MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f
SHA3-384 hash: 894e0fc88bb494f564835a88fb8014221484923dc4f53e771b24373ba396a842dd98c0ba424958fc19a7aaa33f683cc2
SHA1 hash: f163429134c79bc2e2958f39e6daf545b955f5aa
MD5 hash: 48e6a68101bd29fccca08617e21fd78e
humanhash: sink-montana-berlin-jupiter
File name:pen.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'463 bytes
First seen:2025-10-06 08:13:39 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ItVu51shqYksgFBkUEaJ1s0RLnQaL33qkssn03cJpq1qX8ht:iVu5uhqYJgsUEASSEaL3aJw03cJEoMht
TLSH T17E5143CE11915572ACA6DE2EF3FB8944F394908234D27E5894D93FF98C8DD4AB084B43
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.46.152.89/lol/arc.nna376a81308501bd0e0352d64fd25820da2e3198f8418bb110dabc9ea67ba7f34 Miraiarc elf geofenced mirai opendir ua-wget USA
http://176.46.152.89/lol/x86.nn0e1ca78920ba72087eae6b8ab3c3b24c3c97924687e2771df504d4e7172ed90d Miraielf geofenced mirai opendir ua-wget USA x86
http://176.46.152.89/lol/x86_64.nnf8a4f2de2a3b640993e5d0c729313cc61cfffd19f02165fd035676bfee82567f Miraielf geofenced mirai opendir ua-wget USA x86
http://176.46.152.89/lol/i686.nnf5ce49d4baf9dd3b060addacbdd9b36c1aebd1c87a117bb6ac46fba727ba3984 Miraielf geofenced mirai opendir ua-wget USA x86
http://176.46.152.89/lol/mips.nn336ac437257d13357860f3671be111ad3d01c238667cebd51dacc8d52a29659d Miraielf geofenced mips mirai opendir ua-wget USA
http://176.46.152.89/lol/mips64.nnn/an/aelf ua-wget
http://176.46.152.89/lol/mpsl.nne1645210fcd49a5c71aa2f7ad34560959e149294afdb540156b52bb848031e30 Miraielf geofenced mips mirai opendir ua-wget USA
http://176.46.152.89/lol/arm.nn87f89c02ddf707aabaaf87dc4c09ca79cbba7317432165b38b0da3b98d056d40 Miraiarm elf geofenced mirai opendir ua-wget USA
http://176.46.152.89/lol/arm5.nnn/an/aelf ua-wget
http://176.46.152.89/lol/arm6.nnb84931f7538bdd405996a4ed756b71d5f596990d45070c5321639cf9a8934e96 Miraiarm elf geofenced mirai opendir ua-wget USA
http://176.46.152.89/lol/arm7.nn7d7479eef3320f3454b618fcdbfca5604f3dae37653358fda459dc01486b4546 Miraiarm elf geofenced mirai opendir ua-wget USA
http://176.46.152.89/lol/ppc.nnfe6a20bfcbd86f7a2e6f1af9844da36b9fef0a2ca052b1bcb8a592b248452ec3 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://176.46.152.89/lol/sparc.nnn/an/aelf ua-wget
http://176.46.152.89/lol/m68k.nn701a66df40cce9ab910dbecf72f0bf689538971703cc51ac09708c1cd7f51a94 Miraielf geofenced m68k mirai opendir ua-wget USA
http://176.46.152.89/lol/sh4.nnc9e4c022c8abcf8285da22c6544972f867d94d5655bc1dbabc338d9f6e7f8bb5 Miraielf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-02T08:49:00Z UTC
Last seen:
2025-10-06T10:22:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b4dae4b8-d761-4281-8db9-706fe5d062d6
Behavior Graph:
Download SVG
%3 guuid=a5334367-1900-0000-0094-fd9a64140000 pid=5220 /usr/bin/sudo guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221 /tmp/sample.bin guuid=a5334367-1900-0000-0094-fd9a64140000 pid=5220->guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221 execve guuid=5f7cde6b-1900-0000-0094-fd9a66140000 pid=5222 /usr/bin/cp guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=5f7cde6b-1900-0000-0094-fd9a66140000 pid=5222 execve guuid=dd907a6f-1900-0000-0094-fd9a67140000 pid=5223 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=dd907a6f-1900-0000-0094-fd9a67140000 pid=5223 execve guuid=2c36f579-1900-0000-0094-fd9a68140000 pid=5224 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=2c36f579-1900-0000-0094-fd9a68140000 pid=5224 execve guuid=cb59df90-1900-0000-0094-fd9a69140000 pid=5225 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=cb59df90-1900-0000-0094-fd9a69140000 pid=5225 execve guuid=d6413d91-1900-0000-0094-fd9a6a140000 pid=5226 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=d6413d91-1900-0000-0094-fd9a6a140000 pid=5226 clone guuid=7ec0fc91-1900-0000-0094-fd9a6c140000 pid=5228 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=7ec0fc91-1900-0000-0094-fd9a6c140000 pid=5228 execve guuid=f93f1697-1900-0000-0094-fd9a6d140000 pid=5229 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=f93f1697-1900-0000-0094-fd9a6d140000 pid=5229 execve guuid=c98c089d-1900-0000-0094-fd9a6e140000 pid=5230 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=c98c089d-1900-0000-0094-fd9a6e140000 pid=5230 execve guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231 /tmp/x86.nn net guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231 execve guuid=97e02fca-1a00-0000-0094-fd9a7c140000 pid=5244 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=97e02fca-1a00-0000-0094-fd9a7c140000 pid=5244 execve guuid=fb8831cf-1a00-0000-0094-fd9a7d140000 pid=5245 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=fb8831cf-1a00-0000-0094-fd9a7d140000 pid=5245 execve guuid=d52050dc-1a00-0000-0094-fd9a7e140000 pid=5246 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=d52050dc-1a00-0000-0094-fd9a7e140000 pid=5246 execve guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247 /tmp/x86_64.nn mprotect-exec net guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247 execve guuid=99aaac07-1c00-0000-0094-fd9a04150000 pid=5380 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=99aaac07-1c00-0000-0094-fd9a04150000 pid=5380 execve guuid=5b0d6d0d-1c00-0000-0094-fd9a15150000 pid=5397 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=5b0d6d0d-1c00-0000-0094-fd9a15150000 pid=5397 execve guuid=b4ddf616-1c00-0000-0094-fd9a2e150000 pid=5422 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=b4ddf616-1c00-0000-0094-fd9a2e150000 pid=5422 execve guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423 /tmp/i686.nn net guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423 execve guuid=914cbf43-1d00-0000-0094-fd9a4f150000 pid=5455 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=914cbf43-1d00-0000-0094-fd9a4f150000 pid=5455 execve guuid=6f5d2c48-1d00-0000-0094-fd9a50150000 pid=5456 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=6f5d2c48-1d00-0000-0094-fd9a50150000 pid=5456 execve guuid=af7c624f-1d00-0000-0094-fd9a51150000 pid=5457 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=af7c624f-1d00-0000-0094-fd9a51150000 pid=5457 execve guuid=5a7df24f-1d00-0000-0094-fd9a52150000 pid=5458 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=5a7df24f-1d00-0000-0094-fd9a52150000 pid=5458 clone guuid=9b73ab50-1d00-0000-0094-fd9a54150000 pid=5460 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=9b73ab50-1d00-0000-0094-fd9a54150000 pid=5460 execve guuid=ac2a1e57-1d00-0000-0094-fd9a55150000 pid=5461 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=ac2a1e57-1d00-0000-0094-fd9a55150000 pid=5461 execve guuid=97e3d25e-1d00-0000-0094-fd9a56150000 pid=5462 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=97e3d25e-1d00-0000-0094-fd9a56150000 pid=5462 execve guuid=77ff3b5f-1d00-0000-0094-fd9a57150000 pid=5463 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=77ff3b5f-1d00-0000-0094-fd9a57150000 pid=5463 clone guuid=9f48715f-1d00-0000-0094-fd9a58150000 