MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6
SHA3-384 hash: 1aab8095f84bb073775bad2c62b213ddbb1871ddcc575be411b44b87bdaeeff823ff68de4462278c9a402b84eb83978c
SHA1 hash: 79591a431318bd8b80b74d78d6e94e26a73aa452
MD5 hash: 08b705e696939bf7d74df37ee391e7eb
humanhash: nevada-don-nitrogen-connecticut
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:919 bytes
First seen:2025-10-13 05:21:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:110RL10oYEm10ZNIl5Y10C0LKm110E+Oba10pjMk10jT5110sSOk10NtD10Sk10K:yYEPNI7BKM+MjCTTlZtD7CR
TLSH T19E1121FE3271722A4E488F64606584AD907699D031418FEEDC8D08F2F9E5D267727EBC
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://164.68.99.27/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://164.68.99.27/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://164.68.99.27/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://164.68.99.27/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://164.68.99.27/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://164.68.99.27/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://164.68.99.27/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://164.68.99.27/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://164.68.99.27/systemcl/sh4n/an/an/a
http://164.68.99.27/systemcl/spcn/an/an/a
http://164.68.99.27/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://164.68.99.27/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/68ec8cc7fe81c560ba57bb4e/reports/6806376b-a2c6-4ec6-b016-f3ce1889657b/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0656357e-2d1c-46b8-9f12-86376e4db3fc
Behavior Graph:
Download SVG
%3 guuid=3466af97-1900-0000-9150-becf46090000 pid=2374 /usr/bin/sudo guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382 /tmp/sample.bin guuid=3466af97-1900-0000-9150-becf46090000 pid=2374->guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382 execve guuid=69653d9a-1900-0000-9150-becf50090000 pid=2384 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=69653d9a-1900-0000-9150-becf50090000 pid=2384 execve guuid=e266c59c-1900-0000-9150-becf58090000 pid=2392 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=e266c59c-1900-0000-9150-becf58090000 pid=2392 execve guuid=56350c9d-1900-0000-9150-becf59090000 pid=2393 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=56350c9d-1900-0000-9150-becf59090000 pid=2393 clone guuid=e4d5c09e-1900-0000-9150-becf5f090000 pid=2399 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=e4d5c09e-1900-0000-9150-becf5f090000 pid=2399 execve guuid=4e9d9ea0-1900-0000-9150-becf60090000 pid=2400 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=4e9d9ea0-1900-0000-9150-becf60090000 pid=2400 execve guuid=683001a1-1900-0000-9150-becf61090000 pid=2401 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=683001a1-1900-0000-9150-becf61090000 pid=2401 clone guuid=62d082a1-1900-0000-9150-becf63090000 pid=2403 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=62d082a1-1900-0000-9150-becf63090000 pid=2403 execve guuid=cfb268a6-1900-0000-9150-becf64090000 pid=2404 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=cfb268a6-1900-0000-9150-becf64090000 pid=2404 execve guuid=be5faca6-1900-0000-9150-becf65090000 pid=2405 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=be5faca6-1900-0000-9150-becf65090000 pid=2405 clone guuid=de4d47a7-1900-0000-9150-becf67090000 pid=2407 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=de4d47a7-1900-0000-9150-becf67090000 pid=2407 execve guuid=35d657ad-1900-0000-9150-becf68090000 pid=2408 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=35d657ad-1900-0000-9150-becf68090000 pid=2408 execve guuid=1bba9cad-1900-0000-9150-becf69090000 pid=2409 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=1bba9cad-1900-0000-9150-becf69090000 pid=2409 clone guuid=e1c641ae-1900-0000-9150-becf6b090000 pid=2411 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=e1c641ae-1900-0000-9150-becf6b090000 pid=2411 execve guuid=8a0baab0-1900-0000-9150-becf6c090000 pid=2412 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=8a0baab0-1900-0000-9150-becf6c090000 pid=2412 execve guuid=34392fb1-1900-0000-9150-becf6d090000 pid=2413 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=34392fb1-1900-0000-9150-becf6d090000 pid=2413 clone guuid=fc2217b2-1900-0000-9150-becf6f090000 pid=2415 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=fc2217b2-1900-0000-9150-becf6f090000 pid=2415 execve guuid=14c1e8b6-1900-0000-9150-becf76090000 pid=2422 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=14c1e8b6-1900-0000-9150-becf76090000 pid=2422 execve guuid=08cb26b7-1900-0000-9150-becf77090000 pid=2423 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=08cb26b7-1900-0000-9150-becf77090000 pid=2423 clone guuid=5ccca8b7-1900-0000-9150-becf7a090000 pid=2426 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=5ccca8b7-1900-0000-9150-becf7a090000 pid=2426 execve guuid=41d288bd-1900-0000-9150-becf82090000 pid=2434 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=41d288bd-1900-0000-9150-becf82090000 pid=2434 execve guuid=4451dbbd-1900-0000-9150-becf83090000 pid=2435 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=4451dbbd-1900-0000-9150-becf83090000 pid=2435 clone guuid=4f613cbf-1900-0000-9150-becf8a090000 pid=2442 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=4f613cbf-1900-0000-9150-becf8a090000 pid=2442 execve guuid=186914c1-1900-0000-9150-becf8e090000 pid=2446 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=186914c1-1900-0000-9150-becf8e090000 pid=2446 execve