MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8
SHA3-384 hash: 3ffcdccc0f024b76e55c20416bfd0a0afbe39616cf7fabe46167dfc2fcf683d235eeed5763c2f28851b3543418da7a75
SHA1 hash: 53bee25e1ebf2128911ec67e143c012cffbc442e
MD5 hash: 897670098fd310db4ba41eb6aafa9793
humanhash: avocado-black-iowa-eleven
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'034 bytes
First seen:2026-06-07 15:26:18 UTC
Last seen:2026-06-08 07:41:01 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:ItcOiLcEmLc/9sLcXKLchC3LcxewxeImZLcEPPWLcMmLc32LcaP+LctmLcvQLcFK:iiLML3LvLlLDLzWL4LvLULdL3LLLgbLc
TLSH T1965195F500B204742E52FB5BB3AAF10C73BB60953BE7698C69ECACB5434DD916C42653
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://96.62.214.170/hiddenbin/Mystic.arc990c0aa464c157f8b6d0e82a0fc8d24d565ecdd66a661886569a4b95e4a24f13 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.x86cbde6fc927f85fdd760da0697004c0db61dea6522a34ddf0004b0911aa745dc4 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.x86_646463556b7909e990f3364349e3c9dd5a2cb61acc1d16a20f7180700507fce5e0 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.i6862439fc7ebe94cb24f947cf534199a665a340de3631aef282116b4461a9077ddb Miraimirai
http://96.62.214.170/hiddenbin/Mystic.mipsfe5480174c2a1bfcd677bc7c27f8918fdb700d5deac3319f4924dea1ea2ef344 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.mips64n/an/an/a
http://96.62.214.170/hiddenbin/Mystic.mpslddc6bea0d36922789306d51b5d65223aff023fd8f3a030750f25b93f9ffb5c11 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.arm9a5f99bf51b07199dbac5b5bb0dde0e8193e98168eb4b095f31126814aab54aa Miraimirai
http://96.62.214.170/hiddenbin/Mystic.arm5428bc00d4f495d04e0d1d740fed86a4bae53e2128d7fa9262f7e431918164662 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.arm6c5e98b65aaa1461c9ebb58723d98dd24a893fba695318d3f84b1fa6f56e83ee7 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.arm7313ba2e7997770f92b434c8d74b4325ea4e8109fbaab4a1c5560a96b7dd8a3f4 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.ppc0d7b4820d189f5a94b7854fc27e80dfca6cedbb1e8c2db610e046c247df8e22f Miraimirai
http://96.62.214.170/hiddenbin/Mystic.sparcn/an/an/a
http://96.62.214.170/hiddenbin/Mystic.m68kadab7c549a38c3dae295744f3cc677df91287270f2283bc1bcd4f0e8ffa7de49 Miraimirai
http://96.62.214.170/hiddenbin/Mystic.sh433834e3fae8e31d3655189abf0cf3033305a586263d35613344bd3db2aff6124 Miraimirai

Intelligence

File Origin
# of uploads :
4
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox medusa mirai
Link:
https://www.filescan.io/uploads/6a258dc546e44aecc0d3f3e2/reports/deb70d34-bed5-4e18-9377-aa33d5263ccc/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-03T06:24:00Z UTC
Last seen:
2026-06-03T07:27:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b156f4ae-64f4-41b5-8406-deeaba69f109
Behavior Graph:
Download SVG
%3 guuid=9ac3aa22-1b00-0000-c1a8-66e029090000 pid=2345 /usr/bin/sudo guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352 /tmp/sample.bin guuid=9ac3aa22-1b00-0000-c1a8-66e029090000 pid=2345->guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352 execve guuid=b7a2f326-1b00-0000-c1a8-66e031090000 pid=2353 /usr/bin/cp guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=b7a2f326-1b00-0000-c1a8-66e031090000 pid=2353 execve guuid=f60a5e2d-1b00-0000-c1a8-66e038090000 pid=2360 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=f60a5e2d-1b00-0000-c1a8-66e038090000 