pid=5464 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=9f48715f-1d00-0000-0094-fd9a58150000 pid=5464 execve guuid=15233764-1d00-0000-0094-fd9a59150000 pid=5465 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=15233764-1d00-0000-0094-fd9a59150000 pid=5465 execve guuid=1415786a-1d00-0000-0094-fd9a5a150000 pid=5466 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=1415786a-1d00-0000-0094-fd9a5a150000 pid=5466 execve guuid=b70cb76a-1d00-0000-0094-fd9a5b150000 pid=5467 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=b70cb76a-1d00-0000-0094-fd9a5b150000 pid=5467 clone guuid=18e9316b-1d00-0000-0094-fd9a5d150000 pid=5469 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=18e9316b-1d00-0000-0094-fd9a5d150000 pid=5469 execve guuid=34025c6f-1d00-0000-0094-fd9a5e150000 pid=5470 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=34025c6f-1d00-0000-0094-fd9a5e150000 pid=5470 execve guuid=3f756378-1d00-0000-0094-fd9a5f150000 pid=5471 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=3f756378-1d00-0000-0094-fd9a5f150000 pid=5471 execve guuid=70f0ef78-1d00-0000-0094-fd9a60150000 pid=5472 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=70f0ef78-1d00-0000-0094-fd9a60150000 pid=5472 clone guuid=5a58167a-1d00-0000-0094-fd9a62150000 pid=5474 /usr/bin/wget net send-data guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=5a58167a-1d00-0000-0094-fd9a62150000 pid=5474 execve guuid=66311d7e-1d00-0000-0094-fd9a63150000 pid=5475 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=66311d7e-1d00-0000-0094-fd9a63150000 pid=5475 execve guuid=e033b785-1d00-0000-0094-fd9a64150000 pid=5476 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=e033b785-1d00-0000-0094-fd9a64150000 pid=5476 execve guuid=50c35886-1d00-0000-0094-fd9a65150000 pid=5477 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=50c35886-1d00-0000-0094-fd9a65150000 pid=5477 clone guuid=80c2aa86-1d00-0000-0094-fd9a66150000 pid=5478 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=80c2aa86-1d00-0000-0094-fd9a66150000 pid=5478 execve guuid=dcca958f-1d00-0000-0094-fd9a67150000 pid=5479 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=dcca958f-1d00-0000-0094-fd9a67150000 pid=5479 execve guuid=81ce4196-1d00-0000-0094-fd9a68150000 pid=5480 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=81ce4196-1d00-0000-0094-fd9a68150000 pid=5480 execve guuid=f0effe96-1d00-0000-0094-fd9a69150000 pid=5481 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=f0effe96-1d00-0000-0094-fd9a69150000 pid=5481 clone guuid=709d2798-1d00-0000-0094-fd9a6b150000 pid=5483 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=709d2798-1d00-0000-0094-fd9a6b150000 pid=5483 execve guuid=052d9a9f-1d00-0000-0094-fd9a6c150000 pid=5484 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=052d9a9f-1d00-0000-0094-fd9a6c150000 pid=5484 execve guuid=962ebea6-1d00-0000-0094-fd9a6d150000 pid=5485 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=962ebea6-1d00-0000-0094-fd9a6d150000 pid=5485 execve guuid=02034aa7-1d00-0000-0094-fd9a6e150000 pid=5486 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=02034aa7-1d00-0000-0094-fd9a6e150000 pid=5486 clone guuid=708dffa7-1d00-0000-0094-fd9a70150000 pid=5488 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=708dffa7-1d00-0000-0094-fd9a70150000 pid=5488 execve guuid=1a274fb0-1d00-0000-0094-fd9a71150000 pid=5489 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=1a274fb0-1d00-0000-0094-fd9a71150000 pid=5489 execve guuid=2c818bb5-1d00-0000-0094-fd9a72150000 pid=5490 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=2c818bb5-1d00-0000-0094-fd9a72150000 pid=5490 execve guuid=bd43d8b5-1d00-0000-0094-fd9a73150000 pid=5491 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=bd43d8b5-1d00-0000-0094-fd9a73150000 pid=5491 clone guuid=b2176eb6-1d00-0000-0094-fd9a75150000 pid=5493 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=b2176eb6-1d00-0000-0094-fd9a75150000 pid=5493 execve guuid=079d5bbc-1d00-0000-0094-fd9a76150000 pid=5494 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=079d5bbc-1d00-0000-0094-fd9a76150000 pid=5494 execve guuid=e90d21c3-1d00-0000-0094-fd9a78150000 pid=5496 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=e90d21c3-1d00-0000-0094-fd9a78150000 pid=5496 execve guuid=cb6470c3-1d00-0000-0094-fd9a79150000 pid=5497 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=cb6470c3-1d00-0000-0094-fd9a79150000 pid=5497 clone guuid=e66d99c3-1d00-0000-0094-fd9a7a150000 pid=5498 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=e66d99c3-1d00-0000-0094-fd9a7a150000 pid=5498 execve guuid=9defe0c9-1d00-0000-0094-fd9a7b150000 pid=5499 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=9defe0c9-1d00-0000-0094-fd9a7b150000 pid=5499 execve guuid=4d2c5dd1-1d00-0000-0094-fd9a7c150000 pid=5500 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=4d2c5dd1-1d00-0000-0094-fd9a7c150000 pid=5500 execve guuid=bdd0aad1-1d00-0000-0094-fd9a7d150000 pid=5501 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=bdd0aad1-1d00-0000-0094-fd9a7d150000 pid=5501 clone guuid=053744d2-1d00-0000-0094-fd9a7f150000 pid=5503 /usr/bin/wget net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=053744d2-1d00-0000-0094-fd9a7f150000 pid=5503 execve guuid=ade200dd-1d00-0000-0094-fd9a80150000 pid=5504 /usr/bin/curl net send-data write-file guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=ade200dd-1d00-0000-0094-fd9a80150000 pid=5504 execve guuid=0a9e80e8-1d00-0000-0094-fd9a81150000 pid=5505 /usr/bin/chmod guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=0a9e80e8-1d00-0000-0094-fd9a81150000 pid=5505 execve guuid=2a65cfe8-1d00-0000-0094-fd9a82150000 pid=5506 /usr/bin/bash guuid=5c8f016b-1900-0000-0094-fd9a65140000 pid=5221->guuid=2a65cfe8-1d00-0000-0094-fd9a82150000 pid=5506 clone 21248e82-210f-51ca-8ec9-ceecf3db8318 176.46.152.89:80 guuid=dd907a6f-1900-0000-0094-fd9a67140000 pid=5223->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 138B guuid=2c36f579-1900-0000-0094-fd9a68140000 pid=5224->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 87B guuid=7ec0fc91-1900-0000-0094-fd9a6c140000 pid=5228->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 138B guuid=f93f1697-1900-0000-0094-fd9a6d140000 pid=5229->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8ef0fb9d-1900-0000-0094-fd9a70140000 pid=5232 /tmp/x86.nn guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231->guuid=8ef0fb9d-1900-0000-0094-fd9a70140000 pid=5232 clone guuid=c2d213ca-1a00-0000-0094-fd9a7a140000 pid=5242 /tmp/x86.nn guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231->guuid=c2d213ca-1a00-0000-0094-fd9a7a140000 pid=5242 clone guuid=a44619ca-1a00-0000-0094-fd9a7b140000 pid=5243 /tmp/x86.nn net send-data zombie guuid=0e57619d-1900-0000-0094-fd9a6f140000 pid=5231->guuid=a44619ca-1a00-0000-0094-fd9a7b140000 pid=5243 clone guuid=c2a7059e-1900-0000-0094-fd9a71140000 pid=5233 /tmp/x86.nn guuid=8ef0fb9d-1900-0000-0094-fd9a70140000 pid=5232->guuid=c2a7059e-1900-0000-0094-fd9a71140000 