MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6
SHA3-384 hash: 39700cde467adee6e5cefd3718ac52c8484c78c82b93f5fc8bc53667fe695f80df3a3cd5216248a2b6537d6fb7612bca
SHA1 hash: c0a72a75943b27f6dcf90a003931eab3ff1d54a1
MD5 hash: a3fc49a1d158ab136a5f1860ea93d8be
humanhash: comet-kentucky-oxygen-oklahoma
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:706 bytes
First seen:2025-06-25 19:10:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3b574eC5tNIl5K5e0LKcC5RDOy559C5r95YSK5JtM5N5r755Djv:3J3bllCDNI7KjKBHzrEF9WVvtMXJ7Xjv
TLSH T13301F8CC646596C3162DDE10F367C66F5401E9C5A2E00E69E1560CF59CDE3202E777E7
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.69.96.221/arma39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139 Miraielf mirai ua-wget
http://103.69.96.221/arm581cec79087ebb457756d9cfb5ffa8a822c6644f0e4aa04006d36bd7d16bae8ee Miraielf mirai ua-wget
http://103.69.96.221/arm62d8e58cb12af842552eb436da561952d27cb1a88681e3b0ceb7b1550c75de064 Miraielf mirai ua-wget
http://103.69.96.221/arm700eabaddd45ec2a5561dceba20946b21a4cb10e83265c18c7c817ea2cfeb3522 Miraielf mirai ua-wget
http://103.69.96.221/m68k804fa47f76786f0859d114609116ea76016af1c31180af810790902f99a4e79f Miraielf mirai ua-wget
http://103.69.96.221/mips856d04f62b520a17ebfb2d178600f7dbed8184cc361043ef2877365d1848b957 Miraielf mirai ua-wget
http://103.69.96.221/mpsl0df808e3fa32fe14334d6057de74b8dcc98a3947e8207d75faa2f7be67b06a0e Miraielf mirai ua-wget
http://103.69.96.221/ppc51f125abc6b45027dd851115caf240cd3bc6ed1a72bcbc66cfd19bdc640b2f89 Miraielf mirai ua-wget
http://103.69.96.221/sh42b69d8c7fd511e88c99ebaa889cf6f7fe4bf00beb8b6106e2b6ea73132128753 Miraielf mirai ua-wget
http://103.69.96.221/spc88c36968a455f9d060c299a047e40b4f8185e2f7808e1eb56e8d55e7c30407c8 Miraielf mirai ua-wget
http://103.69.96.221/x86de0567748097a8ba22759d2876355dfc2a46d4969b00047587a22f2c67ec0065 Miraielf mirai ua-wget
http://103.69.96.221/x86_64872d88be5ab68bd69614c99918a20bc165c3e55b1bbcfd4f75f2cf4bddf1b13c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685c4a6332ed47a3a8d725fblinux22vpnfull_triage
Tags:
mirai agent virus html
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/685c4aefcf2af15711184a55/reports/750a43db-6873-4901-ab8c-d477219d5477/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1db039ba-2af9-40fe-ad2d-2b9ac336ea4f
Behavior Graph:
Download SVG
%3 guuid=49b5b2ab-1700-0000-5897-599292040000 pid=1170 /usr/bin/sudo guuid=a2611eae-1700-0000-5897-599299040000 pid=1177 /tmp/sample.bin guuid=49b5b2ab-1700-0000-5897-599292040000 pid=1170->guuid=a2611eae-1700-0000-5897-599299040000 pid=1177 execve guuid=2bb76cae-1700-0000-5897-59929b040000 pid=1179 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=2bb76cae-1700-0000-5897-59929b040000 pid=1179 execve guuid=eeda9efc-1700-0000-5897-599242050000 pid=1346 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=eeda9efc-1700-0000-5897-599242050000 pid=1346 execve guuid=bc42e8fc-1700-0000-5897-599244050000 pid=1348 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=bc42e8fc-1700-0000-5897-599244050000 pid=1348 clone guuid=e809f8fc-1700-0000-5897-599245050000 pid=1349 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=e809f8fc-1700-0000-5897-599245050000 pid=1349 execve guuid=ea8c3927-1800-0000-5897-5992b3050000 pid=1459 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=ea8c3927-1800-0000-5897-5992b3050000 pid=1459 execve guuid=775d9f27-1800-0000-5897-5992b5050000 pid=1461 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=775d9f27-1800-0000-5897-5992b5050000 pid=1461 clone guuid=d2a3af27-1800-0000-5897-5992b6050000 pid=1462 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=d2a3af27-1800-0000-5897-5992b6050000 pid=1462 execve guuid=e9960c6f-1800-0000-5897-599281060000 pid=1665 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=e9960c6f-1800-0000-5897-599281060000 pid=1665 execve guuid=2bfa656f-1800-0000-5897-599284060000 pid=1668 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=2bfa656f-1800-0000-5897-599284060000 pid=1668 clone guuid=b097756f-1800-0000-5897-599285060000 pid=1669 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=b097756f-1800-0000-5897-599285060000 pid=1669 execve guuid=966c31b5-1800-0000-5897-5992f5060000 pid=1781 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=966c31b5-1800-0000-5897-5992f5060000 pid=1781 execve guuid=fa2aadb5-1800-0000-5897-5992f6060000 pid=1782 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=fa2aadb5-1800-0000-5897-5992f6060000 pid=1782 clone guuid=1955c9b5-1800-0000-5897-5992f7060000 pid=1783 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=1955c9b5-1800-0000-5897-5992f7060000 pid=1783 execve guuid=a9ff49fe-1800-0000-5897-599288070000 pid=1928 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=a9ff49fe-1800-0000-5897-599288070000 pid=1928 execve guuid=98bbb9fe-1800-0000-5897-599289070000 pid=1929 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=98bbb9fe-1800-0000-5897-599289070000 pid=1929 clone guuid=0049cdfe-1800-0000-5897-59928a070000 pid=1930 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=0049cdfe-1800-0000-5897-59928a070000 pid=1930 execve guuid=439cd945-1900-0000-5897-5992fa070000 pid=2042 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=439cd945-1900-0000-5897-5992fa070000 pid=2042 execve