pid=2360 execve guuid=9af68b73-1b00-0000-c1a8-66e0cb090000 pid=2507 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=9af68b73-1b00-0000-c1a8-66e0cb090000 pid=2507 execve guuid=0b783abd-1b00-0000-c1a8-66e05d0a0000 pid=2653 /usr/bin/cat guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=0b783abd-1b00-0000-c1a8-66e05d0a0000 pid=2653 execve guuid=5668b3bd-1b00-0000-c1a8-66e05f0a0000 pid=2655 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=5668b3bd-1b00-0000-c1a8-66e05f0a0000 pid=2655 execve guuid=0bda18be-1b00-0000-c1a8-66e0610a0000 pid=2657 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=0bda18be-1b00-0000-c1a8-66e0610a0000 pid=2657 clone guuid=0e9cc4be-1b00-0000-c1a8-66e0650a0000 pid=2661 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=0e9cc4be-1b00-0000-c1a8-66e0650a0000 pid=2661 execve guuid=3b515ded-1b00-0000-c1a8-66e0ad0a0000 pid=2733 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=3b515ded-1b00-0000-c1a8-66e0ad0a0000 pid=2733 execve guuid=fcadeb17-1c00-0000-c1a8-66e0080b0000 pid=2824 /usr/bin/cat guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=fcadeb17-1c00-0000-c1a8-66e0080b0000 pid=2824 execve guuid=ec2b4d18-1c00-0000-c1a8-66e0090b0000 pid=2825 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=ec2b4d18-1c00-0000-c1a8-66e0090b0000 pid=2825 execve guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827 execve guuid=b9497246-1d00-0000-c1a8-66e01a0d0000 pid=3354 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=b9497246-1d00-0000-c1a8-66e01a0d0000 pid=3354 execve guuid=c8d8b87d-1d00-0000-c1a8-66e08e0d0000 pid=3470 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=c8d8b87d-1d00-0000-c1a8-66e08e0d0000 pid=3470 execve guuid=8e7cabb7-1d00-0000-c1a8-66e0f50d0000 pid=3573 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=8e7cabb7-1d00-0000-c1a8-66e0f50d0000 pid=3573 clone guuid=6457d2b7-1d00-0000-c1a8-66e0f60d0000 pid=3574 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=6457d2b7-1d00-0000-c1a8-66e0f60d0000 pid=3574 execve guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576 execve guuid=4bb658e5-1e00-0000-c1a8-66e087110000 pid=4487 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=4bb658e5-1e00-0000-c1a8-66e087110000 pid=4487 execve guuid=a9b1981b-1f00-0000-c1a8-66e02b120000 pid=4651 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=a9b1981b-1f00-0000-c1a8-66e02b120000 pid=4651 execve guuid=eeb21353-1f00-0000-c1a8-66e0d3120000 pid=4819 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=eeb21353-1f00-0000-c1a8-66e0d3120000 pid=4819 clone guuid=9cf82e53-1f00-0000-c1a8-66e0d4120000 pid=4820 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=9cf82e53-1f00-0000-c1a8-66e0d4120000 pid=4820 execve guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822 execve guuid=6a2dd980-2000-0000-c1a8-66e08e140000 pid=5262 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=6a2dd980-2000-0000-c1a8-66e08e140000 pid=5262 execve guuid=620a83b8-2000-0000-c1a8-66e08f140000 pid=5263 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=620a83b8-2000-0000-c1a8-66e08f140000 pid=5263 execve guuid=2b9bc6f3-2000-0000-c1a8-66e090140000 pid=5264 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=2b9bc6f3-2000-0000-c1a8-66e090140000 pid=5264 clone guuid=863be6f3-2000-0000-c1a8-66e091140000 pid=5265 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=863be6f3-2000-0000-c1a8-66e091140000 pid=5265 execve guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266 execve guuid=4ea5a021-2200-0000-c1a8-66e09f140000 pid=5279 /usr/bin/wget net send-data guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=4ea5a021-2200-0000-c1a8-66e09f140000 pid=5279 execve guuid=6644bd3d-2200-0000-c1a8-66e0a0140000 pid=5280 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=6644bd3d-2200-0000-c1a8-66e0a0140000 pid=5280 execve guuid=f0a73a5a-2200-0000-c1a8-66e0a3140000 pid=5283 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=f0a73a5a-2200-0000-c1a8-66e0a3140000 pid=5283 clone guuid=54a0525a-2200-0000-c1a8-66e0a5140000 pid=5285 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=54a0525a-2200-0000-c1a8-66e0a5140000 pid=5285 execve guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286 execve guuid=bbf35987-2300-0000-c1a8-66e0c9140000 pid=5321 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=bbf35987-2300-0000-c1a8-66e0c9140000 pid=5321 execve guuid=0be3d4c4-2300-0000-c1a8-66e0ca140000 pid=5322 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=0be3d4c4-2300-0000-c1a8-66e0ca140000 pid=5322 execve guuid=242bfcfb-2300-0000-c1a8-66e0cb140000 pid=5323 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=242bfcfb-2300-0000-c1a8-66e0cb140000 pid=5323 clone guuid=ae4f1cfc-2300-0000-c1a8-66e0cc140000 pid=5324 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=ae4f1cfc-2300-0000-c1a8-66e0cc140000 pid=5324 execve guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325 execve guuid=6efc032a-2500-0000-c1a8-66e0d3140000 pid=5331 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=6efc032a-2500-0000-c1a8-66e0d3140000 pid=5331 execve guuid=8dc1dc5f-2500-0000-c1a8-66e0d4140000 pid=5332 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=8dc1dc5f-2500-0000-c1a8-66e0d4140000 pid=5332 execve guuid=a720f497-2500-0000-c1a8-66e0d5140000 pid=5333 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=a720f497-2500-0000-c1a8-66e0d5140000 pid=5333 clone guuid=bee73098-2500-0000-c1a8-66e0d6140000 pid=5334 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=bee73098-2500-0000-c1a8-66e0d6140000 pid=5334 execve guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335 execve guuid=7aa5a3c6-2600-0000-c1a8-66e0dd140000 pid=5341 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=7aa5a3c6-2600-0000-c1a8-66e0dd140000 pid=5341 execve guuid=b99030f0-2600-0000-c1a8-66e0de140000 pid=5342 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=b99030f0-2600-0000-c1a8-66e0de140000 pid=5342 execve guuid=2568fb1c-2700-0000-c1a8-66e0df140000 pid=5343 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=2568fb1c-2700-0000-c1a8-66e0df140000 pid=5343 clone guuid=95a93c1d-2700-0000-c1a8-66e0e0140000 pid=5344 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=95a93c1d-2700-0000-c1a8-66e0e0140000 pid=5344 execve guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345 execve guuid=a555c24b-2800-0000-c1a8-66e0e7140000 pid=5351 /usr/bin/wget net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=a555c24b-2800-0000-c1a8-66e0e7140000 pid=5351 execve guuid=b9d61d82-2800-0000-c1a8-66e0e8140000 pid=5352 /usr/bin/curl net send-data write-file guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=b9d61d82-2800-0000-c1a8-66e0e8140000 pid=5352 execve guuid=07bf11be-2800-0000-c1a8-66e0e9140000 pid=5353 /usr/bin/bash guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=07bf11be-2800-0000-c1a8-66e0e9140000 pid=5353 clone guuid=66b34ebe-2800-0000-c1a8-66e0ea140000 pid=5354 /usr/bin/chmod guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=66b34ebe-2800-0000-c1a8-66e0ea140000 pid=5354 execve guuid=3ae9a7be-2800-0000-c1a8-66e0eb140000 pid=5355 /tmp/Mystic net guuid=872a4826-1b00-0000-c1a8-66e030090000 pid=2352->guuid=3ae9a7be-2800-0000-c1a8-66e0eb140000 pid=5355 execve fb8266a8-7202-5699-8bbc-72902679e729 96.62.214.170:80 guuid=f60a5e2d-1b00-0000-c1a8-66e038090000 pid=2360->fb8266a8-7202-5699-8bbc-72902679e729 send: 148B guuid=9af68b73-1b00-0000-c1a8-66e0cb090000 pid=2507->fb8266a8-7202-5699-8bbc-72902679e729 send: 97B guuid=0e9cc4be-1b00-0000-c1a8-66e0650a0000 pid=2661->fb8266a8-7202-5699-8bbc-72902679e729 send: 148B guuid=3b515ded-1b00-0000-c1a8-66e0ad0a0000 pid=2733->fb8266a8-7202-5699-8bbc-72902679e729 send: 97B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dd2f4c19-1c00-0000-c1a8-66e00e0b0000 pid=2830 /tmp/Mystic guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827->guuid=dd2f4c19-1c00-0000-c1a8-66e00e0b0000 pid=2830 clone guuid=c4135046-1d00-0000-c1a8-66e0170d0000 pid=3351 /tmp/Mystic guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827->guuid=c4135046-1d00-0000-c1a8-66e0170d0000 pid=3351 clone guuid=a0c85a46-1d00-0000-c1a8-66e0180d0000 pid=3352 /tmp/Mystic net send-data zombie guuid=f2289518-1c00-0000-c1a8-66e00b0b0000 pid=2827->guuid=a0c85a46-1d00-0000-c1a8-66e0180d0000 pid=3352 clone guuid=892f5619-1c00-0000-c1a8-66e00f0b0000 pid=2831 /tmp/Mystic guuid=dd2f4c19-1c00-0000-c1a8-66e00e0b0000 pid=2830->guuid=892f5619-1c00-0000-c1a8-66e00f0b0000 pid=2831 clone guuid=43025a19-1c00-0000-c1a8-66e0100b0000 pid=2832 /tmp/Mystic net send-data zombie guuid=dd2f4c19-1c00-0000-c1a8-66e00e0b0000 pid=2830->guuid=43025a19-1c00-0000-c1a8-66e0100b0000 pid=2832 clone 2eff1043-2206-530a-b4f2-162d88fdfb12 96.62.214.170:404 guuid=43025a19-1c00-0000-c1a8-66e0100b0000 pid=2832->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=a0c85a46-1d00-0000-c1a8-66e0180d0000 pid=3352->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=b9497246-1d00-0000-c1a8-66e01a0d0000 pid=3354->fb8266a8-7202-5699-8bbc-72902679e729 send: 151B guuid=c8d8b87d-1d00-0000-c1a8-66e08e0d0000 pid=3470->fb8266a8-7202-5699-8bbc-72902679e729 send: 100B guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=01b000b9-1d00-0000-c1a8-66e0fe0d0000 pid=3582 /tmp/Mystic guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576->guuid=01b000b9-1d00-0000-c1a8-66e0fe0d0000 pid=3582 clone guuid=6b6f3fe5-1e00-0000-c1a8-66e085110000 pid=4485 /tmp/Mystic guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576->guuid=6b6f3fe5-1e00-0000-c1a8-66e085110000 pid=4485 clone guuid=eb5f46e5-1e00-0000-c1a8-66e086110000 pid=4486 /tmp/Mystic net send-data zombie guuid=409e32b8-1d00-0000-c1a8-66e0f80d0000 pid=3576->guuid=eb5f46e5-1e00-0000-c1a8-66e086110000 pid=4486 clone guuid=b3290eb9-1d00-0000-c1a8-66e0ff0d0000 pid=3583 /tmp/Mystic guuid=01b000b9-1d00-0000-c1a8-66e0fe0d0000 pid=3582->guuid=b3290eb9-1d00-0000-c1a8-66e0ff0d0000 pid=3583 clone guuid=bb2a16b9-1d00-0000-c1a8-66e0000e0000 pid=3584 /tmp/Mystic net send-data zombie guuid=01b000b9-1d00-0000-c1a8-66e0fe0d0000 pid=3582->guuid=bb2a16b9-1d00-0000-c1a8-66e0000e0000 pid=3584 clone guuid=bb2a16b9-1d00-0000-c1a8-66e0000e0000 pid=3584->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=eb5f46e5-1e00-0000-c1a8-66e086110000 pid=4486->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=4bb658e5-1e00-0000-c1a8-66e087110000 pid=4487->fb8266a8-7202-5699-8bbc-72902679e729 send: 149B guuid=a9b1981b-1f00-0000-c1a8-66e02b120000 pid=4651->fb8266a8-7202-5699-8bbc-72902679e729 send: 98B guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cc0e3254-1f00-0000-c1a8-66e0da120000 pid=4826 /tmp/Mystic guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822->guuid=cc0e3254-1f00-0000-c1a8-66e0da120000 pid=4826 clone guuid=f110b780-2000-0000-c1a8-66e08c140000 pid=5260 /tmp/Mystic guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822->guuid=f110b780-2000-0000-c1a8-66e08c140000 pid=5260 clone guuid=1103bf80-2000-0000-c1a8-66e08d140000 pid=5261 /tmp/Mystic net send-data zombie guuid=d7c88453-1f00-0000-c1a8-66e0d6120000 pid=4822->guuid=1103bf80-2000-0000-c1a8-66e08d140000 pid=5261 clone guuid=ee8f3b54-1f00-0000-c1a8-66e0db120000 pid=4827 /tmp/Mystic guuid=cc0e3254-1f00-0000-c1a8-66e0da120000 pid=4826->guuid=ee8f3b54-1f00-0000-c1a8-66e0db120000 pid=4827 clone guuid=72d73e54-1f00-0000-c1a8-66e0dc120000 pid=4828 /tmp/Mystic net send-data zombie guuid=cc0e3254-1f00-0000-c1a8-66e0da120000 pid=4826->guuid=72d73e54-1f00-0000-c1a8-66e0dc120000 pid=4828 clone guuid=72d73e54-1f00-0000-c1a8-66e0dc120000 pid=4828->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=1103bf80-2000-0000-c1a8-66e08d140000 pid=5261->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=6a2dd980-2000-0000-c1a8-66e08e140000 pid=5262->fb8266a8-7202-5699-8bbc-72902679e729 send: 149B guuid=620a83b8-2000-0000-c1a8-66e08f140000 pid=5263->fb8266a8-7202-5699-8bbc-72902679e729 send: 98B guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d585e6f4-2000-0000-c1a8-66e093140000 pid=5267 /tmp/Mystic guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266->guuid=d585e6f4-2000-0000-c1a8-66e093140000 pid=5267 clone guuid=14e25621-2200-0000-c1a8-66e09d140000 pid=5277 /tmp/Mystic guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266->guuid=14e25621-2200-0000-c1a8-66e09d140000 pid=5277 clone guuid=48445e21-2200-0000-c1a8-66e09e140000 pid=5278 /tmp/Mystic net send-data zombie guuid=a6f048f4-2000-0000-c1a8-66e092140000 pid=5266->guuid=48445e21-2200-0000-c1a8-66e09e140000 pid=5278 clone guuid=aa73f0f4-2000-0000-c1a8-66e094140000 pid=5268 /tmp/Mystic guuid=d585e6f4-2000-0000-c1a8-66e093140000 pid=5267->guuid=aa73f0f4-2000-0000-c1a8-66e094140000 pid=5268 clone guuid=38c7f3f4-2000-0000-c1a8-66e095140000 pid=5269 /tmp/Mystic net send-data zombie guuid=d585e6f4-2000-0000-c1a8-66e093140000 pid=5267->guuid=38c7f3f4-2000-0000-c1a8-66e095140000 pid=5269 clone guuid=38c7f3f4-2000-0000-c1a8-66e095140000 pid=5269->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=48445e21-2200-0000-c1a8-66e09e140000 pid=5278->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=4ea5a021-2200-0000-c1a8-66e09f140000 pid=5279->fb8266a8-7202-5699-8bbc-72902679e729 send: 151B guuid=6644bd3d-2200-0000-c1a8-66e0a0140000 pid=5280->fb8266a8-7202-5699-8bbc-72902679e729 send: 100B guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fd01255b-2200-0000-c1a8-66e0a7140000 pid=5287 /tmp/Mystic guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286->guuid=fd01255b-2200-0000-c1a8-66e0a7140000 pid=5287 clone guuid=7fdc3a87-2300-0000-c1a8-66e0c7140000 