pid=5233 clone guuid=d1a5099e-1900-0000-0094-fd9a72140000 pid=5234 /tmp/x86.nn net send-data zombie guuid=8ef0fb9d-1900-0000-0094-fd9a70140000 pid=5232->guuid=d1a5099e-1900-0000-0094-fd9a72140000 pid=5234 clone guuid=d1a5099e-1900-0000-0094-fd9a72140000 pid=5234->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con ef4a45dc-3076-589b-8f09-c4e8bd3ea218 176.46.152.89:3778 guuid=d1a5099e-1900-0000-0094-fd9a72140000 pid=5234->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 218B guuid=a44619ca-1a00-0000-0094-fd9a7b140000 pid=5243->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a44619ca-1a00-0000-0094-fd9a7b140000 pid=5243->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 226B guuid=97e02fca-1a00-0000-0094-fd9a7c140000 pid=5244->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 141B guuid=fb8831cf-1a00-0000-0094-fd9a7d140000 pid=5245->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 90B guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=77c923dd-1a00-0000-0094-fd9a80140000 pid=5248 /tmp/x86_64.nn guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247->guuid=77c923dd-1a00-0000-0094-fd9a80140000 pid=5248 clone guuid=2f7d9c07-1c00-0000-0094-fd9a02150000 pid=5378 /tmp/x86_64.nn guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247->guuid=2f7d9c07-1c00-0000-0094-fd9a02150000 pid=5378 clone guuid=764aa007-1c00-0000-0094-fd9a03150000 pid=5379 /tmp/x86_64.nn net send-data zombie guuid=d00e9ddc-1a00-0000-0094-fd9a7f140000 pid=5247->guuid=764aa007-1c00-0000-0094-fd9a03150000 pid=5379 clone guuid=507990dd-1a00-0000-0094-fd9a81140000 pid=5249 /tmp/x86_64.nn zombie guuid=77c923dd-1a00-0000-0094-fd9a80140000 pid=5248->guuid=507990dd-1a00-0000-0094-fd9a81140000 pid=5249 clone guuid=d6de95dd-1a00-0000-0094-fd9a82140000 pid=5250 /tmp/x86_64.nn net send-data zombie guuid=77c923dd-1a00-0000-0094-fd9a80140000 pid=5248->guuid=d6de95dd-1a00-0000-0094-fd9a82140000 pid=5250 clone guuid=d6de95dd-1a00-0000-0094-fd9a82140000 pid=5250->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d6de95dd-1a00-0000-0094-fd9a82140000 pid=5250->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 202B guuid=764aa007-1c00-0000-0094-fd9a03150000 pid=5379->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=764aa007-1c00-0000-0094-fd9a03150000 pid=5379->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 82B guuid=99aaac07-1c00-0000-0094-fd9a04150000 pid=5380->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=5b0d6d0d-1c00-0000-0094-fd9a15150000 pid=5397->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7088c217-1c00-0000-0094-fd9a31150000 pid=5425 /tmp/i686.nn guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423->guuid=7088c217-1c00-0000-0094-fd9a31150000 pid=5425 clone guuid=cfcc9043-1d00-0000-0094-fd9a4d150000 pid=5453 /tmp/i686.nn guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423->guuid=cfcc9043-1d00-0000-0094-fd9a4d150000 pid=5453 clone guuid=a079a143-1d00-0000-0094-fd9a4e150000 pid=5454 /tmp/i686.nn net send-data zombie guuid=e13f3d17-1c00-0000-0094-fd9a2f150000 pid=5423->guuid=a079a143-1d00-0000-0094-fd9a4e150000 pid=5454 clone guuid=b729c917-1c00-0000-0094-fd9a32150000 pid=5426 /tmp/i686.nn guuid=7088c217-1c00-0000-0094-fd9a31150000 pid=5425->guuid=b729c917-1c00-0000-0094-fd9a32150000 pid=5426 clone guuid=5a6ccd17-1c00-0000-0094-fd9a33150000 pid=5427 /tmp/i686.nn net send-data zombie guuid=7088c217-1c00-0000-0094-fd9a31150000 pid=5425->guuid=5a6ccd17-1c00-0000-0094-fd9a33150000 pid=5427 clone