MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b
SHA3-384 hash: 848461edca8759e463c231a5ed05785788112a6a6ea575672d23c7a38893e7242fdd075f7be40264285ea2fd2ec1b1e8
SHA1 hash: cacc8feef93860d30026c7638be82fbb67f47b33
MD5 hash: a3fd8daf4b43f8d3f97c22a6395795d7
humanhash: comet-mobile-muppet-hot
File name:ipcam.tplink.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:714 bytes
First seen:2025-08-23 00:50:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:7pzc8VhRzcXWz4VhKZzcXTmLVhKYhzcqaIaVhEzcMVhY0zc5MaVhqVu:l7VhBuVheFVhzx7MVhonVhY4wVhqVu
TLSH T142015E8B541DB60AB5F8DA42741A4B109F0D9187ECD01FA0D9CD3CB8D78CC24F8E5546
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.69.194/kitty.arm824235df77016d1aad750a9f52919f521f7354f124a9d710d4a3c98d4b64615f Ngiowebelf mirai Ngioweb ua-wget
http://196.251.69.194/kitty.mipsn/an/aelf mirai ua-wget
http://196.251.69.194/kitty.mipselcb93ba4bdeca9b98b820e6a54f5ce7259c6dea673d8ee2b92e88d39f70efb8ea Miraielf mirai ua-wget
http://196.251.69.194/kitty.aarch641a930b4aa7c5f6e140466a8309037bf5def5614f7ed514bd9010868b8f51710b Tsunamielf mirai Tsunami ua-wget
http://196.251.69.194/kitty.x86f9f93bed6018700b5d961c16acd4bff913c697831df29fa1d91dafcdd50686ec Miraielf mirai ua-wget
http://196.251.69.194/kitty.x86_64n/an/aelf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
text
First seen:
2025-08-22T22:01:00Z UTC
Last seen:
2025-08-22T22:01:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/72d34362-b521-43e0-a156-6fa69c2b2563
Behavior Graph:
Download SVG
%3 guuid=4beea763-1900-0000-3489-35aa64140000 pid=5220 /usr/bin/sudo guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221 /tmp/sample.bin guuid=4beea763-1900-0000-3489-35aa64140000 pid=5220->guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221 execve guuid=784cf466-1900-0000-3489-35aa66140000 pid=5222 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=784cf466-1900-0000-3489-35aa66140000 pid=5222 execve guuid=86213c94-1900-0000-3489-35aa6a140000 pid=5226 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=86213c94-1900-0000-3489-35aa6a140000 pid=5226 execve guuid=edefa494-1900-0000-3489-35aa6b140000 pid=5227 /usr/bin/dash guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=edefa494-1900-0000-3489-35aa6b140000 pid=5227 clone guuid=c2ab9295-1900-0000-3489-35aa6f140000 pid=5231 /usr/bin/rm delete-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=c2ab9295-1900-0000-3489-35aa6f140000 pid=5231 execve guuid=a6d4f695-1900-0000-3489-35aa70140000 pid=5232 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=a6d4f695-1900-0000-3489-35aa70140000 pid=5232 execve guuid=533e449e-1900-0000-3489-35aa73140000 pid=5235 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=533e449e-1900-0000-3489-35aa73140000 pid=5235 execve guuid=2f86989e-1900-0000-3489-35aa74140000 pid=5236 /usr/bin/dash guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=2f86989e-1900-0000-3489-35aa74140000 pid=5236 clone guuid=3c424b9f-1900-0000-3489-35aa76140000 pid=5238 /usr/bin/rm delete-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=3c424b9f-1900-0000-3489-35aa76140000 pid=5238 execve guuid=a25ba29f-1900-0000-3489-35aa77140000 pid=5239 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=a25ba29f-1900-0000-3489-35aa77140000 pid=5239 execve guuid=3ccd97a6-1900-0000-3489-35aa78140000 pid=5240 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=3ccd97a6-1900-0000-3489-35aa78140000 pid=5240 execve guuid=ddc217a7-1900-0000-3489-35aa79140000 pid=5241 /usr/bin/dash guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=ddc217a7-1900-0000-3489-35aa79140000 pid=5241 clone guuid=8c3ff9a7-1900-0000-3489-35aa7b140000 pid=5243 /usr/bin/rm delete-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=8c3ff9a7-1900-0000-3489-35aa7b140000 pid=5243 execve guuid=ce735ba8-1900-0000-3489-35aa7c140000 pid=5244 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=ce735ba8-1900-0000-3489-35aa7c140000 pid=5244 execve guuid=1d3d88b4-1900-0000-3489-35aa7d140000 pid=5245 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=1d3d88b4-1900-0000-3489-35aa7d140000 pid=5245 execve guuid=f64c65b5-1900-0000-3489-35aa7e140000 pid=5246 /usr/bin/dash guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=f64c65b5-1900-0000-3489-35aa7e140000 pid=5246 clone guuid=1eaac1b6-1900-0000-3489-35aa80140000 pid=5248 /usr/bin/rm delete-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=1eaac1b6-1900-0000-3489-35aa80140000 