guuid=f77f0f46-1900-0000-5897-5992fb070000 pid=2043 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=f77f0f46-1900-0000-5897-5992fb070000 pid=2043 clone guuid=82541446-1900-0000-5897-5992fc070000 pid=2044 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=82541446-1900-0000-5897-5992fc070000 pid=2044 execve guuid=e7600b8c-1900-0000-5897-59929b080000 pid=2203 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=e7600b8c-1900-0000-5897-59929b080000 pid=2203 execve guuid=c3265e8c-1900-0000-5897-59929d080000 pid=2205 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=c3265e8c-1900-0000-5897-59929d080000 pid=2205 clone guuid=398c698c-1900-0000-5897-59929e080000 pid=2206 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=398c698c-1900-0000-5897-59929e080000 pid=2206 execve guuid=98ca13d2-1900-0000-5897-599231090000 pid=2353 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=98ca13d2-1900-0000-5897-599231090000 pid=2353 execve guuid=5abe5fd2-1900-0000-5897-599233090000 pid=2355 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=5abe5fd2-1900-0000-5897-599233090000 pid=2355 clone guuid=e08976d2-1900-0000-5897-599234090000 pid=2356 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=e08976d2-1900-0000-5897-599234090000 pid=2356 execve guuid=64a00e1e-1a00-0000-5897-5992e2090000 pid=2530 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=64a00e1e-1a00-0000-5897-5992e2090000 pid=2530 execve guuid=5d09631e-1a00-0000-5897-5992e3090000 pid=2531 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=5d09631e-1a00-0000-5897-5992e3090000 pid=2531 clone guuid=590f7c1e-1a00-0000-5897-5992e4090000 pid=2532 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=590f7c1e-1a00-0000-5897-5992e4090000 pid=2532 execve guuid=cd5d1565-1a00-0000-5897-5992a00a0000 pid=2720 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=cd5d1565-1a00-0000-5897-5992a00a0000 pid=2720 execve guuid=61674e65-1a00-0000-5897-5992a10a0000 pid=2721 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=61674e65-1a00-0000-5897-5992a10a0000 pid=2721 clone guuid=ab875a65-1a00-0000-5897-5992a30a0000 pid=2723 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=ab875a65-1a00-0000-5897-5992a30a0000 pid=2723 execve guuid=4ee8bb9d-1a00-0000-5897-5992080b0000 pid=2824 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=4ee8bb9d-1a00-0000-5897-5992080b0000 pid=2824 execve guuid=37f3419e-1a00-0000-5897-5992090b0000 pid=2825 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=37f3419e-1a00-0000-5897-5992090b0000 pid=2825 clone guuid=4f305b9e-1a00-0000-5897-59920a0b0000 pid=2826 /usr/bin/curl net send-data guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=4f305b9e-1a00-0000-5897-59920a0b0000 pid=2826 execve guuid=6a3ea8ea-1a00-0000-5897-5992870b0000 pid=2951 /usr/bin/chmod guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=6a3ea8ea-1a00-0000-5897-5992870b0000 pid=2951 execve guuid=5c6c29eb-1a00-0000-5897-5992890b0000 pid=2953 /usr/bin/dash guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=5c6c29eb-1a00-0000-5897-5992890b0000 pid=2953 clone guuid=26ca34eb-1a00-0000-5897-59928a0b0000 pid=2954 /usr/bin/rm delete-file guuid=a2611eae-1700-0000-5897-599299040000 pid=1177->guuid=26ca34eb-1a00-0000-5897-59928a0b0000 pid=2954 execve 0b3ec34b-8d28-57e8-8182-63c0d711508a 103.69.96.221:80 guuid=2bb76cae-1700-0000-5897-59929b040000 pid=1179->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=e809f8fc-1700-0000-5897-599245050000 pid=1349->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=d2a3af27-1800-0000-5897-5992b6050000 pid=1462->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=b097756f-1800-0000-5897-599285060000 pid=1669->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=1955c9b5-1800-0000-5897-5992f7060000 pid=1783->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=0049cdfe-1800-0000-5897-59928a070000 pid=1930->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=82541446-1900-0000-5897-5992fc070000 pid=2044->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 81B guuid=398c698c-1900-0000-5897-59929e080000 pid=2206->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=e08976d2-1900-0000-5897-599234090000 pid=2356->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=590f7c1e-1a00-0000-5897-5992e4090000 pid=2532->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=ab875a65-1a00-0000-5897-5992a30a0000 pid=2723->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 80B guuid=4f305b9e-1a00-0000-5897-59920a0b0000 pid=2826->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-25 18:10:28 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vlbjc3inywj6jlev32fnzwrqfogivlp2lngczqgfpvgqpxjomtda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250625-xymxls11dy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh aac2916d0dc593e4ac95de8adcda302b8c8aadfa5b4c2cc0c57d4d07dd2e64c6

(this sample)

Mirai

elf a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139

  
URLhaus
https://urlhaus.abuse.ch/url/3570123/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5ace74d08c6a4d3f9e1d2d49d27dcbda
  
Dropping
SHA256 a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139
  
URLhaus
https://urlhaus.abuse.ch/url/3568987/
  
URLhaus
https://urlhaus.abuse.ch/url/3570327/
  
URLhaus
https://urlhaus.abuse.ch/url/3570335/

Comments