guuid=5a6ccd17-1c00-0000-0094-fd9a33150000 pid=5427->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5a6ccd17-1c00-0000-0094-fd9a33150000 pid=5427->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 200B guuid=a079a143-1d00-0000-0094-fd9a4e150000 pid=5454->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a079a143-1d00-0000-0094-fd9a4e150000 pid=5454->ef4a45dc-3076-589b-8f09-c4e8bd3ea218 send: 650B guuid=914cbf43-1d00-0000-0094-fd9a4f150000 pid=5455->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=6f5d2c48-1d00-0000-0094-fd9a50150000 pid=5456->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=9b73ab50-1d00-0000-0094-fd9a54150000 pid=5460->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 141B guuid=ac2a1e57-1d00-0000-0094-fd9a55150000 pid=5461->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 90B guuid=9f48715f-1d00-0000-0094-fd9a58150000 pid=5464->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=15233764-1d00-0000-0094-fd9a59150000 pid=5465->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=18e9316b-1d00-0000-0094-fd9a5d150000 pid=5469->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 138B guuid=34025c6f-1d00-0000-0094-fd9a5e150000 pid=5470->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 87B guuid=5a58167a-1d00-0000-0094-fd9a62150000 pid=5474->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=66311d7e-1d00-0000-0094-fd9a63150000 pid=5475->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=80c2aa86-1d00-0000-0094-fd9a66150000 pid=5478->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=dcca958f-1d00-0000-0094-fd9a67150000 pid=5479->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=709d2798-1d00-0000-0094-fd9a6b150000 pid=5483->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=052d9a9f-1d00-0000-0094-fd9a6c150000 pid=5484->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=708dffa7-1d00-0000-0094-fd9a70150000 pid=5488->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 138B guuid=1a274fb0-1d00-0000-0094-fd9a71150000 pid=5489->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 87B guuid=b2176eb6-1d00-0000-0094-fd9a75150000 pid=5493->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 140B guuid=079d5bbc-1d00-0000-0094-fd9a76150000 pid=5494->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 89B guuid=e66d99c3-1d00-0000-0094-fd9a7a150000 pid=5498->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 139B guuid=9defe0c9-1d00-0000-0094-fd9a7b150000 pid=5499->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 88B guuid=053744d2-1d00-0000-0094-fd9a7f150000 pid=5503->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 138B guuid=ade200dd-1d00-0000-0094-fd9a80150000 pid=5504->21248e82-210f-51ca-8ec9-ceecf3db8318 send: 87B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 11:43:31 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vlxlozyizqlyadei5xumosctz6yzlj2e6fjjlzk5ke7lnguv7ipq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/251006-j493fasjt8/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/aaeeb76708cc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh aaeeb76708cc17800c88ede8c74853cfb195a744f15295e55d513eb69a95fa1f

(this sample)

Mirai

elf a376a81308501bd0e0352d64fd25820da2e3198f8418bb110dabc9ea67ba7f34

  
URLhaus
https://urlhaus.abuse.ch/url/3659929/
  
Delivery method
Distributed via web download
  
Dropping
MD5 528a35830fd5a11f20879540041d8ad3
  
Dropping
SHA256 a376a81308501bd0e0352d64fd25820da2e3198f8418bb110dabc9ea67ba7f34

Comments