pid=5248 execve guuid=90a4b0b7-1900-0000-3489-35aa81140000 pid=5249 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=90a4b0b7-1900-0000-3489-35aa81140000 pid=5249 execve guuid=e426bbc2-1900-0000-3489-35aa82140000 pid=5250 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=e426bbc2-1900-0000-3489-35aa82140000 pid=5250 execve guuid=4af114c3-1900-0000-3489-35aa83140000 pid=5251 /tmp/kitty.x86 guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=4af114c3-1900-0000-3489-35aa83140000 pid=5251 execve guuid=cb0240c3-1900-0000-3489-35aa86140000 pid=5254 /usr/bin/rm delete-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=cb0240c3-1900-0000-3489-35aa86140000 pid=5254 execve guuid=b20f91c3-1900-0000-3489-35aa87140000 pid=5255 /usr/bin/wget net send-data write-file guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=b20f91c3-1900-0000-3489-35aa87140000 pid=5255 execve guuid=2b053bcb-1900-0000-3489-35aa88140000 pid=5256 /usr/bin/chmod guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=2b053bcb-1900-0000-3489-35aa88140000 pid=5256 execve guuid=4492cccb-1900-0000-3489-35aa89140000 pid=5257 /tmp/kitty.x86_64 guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=4492cccb-1900-0000-3489-35aa89140000 pid=5257 execve guuid=9105e8cb-1900-0000-3489-35aa8b140000 pid=5259 /usr/bin/rm guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=9105e8cb-1900-0000-3489-35aa8b140000 pid=5259 execve guuid=3299b4cc-1900-0000-3489-35aa8d140000 pid=5261 /usr/bin/rm guuid=6ca0b166-1900-0000-3489-35aa65140000 pid=5221->guuid=3299b4cc-1900-0000-3489-35aa8d140000 pid=5261 execve 2e1ba108-bb79-560a-bab6-417767220e51 196.251.69.194:80 guuid=784cf466-1900-0000-3489-35aa66140000 pid=5222->2e1ba108-bb79-560a-bab6-417767220e51 send: 138B guuid=a6d4f695-1900-0000-3489-35aa70140000 pid=5232->2e1ba108-bb79-560a-bab6-417767220e51 send: 139B guuid=a25ba29f-1900-0000-3489-35aa77140000 pid=5239->2e1ba108-bb79-560a-bab6-417767220e51 send: 141B guuid=ce735ba8-1900-0000-3489-35aa7c140000 pid=5244->2e1ba108-bb79-560a-bab6-417767220e51 send: 142B guuid=90a4b0b7-1900-0000-3489-35aa81140000 pid=5249->2e1ba108-bb79-560a-bab6-417767220e51 send: 138B guuid=1ac22dc3-1900-0000-3489-35aa84140000 pid=5252 /tmp/kitty.x86 guuid=4af114c3-1900-0000-3489-35aa83140000 pid=5251->guuid=1ac22dc3-1900-0000-3489-35aa84140000 pid=5252 clone guuid=da6b3ec3-1900-0000-3489-35aa85140000 pid=5253 /tmp/kitty.x86 net send-data zombie guuid=1ac22dc3-1900-0000-3489-35aa84140000 pid=5252->guuid=da6b3ec3-1900-0000-3489-35aa85140000 pid=5253 clone eb9dca7b-d301-522e-83c7-8d6f291efc38 66.78.40.221:9080 guuid=da6b3ec3-1900-0000-3489-35aa85140000 pid=5253->eb9dca7b-d301-522e-83c7-8d6f291efc38 send: 72B ab7b7b79-1dfc-52b2-b0c8-4756a62bd7f5 208.67.220.220:53 guuid=da6b3ec3-1900-0000-3489-35aa85140000 pid=5253->ab7b7b79-1dfc-52b2-b0c8-4756a62bd7f5 send: 40B 6a6ce952-23cd-5c51-b461-6ca6a8c64225 1.0.0.1:53 guuid=da6b3ec3-1900-0000-3489-35aa85140000 pid=5253->6a6ce952-23cd-5c51-b461-6ca6a8c64225 send: 40B guuid=b20f91c3-1900-0000-3489-35aa87140000 pid=5255->2e1ba108-bb79-560a-bab6-417767220e51 send: 141B guuid=283fdccb-1900-0000-3489-35aa8a140000 pid=5258 /tmp/kitty.x86_64 zombie guuid=4492cccb-1900-0000-3489-35aa89140000 pid=5257->guuid=283fdccb-1900-0000-3489-35aa8a140000 pid=5258 clone guuid=15f1f3cb-1900-0000-3489-35aa8c140000 pid=5260 /tmp/kitty.x86_64 delete-file net send-data zombie guuid=283fdccb-1900-0000-3489-35aa8a140000 pid=5258->guuid=15f1f3cb-1900-0000-3489-35aa8c140000 pid=5260 clone guuid=15f1f3cb-1900-0000-3489-35aa8c140000 pid=5260->eb9dca7b-d301-522e-83c7-8d6f291efc38 send: 37B guuid=15f1f3cb-1900-0000-3489-35aa8c140000 pid=5260->ab7b7b79-1dfc-52b2-b0c8-4756a62bd7f5 send: 40B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-23 00:51:38 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wztwmc4tva4zl6cu2moqrfdrab5prf7ilmapnrlzegji6xuzu55q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250823-a7dc7ser4w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b667660b93a83995f854d31d089471007af897e85b00f6c57921928f5e99a77b

(this sample)

Mirai

elf 8dd7c876c8bf27258fde6453156c261b0ba61738385cb6c1ed8030708b6d4556

  
URLhaus
https://urlhaus.abuse.ch/url/3606435/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e23377692edc515480434428128e1fe9
  
Dropping
SHA256 8dd7c876c8bf27258fde6453156c261b0ba61738385cb6c1ed8030708b6d4556

Comments