pid=5319 /tmp/Mystic guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286->guuid=7fdc3a87-2300-0000-c1a8-66e0c7140000 pid=5319 clone guuid=c2964387-2300-0000-c1a8-66e0c8140000 pid=5320 /tmp/Mystic net send-data zombie guuid=669f965a-2200-0000-c1a8-66e0a6140000 pid=5286->guuid=c2964387-2300-0000-c1a8-66e0c8140000 pid=5320 clone guuid=e4aa285b-2200-0000-c1a8-66e0a8140000 pid=5288 /tmp/Mystic guuid=fd01255b-2200-0000-c1a8-66e0a7140000 pid=5287->guuid=e4aa285b-2200-0000-c1a8-66e0a8140000 pid=5288 clone guuid=019e2f5b-2200-0000-c1a8-66e0aa140000 pid=5290 /tmp/Mystic net send-data zombie guuid=fd01255b-2200-0000-c1a8-66e0a7140000 pid=5287->guuid=019e2f5b-2200-0000-c1a8-66e0aa140000 pid=5290 clone guuid=019e2f5b-2200-0000-c1a8-66e0aa140000 pid=5290->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=c2964387-2300-0000-c1a8-66e0c8140000 pid=5320->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=bbf35987-2300-0000-c1a8-66e0c9140000 pid=5321->fb8266a8-7202-5699-8bbc-72902679e729 send: 149B guuid=0be3d4c4-2300-0000-c1a8-66e0ca140000 pid=5322->fb8266a8-7202-5699-8bbc-72902679e729 send: 98B guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ad0c52fd-2300-0000-c1a8-66e0ce140000 pid=5326 /tmp/Mystic guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325->guuid=ad0c52fd-2300-0000-c1a8-66e0ce140000 pid=5326 clone guuid=f47ced29-2500-0000-c1a8-66e0d1140000 pid=5329 /tmp/Mystic guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325->guuid=f47ced29-2500-0000-c1a8-66e0d1140000 pid=5329 clone guuid=9edaf329-2500-0000-c1a8-66e0d2140000 pid=5330 /tmp/Mystic net send-data zombie guuid=22247afc-2300-0000-c1a8-66e0cd140000 pid=5325->guuid=9edaf329-2500-0000-c1a8-66e0d2140000 pid=5330 clone guuid=80595bfd-2300-0000-c1a8-66e0cf140000 pid=5327 /tmp/Mystic guuid=ad0c52fd-2300-0000-c1a8-66e0ce140000 pid=5326->guuid=80595bfd-2300-0000-c1a8-66e0cf140000 pid=5327 clone guuid=510961fd-2300-0000-c1a8-66e0d0140000 pid=5328 /tmp/Mystic net send-data zombie guuid=ad0c52fd-2300-0000-c1a8-66e0ce140000 pid=5326->guuid=510961fd-2300-0000-c1a8-66e0d0140000 pid=5328 clone guuid=510961fd-2300-0000-c1a8-66e0d0140000 pid=5328->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=9edaf329-2500-0000-c1a8-66e0d2140000 pid=5330->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=6efc032a-2500-0000-c1a8-66e0d3140000 pid=5331->fb8266a8-7202-5699-8bbc-72902679e729 send: 148B guuid=8dc1dc5f-2500-0000-c1a8-66e0d4140000 pid=5332->fb8266a8-7202-5699-8bbc-72902679e729 send: 97B guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4728e799-2500-0000-c1a8-66e0d8140000 pid=5336 /tmp/Mystic guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335->guuid=4728e799-2500-0000-c1a8-66e0d8140000 pid=5336 clone guuid=d08271c6-2600-0000-c1a8-66e0db140000 pid=5339 /tmp/Mystic guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335->guuid=d08271c6-2600-0000-c1a8-66e0db140000 pid=5339 clone guuid=a7367bc6-2600-0000-c1a8-66e0dc140000 pid=5340 /tmp/Mystic net send-data zombie guuid=8360c998-2500-0000-c1a8-66e0d7140000 pid=5335->guuid=a7367bc6-2600-0000-c1a8-66e0dc140000 pid=5340 clone guuid=f0d7f199-2500-0000-c1a8-66e0d9140000 pid=5337 /tmp/Mystic guuid=4728e799-2500-0000-c1a8-66e0d8140000 pid=5336->guuid=f0d7f199-2500-0000-c1a8-66e0d9140000 pid=5337 clone guuid=96f6fc99-2500-0000-c1a8-66e0da140000 pid=5338 /tmp/Mystic net send-data zombie