guuid=ded365c1-1900-0000-9150-becf90090000 pid=2448 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=ded365c1-1900-0000-9150-becf90090000 pid=2448 clone guuid=e45006c2-1900-0000-9150-becf94090000 pid=2452 /usr/bin/busybox net send-data guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=e45006c2-1900-0000-9150-becf94090000 pid=2452 execve guuid=29f1fbc4-1900-0000-9150-becf9e090000 pid=2462 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=29f1fbc4-1900-0000-9150-becf9e090000 pid=2462 execve guuid=51763ec5-1900-0000-9150-becf9f090000 pid=2463 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=51763ec5-1900-0000-9150-becf9f090000 pid=2463 clone guuid=011151c5-1900-0000-9150-becfa1090000 pid=2465 /usr/bin/busybox net send-data guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=011151c5-1900-0000-9150-becfa1090000 pid=2465 execve guuid=95915fc8-1900-0000-9150-becfad090000 pid=2477 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=95915fc8-1900-0000-9150-becfad090000 pid=2477 execve guuid=478aabc8-1900-0000-9150-becfaf090000 pid=2479 /usr/bin/dash guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=478aabc8-1900-0000-9150-becfaf090000 pid=2479 clone guuid=1461b7c8-1900-0000-9150-becfb0090000 pid=2480 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=1461b7c8-1900-0000-9150-becfb0090000 pid=2480 execve guuid=ca1904cd-1900-0000-9150-becfbb090000 pid=2491 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=ca1904cd-1900-0000-9150-becfbb090000 pid=2491 execve guuid=0f1267cd-1900-0000-9150-becfbc090000 pid=2492 /home/sandbox/x86 net guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=0f1267cd-1900-0000-9150-becfbc090000 pid=2492 execve guuid=cef55fde-1900-0000-9150-becfe9090000 pid=2537 /usr/bin/busybox net send-data write-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=cef55fde-1900-0000-9150-becfe9090000 pid=2537 execve guuid=8c876de0-1900-0000-9150-becff0090000 pid=2544 /usr/bin/chmod guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=8c876de0-1900-0000-9150-becff0090000 pid=2544 execve guuid=7a62b7e0-1900-0000-9150-becff2090000 pid=2546 /home/sandbox/x86_64 net guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=7a62b7e0-1900-0000-9150-becff2090000 pid=2546 execve guuid=ed6f21f0-1900-0000-9150-becf160a0000 pid=2582 /usr/bin/rm delete-file guuid=3a92dd99-1900-0000-9150-becf4e090000 pid=2382->guuid=ed6f21f0-1900-0000-9150-becf160a0000 pid=2582 execve 8e6b5758-71ad-5d15-b2f4-440297d989d0 164.68.99.27:80 guuid=69653d9a-1900-0000-9150-becf50090000 pid=2384->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 87B guuid=e4d5c09e-1900-0000-9150-becf5f090000 pid=2399->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=62d082a1-1900-0000-9150-becf63090000 pid=2403->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=de4d47a7-1900-0000-9150-becf67090000 pid=2407->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=e1c641ae-1900-0000-9150-becf6b090000 pid=2411->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=fc2217b2-1900-0000-9150-becf6f090000 pid=2415->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=5ccca8b7-1900-0000-9150-becf7a090000 pid=2426->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 88B guuid=4f613cbf-1900-0000-9150-becf8a090000 pid=2442->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 87B guuid=e45006c2-1900-0000-9150-becf94090000 pid=2452->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 87B guuid=011151c5-1900-0000-9150-becfa1090000 pid=2465->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 87B guuid=1461b7c8-1900-0000-9150-becfb0090000 pid=2480->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0f1267cd-1900-0000-9150-becfbc090000 pid=2492->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7f1e53de-1900-0000-9150-becfe7090000 pid=2535 /home/sandbox/x86 guuid=0f1267cd-1900-0000-9150-becfbc090000 pid=2492->guuid=7f1e53de-1900-0000-9150-becfe7090000 pid=2535 clone guuid=802957de-1900-0000-9150-becfe8090000 pid=2536 /home/sandbox/x86 net send-data zombie guuid=0f1267cd-1900-0000-9150-becfbc090000 pid=2492->guuid=802957de-1900-0000-9150-becfe8090000 pid=2536 clone guuid=802957de-1900-0000-9150-becfe8090000 pid=2536->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=802957de-1900-0000-9150-becfe8090000 pid=2536->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=cef55fde-1900-0000-9150-becfe9090000 pid=2537->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 90B guuid=7a62b7e0-1900-0000-9150-becff2090000 pid=2546->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ab2a13f0-1900-0000-9150-becf140a0000 pid=2580 /home/sandbox/x86_64 guuid=7a62b7e0-1900-0000-9150-becff2090000 pid=2546->guuid=ab2a13f0-1900-0000-9150-becf140a0000 pid=2580 clone guuid=3b3d18f0-1900-0000-9150-becf150a0000 pid=2581 /home/sandbox/x86_64 net send-data zombie guuid=7a62b7e0-1900-0000-9150-becff2090000 pid=2546->guuid=3b3d18f0-1900-0000-9150-becf150a0000 pid=2581 clone guuid=3b3d18f0-1900-0000-9150-becf150a0000 pid=2581->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3b3d18f0-1900-0000-9150-becf150a0000 pid=2581->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-12 12:48:25 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xrhv6tuxsd3yrtfikkdxmnumjh5q6fsfmcr2cwbxtpbsghjt7c3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251013-f29r4svnw9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bc4f5f4e9790f788cca8528776368c49fb0f164560a3a158379bc3231d33f8b6

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3670399/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments