678dc02f1388ff330d31c1eefab
humanhash: winter-saturn-cup-quiet
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:970 bytes
First seen:2026-06-02 00:41:37 UTC
Last seen:2026-06-02 13:44:34 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3j9SqViWQj95BqQj95NI3PAQj9iIKqlEHQj9zQj9NLqQj908ZQj92DQj9+jdKX:3J3gqSNIpKq8L3PYgloB0m98yHR
TLSH T12111BF8D021293A61D0D8E4CB05AD40DEBE2C1F8F9B4ADD0B0F44734B49B70A7188BB7
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://179.43.182.70/bins/OGz.arm04a56bd7545866b91e635a22a389c2350a2e152a0bca35444cb91726dec15832 Miraiarm elf mirai opendir ua-wget
http://179.43.182.70/bins/OGz.arm5b27165c7accccbf0a3502820e2ede1a5f6839b36ca29da9d15fac01eae592e17 Miraiarm elf mirai opendir ua-wget
http://179.43.182.70/bins/OGz.arm61cfdfdee0d122f6db583f434420d63762c1bb36f278918ee65497fb602f4218b Miraiarm elf mirai opendir ua-wget
http://179.43.182.70/bins/OGz.arm7c4d7f0702d537d9a208bfec3d54da6bd6a0542e3b832a88fac8e35757dfa5cc2 Miraiarm elf mirai opendir ua-wget
http://179.43.182.70/bins/OGz.m68k1e388861ef1dac63701ec57be6452348d76de5fb3bcaa57016f299d8ab0d8809 Miraielf m68k mirai opendir ua-wget
http://179.43.182.70/bins/OGz.mips04b44806cd02e66c06e83d84ac6af5bd7ea20be33473a309438c56b89f9e0cb4 Miraielf mips mirai opendir ua-wget
http://179.43.182.70/bins/OGz.mpsl04787edfd07eb4f2ac2e122863d6d4e11822c8fca81b6106484d9b9101ba7d04 Miraielf mips mirai opendir ua-wget
http://179.43.182.70/bins/OGz.ppc0eb00a329d6a7c36d25f4524d6a985b44fbfb716efdfd922e1767c802ece7ff0 Miraielf mirai opendir PowerPC ua-wget
http://179.43.182.70/bins/OGz.sh4ec72118e58a55c1ebec13caa01dfe41dee17bb337a1f2a93e7cd566a995c590c Miraielf mirai opendir SuperH ua-wget
http://179.43.182.70/bins/OGz.spcc3e56b9094e4e2cfaa1fd3dd624a3f96bceb0d71cc222c81e5246c6d9981b8e5 Miraielf mirai opendir sparc ua-wget
http://179.43.182.70/bins/OGz.x86c7d829b7d16c7e05dd6693f074428680e1f1fd953f72e929a10185bd14af3afe Miraielf mirai opendir ua-wget x86
http://179.43.182.70/bins/OGz.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
57
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a1e26f1099ef368af14917a/reports/aa69d837-ea1a-4614-aa2a-561b844e4061/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-01T22:03:00Z UTC
Last seen:
2026-06-03T04:26:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4ee59732-7210-4f15-b653-ec8934c0337c
Behavior Graph:
Download SVG
%3 guuid=cd205df8-1c00-0000-a2e3-e5001c0b0000 pid=2844 /usr/bin/sudo guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848 /tmp/sample.bin guuid=cd205df8-1c00-0000-a2e3-e5001c0b0000 pid=2844->guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848 execve guuid=0fc430fd-1c00-0000-a2e3-e500220b0000 pid=2850 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=0fc430fd-1c00-0000-a2e3-e500220b0000 pid=2850 execve guuid=d2b6f9db-1d00-0000-a2e3-e500700c0000 pid=3184 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=d2b6f9db-1d00-0000-a2e3-e500700c0000 pid=3184 execve guuid=41b04adc-1d00-0000-a2e3-e500720c0000 pid=3186 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=41b04adc-1d00-0000-a2e3-e500720c0000 pid=3186 clone guuid=4e8456dc-1d00-0000-a2e3-e500730c0000 pid=3187 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=4e8456dc-1d00-0000-a2e3-e500730c0000 pid=3187 execve guuid=0a56a089-1e00-0000-a2e3-e500430d0000 pid=3395 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=0a56a089-1e00-0000-a2e3-e500430d0000 pid=3395 execve guuid=c993f889-1e00-0000-a2e3-e500450d0000 pid=3397 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=c993f889-1e00-0000-a2e3-e500450d0000 pid=3397 clone guuid=776f188a-1e00-0000-a2e3-e500470d0000 pid=3399 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=776f188a-1e00-0000-a2e3-e500470d0000 pid=3399 execve guuid=12ffbf1a-1f00-0000-a2e3-e500770e0000 pid=3703 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=12ffbf1a-1f00-0000-a2e3-e500770e0000 pid=3703 execve guuid=6611681b-1f00-0000-a2e3-e500790e0000 pid=3705 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=6611681b-1f00-0000-a2e3-e500790e0000 pid=3705 clone guuid=df3e751b-1f00-0000-a2e3-e5007a0e0000 pid=3706 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=df3e751b-1f00-0000-a2e3-e5007a0e0000 pid=3706 execve guuid=ddb11ce1-1f00-0000-a2e3-e50081100000 pid=4225 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=ddb11ce1-1f00-0000-a2e3-e50081100000 pid=4225 execve guuid=f26d83e1-1f00-0000-a2e3-e50083100000 pid=4227 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=f26d83e1-1f00-0000-a2e3-e50083100000 pid=4227 clone guuid=78a195e1-1f00-0000-a2e3-e50084100000 pid=4228 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=78a195e1-1f00-0000-a2e3-e50084100000 pid=4228 execve guuid=d56eea90-2000-0000-a2e3-e50079120000 pid=4729 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=d56eea90-2000-0000-a2e3-e50079120000 pid=4729 execve guuid=e5cc3b91-2000-0000-a2e3-e5007a120000 pid=4730 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=e5cc3b91-2000-0000-a2e3-e5007a120000 pid=4730 clone guuid=f30d5291-2000-0000-a2e3-e5007b120000 pid=4731 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=f30d5291-2000-0000-a2e3-e5007b120000 pid=4731 execve guuid=b7729884-2100-0000-a2e3-e50092140000 pid=5266 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=b7729884-2100-0000-a2e3-e50092140000 pid=5266 execve guuid=bb851f85-2100-0000-a2e3-e50093140000 pid=5267 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=bb851f85-2100-0000-a2e3-e50093140000 pid=5267 clone guuid=0e5f3885-2100-0000-a2e3-e50094140000 pid=5268 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=0e5f3885-2100-0000-a2e3-e50094140000 pid=5268 execve guuid=cd5c344d-2200-0000-a2e3-e5009c140000 pid=5276 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=cd5c344d-2200-0000-a2e3-e5009c140000 pid=5276 execve guuid=37eed84d-2200-0000-a2e3-e5009d140000 pid=5277 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=37eed84d-2200-0000-a2e3-e5009d140000 pid=5277 clone guuid=d7e1f14d-2200-0000-a2e3-e5009e140000 pid=5278 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=d7e1f14d-2200-0000-a2e3-e5009e140000 pid=5278 execve guuid=68f59f24-2300-0000-a2e3-e5009f140000 pid=5279 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=68f59f24-2300-0000-a2e3-e5009f140000 pid=5279 execve guuid=ef307c25-2300-0000-a2e3-e500a0140000 pid=5280 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=ef307c25-2300-0000-a2e3-e500a0140000 pid=5280 clone guuid=ed85f125-2300-0000-a2e3-e500a1140000 pid=5281 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=ed85f125-2300-0000-a2e3-e500a1140000 pid=5281 execve guuid=ddf18fc4-2300-0000-a2e3-e500b3140000 pid=5299 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=ddf18fc4-2300-0000-a2e3-e500b3140000 pid=5299 execve guuid=86ccdac4-2300-0000-a2e3-e500b5140000 pid=5301 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=86ccdac4-2300-0000-a2e3-e500b5140000 pid=5301 clone guuid=3011e7c4-2300-0000-a2e3-e500b6140000 pid=5302 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=3011e7c4-2300-0000-a2e3-e500b6140000 pid=5302 execve guuid=0f34ca7c-2400-0000-a2e3-e500c5140000 pid=5317 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=0f34ca7c-2400-0000-a2e3-e500c5140000 pid=5317 execve guuid=31a8197d-2400-0000-a2e3-e500c6140000 pid=5318 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=31a8197d-2400-0000-a2e3-e500c6140000 pid=5318 clone guuid=8ac5287d-2400-0000-a2e3-e500c7140000 pid=5319 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=8ac5287d-2400-0000-a2e3-e500c7140000 pid=5319 execve guuid=c4cdaa19-2500-0000-a2e3-e500c8140000 pid=5320 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=c4cdaa19-2500-0000-a2e3-e500c8140000 pid=5320 execve guuid=1fb1fc19-2500-0000-a2e3-e500c9140000 pid=5321 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=1fb1fc19-2500-0000-a2e3-e500c9140000 pid=5321 clone guuid=8195081a-2500-0000-a2e3-e500ca140000 pid=5322 /usr/bin/curl net send-data guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=8195081a-2500-0000-a2e3-e500ca140000 pid=5322 execve guuid=5eaa04cd-2500-0000-a2e3-e500cb140000 pid=5323 /usr/bin/chmod guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=5eaa04cd-2500-0000-a2e3-e500cb140000 pid=5323 execve guuid=d82b47cd-2500-0000-a2e3-e500cc140000 pid=5324 /usr/bin/dash guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=d82b47cd-2500-0000-a2e3-e500cc140000 pid=5324 clone guuid=dc5958cd-2500-0000-a2e3-e500cd140000 pid=5325 /usr/bin/rm delete-file guuid=5e9d98fc-1c00-0000-a2e3-e500200b0000 pid=2848->guuid=dc5958cd-2500-0000-a2e3-e500cd140000 pid=5325 execve faee40e7-df29-56b3-ad54-ba2fec10aa6c 179.43.182.70:80 guuid=0fc430fd-1c00-0000-a2e3-e500220b0000 pid=2850->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 89B guuid=4e8456dc-1d00-0000-a2e3-e500730c0000 pid=3187->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=776f188a-1e00-0000-a2e3-e500470d0000 pid=3399->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=df3e751b-1f00-0000-a2e3-e5007a0e0000 pid=3706->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=78a195e1-1f00-0000-a2e3-e50084100000 pid=4228->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=f30d5291-2000-0000-a2e3-e5007b120000 pid=4731->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=0e5f3885-2100-0000-a2e3-e50094140000 pid=5268->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 90B guuid=d7e1f14d-2200-0000-a2e3-e5009e140000 pid=5278->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 89B guuid=ed85f125-2300-0000-a2e3-e500a1140000 pid=5281->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 89B guuid=3011e7c4-2300-0000-a2e3-e500b6140000 pid=5302->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 89B guuid=8ac5287d-2400-0000-a2e3-e500c7140000 pid=5319->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 89B guuid=8195081a-2500-0000-a2e3-e500ca140000 pid=5322->faee40e7-df29-56b3-ad54-ba2fec10aa6c send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642
Threat name:
Linux.Trojan.Qwexlafiba
Create hunting rule
Status:
Malicious
First seen:
2026-06-02 00:42:50 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uw3iwwkmg2ypztz5onlv5jdoqigdolnph7zjltzcufuurjluqzba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260602-a2g47shz61/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a5b68b594c36b0fccf3d73575ea46e820c372daf3ff295cf22a16948a5748642

(this sample)

Mirai

elf 04a56bd7545866b91e635a22a389c2350a2e152a0bca35444cb91726dec15832

  
URLhaus
https://urlhaus.abuse.ch/url/3857267/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e6d804219ee1c8e9b7a6473705cf8bf9
  
Dropping
SHA256 04a56bd7545866b91e635a22a389c2350a2e152a0bca35444cb91726dec15832

Comments