guuid=4728e799-2500-0000-c1a8-66e0d8140000 pid=5336->guuid=96f6fc99-2500-0000-c1a8-66e0da140000 pid=5338 clone guuid=96f6fc99-2500-0000-c1a8-66e0da140000 pid=5338->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=a7367bc6-2600-0000-c1a8-66e0dc140000 pid=5340->2eff1043-2206-530a-b4f2-162d88fdfb12 send: 2B guuid=7aa5a3c6-2600-0000-c1a8-66e0dd140000 pid=5341->fb8266a8-7202-5699-8bbc-72902679e729 send: 149B guuid=b99030f0-2600-0000-c1a8-66e0de140000 pid=5342->fb8266a8-7202-5699-8bbc-72902679e729 send: 98B guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9c66161f-2700-0000-c1a8-66e0e2140000 pid=5346 /tmp/Mystic guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345->guuid=9c66161f-2700-0000-c1a8-66e0e2140000 pid=5346 clone guuid=158b9c4b-2800-0000-c1a8-66e0e5140000 pid=5349 /tmp/Mystic guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345->guuid=158b9c4b-2800-0000-c1a8-66e0e5140000 pid=5349 clone guuid=a836a54b-2800-0000-c1a8-66e0e6140000 pid=5350 /tmp/Mystic net zombie guuid=940de01d-2700-0000-c1a8-66e0e1140000 pid=5345->guuid=a836a54b-2800-0000-c1a8-66e0e6140000 pid=5350 clone guuid=9012271f-2700-0000-c1a8-66e0e3140000 pid=5347 /tmp/Mystic guuid=9c66161f-2700-0000-c1a8-66e0e2140000 pid=5346->guuid=9012271f-2700-0000-c1a8-66e0e3140000 pid=5347 clone guuid=92db301f-2700-0000-c1a8-66e0e4140000 pid=5348 /tmp/Mystic net zombie guuid=9c66161f-2700-0000-c1a8-66e0e2140000 pid=5346->guuid=92db301f-2700-0000-c1a8-66e0e4140000 pid=5348 clone guuid=92db301f-2700-0000-c1a8-66e0e4140000 pid=5348->2eff1043-2206-530a-b4f2-162d88fdfb12 con guuid=a836a54b-2800-0000-c1a8-66e0e6140000 pid=5350->2eff1043-2206-530a-b4f2-162d88fdfb12 con guuid=a555c24b-2800-0000-c1a8-66e0e7140000 pid=5351->fb8266a8-7202-5699-8bbc-72902679e729 send: 149B guuid=b9d61d82-2800-0000-c1a8-66e0e8140000 pid=5352->fb8266a8-7202-5699-8bbc-72902679e729 send: 98B guuid=3ae9a7be-2800-0000-c1a8-66e0eb140000 pid=5355->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=71280cc0-2800-0000-c1a8-66e0ec140000 pid=5356 /tmp/Mystic guuid=3ae9a7be-2800-0000-c1a8-66e0eb140000 pid=5355->guuid=71280cc0-2800-0000-c1a8-66e0ec140000 pid=5356 clone guuid=4f6118c0-2800-0000-c1a8-66e0ed140000 pid=5357 /tmp/Mystic guuid=71280cc0-2800-0000-c1a8-66e0ec140000 pid=5356->guuid=4f6118c0-2800-0000-c1a8-66e0ed140000 pid=5357 clone guuid=85891dc0-2800-0000-c1a8-66e0ee140000 pid=5358 /tmp/Mystic net zombie guuid=71280cc0-2800-0000-c1a8-66e0ec140000 pid=5356->guuid=85891dc0-2800-0000-c1a8-66e0ee140000 pid=5358 clone guuid=85891dc0-2800-0000-c1a8-66e0ee140000 pid=5358->2eff1043-2206-530a-b4f2-162d88fdfb12 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-06-02 14:43:41 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v2fweomght3tzgprntarmit6tgw6gs53gzoj6lilvww2g5glylua._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260607-svm1zsgt2l/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Family: Mirai
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ae8b6239863c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ae8b6239863cf73c99f16cc116227e99ade34bbb365c9f2d0badada374cbc2e8

(this sample)

Mirai

elf 990c0aa464c157f8b6d0e82a0fc8d24d565ecdd66a661886569a4b95e4a24f13

  
URLhaus
https://urlhaus.abuse.ch/url/3860328/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cf75a70e9dde4c1bbda57f67da7187aa
  
Dropping
SHA256 990c0aa464c157f8b6d0e82a0fc8d24d565ecdd66a661886569a4b95e4a24f13

Comments