MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828
SHA3-384 hash: bd6d27c6f0995a813f5a63df7c63339ffa6d2a9e417abe56d9adf76e7b2ab7eb6c485adf0cb79419cb3591cc4e28c253
SHA1 hash: 6dc6f12fe975ae9f4c16d28f21f81565c1198609
MD5 hash: 4533fc596d8737fbf806db837c26169d
humanhash: nebraska-echo-black-kitten
File name:tvt.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:609 bytes
First seen:2025-07-03 11:51:01 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:bIbXPD3pIowVPDN+/I/PN7nifFPDC0PDE7YKz2LYKzM2YKztYKz1:0Lp+V5+/I/V7n2vczmzMQzVz1
TLSH T169F0ADBBF028C892A8070D1E31C6C238B4DBC6B40AD7BF48EC8F9925D58C61D7422B5C
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.205.133.58/skid.arm4c72b3a3e372704eb64e1f0e9ebd021902928fa8c6df47e15a347fa682d48916 Miraielf mirai ua-wget
http://154.205.133.58/skid.arm5495ce809e735ffcdf61aee835d0dc9201ef56aa045252cfa3e7029aac8a0b891 Miraielf mirai ua-wget
http://154.205.133.58/skid.arm6n/an/an/a
http://154.205.133.58/skid.arm7cac1f84aafd6f3b5d144e2bdad81f759d12515d73fac77cb8ac09678f2c28f52 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
20
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68666fff900df8e7f8661cfc
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/24f86834-f606-4ced-b6ee-fe764bb649e8
Behavior Graph:
Download SVG
%3 guuid=83aaa64d-1a00-0000-05f4-b5b36f090000 pid=2415 /usr/bin/sudo guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419 /tmp/sample.bin guuid=83aaa64d-1a00-0000-05f4-b5b36f090000 pid=2415->guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419 execve guuid=e4ffa04f-1a00-0000-05f4-b5b374090000 pid=2420 /usr/bin/rm guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=e4ffa04f-1a00-0000-05f4-b5b374090000 pid=2420 execve guuid=fc5bed4f-1a00-0000-05f4-b5b376090000 pid=2422 /usr/bin/wget net send-data write-file guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=fc5bed4f-1a00-0000-05f4-b5b376090000 pid=2422 execve guuid=8d24f552-1a00-0000-05f4-b5b37e090000 pid=2430 /usr/bin/chmod guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=8d24f552-1a00-0000-05f4-b5b37e090000 pid=2430 execve guuid=70be2e53-1a00-0000-05f4-b5b37f090000 pid=2431 /usr/bin/dash guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=70be2e53-1a00-0000-05f4-b5b37f090000 pid=2431 clone guuid=e663c953-1a00-0000-05f4-b5b381090000 pid=2433 /usr/bin/rm guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=e663c953-1a00-0000-05f4-b5b381090000 pid=2433 execve guuid=a1600154-1a00-0000-05f4-b5b383090000 pid=2435 /usr/bin/wget net send-data write-file guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=a1600154-1a00-0000-05f4-b5b383090000 pid=2435 execve guuid=1bb56758-1a00-0000-05f4-b5b38b090000 pid=2443 /usr/bin/chmod guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=1bb56758-1a00-0000-05f4-b5b38b090000 pid=2443 execve guuid=3a7fc858-1a00-0000-05f4-b5b38d090000 pid=2445 /usr/bin/dash guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=3a7fc858-1a00-0000-05f4-b5b38d090000 pid=2445 clone guuid=64014459-1a00-0000-05f4-b5b390090000 pid=2448 /usr/bin/rm guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=64014459-1a00-0000-05f4-b5b390090000 pid=2448 execve guuid=13578659-1a00-0000-05f4-b5b392090000 pid=2450 /usr/bin/wget net send-data guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=13578659-1a00-0000-05f4-b5b392090000 pid=2450 execve guuid=bf66cd5c-1a00-0000-05f4-b5b39b090000 pid=2459 /usr/bin/chmod guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=bf66cd5c-1a00-0000-05f4-b5b39b090000 pid=2459 execve guuid=0a74175d-1a00-0000-05f4-b5b39c090000 pid=2460 /tmp/qrtrhvcw guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=0a74175d-1a00-0000-05f4-b5b39c090000 pid=2460 execve guuid=ff5e2c5e-1a00-0000-05f4-b5b3a0090000 pid=2464 /usr/bin/rm guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=ff5e2c5e-1a00-0000-05f4-b5b3a0090000 pid=2464 execve guuid=a050785e-1a00-0000-05f4-b5b3a2090000 pid=2466 /usr/bin/wget net send-data write-file guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=a050785e-1a00-0000-05f4-b5b3a2090000 pid=2466 execve guuid=ed554361-1a00-0000-05f4-b5b3aa090000 pid=2474 /usr/bin/chmod guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=ed554361-1a00-0000-05f4-b5b3aa090000 pid=2474 execve guuid=b1a4ad61-1a00-0000-05f4-b5b3ab090000 pid=2475 /usr/bin/dash guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=b1a4ad61-1a00-0000-05f4-b5b3ab090000 pid=2475 clone guuid=60d17b62-1a00-0000-05f4-b5b3ae090000 pid=2478 /usr/bin/mount guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=60d17b62-1a00-0000-05f4-b5b3ae090000 pid=2478 execve guuid=bd26a963-1a00-0000-05f4-b5b3b0090000 pid=2480 /usr/bin/mount guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=bd26a963-1a00-0000-05f4-b5b3b0090000 pid=2480 execve guuid=b8a93c64-1a00-0000-05f4-b5b3b1090000 pid=2481 /usr/bin/mount guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=b8a93c64-1a00-0000-05f4-b5b3b1090000 pid=2481 execve guuid=dbe1b964-1a00-0000-05f4-b5b3b3090000 pid=2483 /usr/bin/mount guuid=b8f0704f-1a00-0000-05f4-b5b373090000 pid=2419->guuid=dbe1b964-1a00-0000-05f4-b5b3b3090000 pid=2483 execve a6b092b1-7e1c-56ee-bf44-eccdde92b493 154.205.133.58:80 guuid=fc5bed4f-1a00-0000-05f4-b5b376090000 pid=2422->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 137B guuid=a1600154-1a00-0000-05f4-b5b383090000 pid=2435->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B guuid=13578659-1a00-0000-05f4-b5b392090000 pid=2450->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B guuid=a050785e-1a00-0000-05f4-b5b3a2090000 pid=2466->a6b092b1-7e1c-56ee-bf44-eccdde92b493 send: 138B
Score:
90%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828/
Verdict:
Malicious
Threat:
downloader.bashdlod/gen2
Link:
https://tip.neiki.dev/file/a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828
Threat name:
Document-HTML.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-07-03 11:37:41 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5vmhrgj2h33f4g4n5ee24jqh3kidnrdpnc62bjg2g3mzr2zjaua._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250703-n1bspaxp16/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads process memory
File and Directory Permissions Modification
Executes dropped EXE
Renames itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh a76ac3c4c9d1f7b2f0dc6f484d71303ed481b6237b45ed0526d1b6ccc7594828

(this sample)

Mirai

elf 2c426c7258e7a7499f88c60b15b8ce60a7edd2877422484a5f81511387de093e

  
URLhaus
https://urlhaus.abuse.ch/url/3574808/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c6b506f095da01f97d0a31d7718b5924
  
Dropping
SHA256 2c426c7258e7a7499f88c60b15b8ce60a7edd2877422484a5f81511387de093e

Comments