MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280
SHA3-384 hash: d37612d90b206a306228b875303347be04c7a9267397ac3730c56bbdc8b3262f638b218fae92e7e6b7392bf5970881a4
SHA1 hash: 6357c24961c4fb1513d1a494f70e7d6195b6b0da
MD5 hash: f2273c183e5ed9b55ba356cd492e1040
humanhash: echo-pennsylvania-arkansas-violet
File name:test.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'281 bytes
First seen:2025-11-23 10:10:30 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:s8uI8DlDz7L8kPaJ8fzV86QIU86w6W8WzWZp8N18pSM8Y1s82Or85zP:sY8LceVArPWcYDMPs6rAP
TLSH T1EA412EDD77B270B16C61AD32657A4404B0A1E4D5A2C0AE967CCC3AF2C0CDE5472B1BAF
Magika csv
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://netrip.ddns.net/systemcl/arm3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae Miraielf mirai
http://netrip.ddns.net/systemcl/arm515c555f6d2014a41eb89f2779f43d1fc11677f501a3219cd3aa72bd0619a2849 Miraielf mirai
http://netrip.ddns.net/systemcl/arm6dfd02ed59c95575642af97a5a34c18ec7be4a61872e339720bba3286d6dbc80d Miraielf mirai
http://netrip.ddns.net/systemcl/arm776f40915e3bbfcd021903f45af774295d1781c327addbcabb3b5bd35da28ecb6 Miraielf mirai
http://netrip.ddns.net/systemcl/m68k452a0c93f439b4eeb230d8a3b2b01934b286283bdcc509cc56f09734f1b667ed Miraielf mirai
http://netrip.ddns.net/systemcl/mipsa5357cb8f6566613be9393a2def399b617ef91c2bc5ead8b8c1ff0f50d3f8dd5 Miraielf mirai
http://netrip.ddns.net/systemcl/mpsla8e6f02362f973adda0cf4dcbc1c5c3809ee7477a7967287893457b8c5eb02b1 Miraielf mirai
http://netrip.ddns.net/systemcl/ppcc3f7cf4b69be7bcc3f70465622a093198c73174902d8dd8dfde516f161ba4569 Miraielf mirai
http://netrip.ddns.net/systemcl/sh4n/an/an/a
http://netrip.ddns.net/systemcl/spcn/an/an/a
http://netrip.ddns.net/systemcl/x866f83f9621bd8b0e62a71359b184969f147b0046328455d84a8f20aa1a7ad0fae Miraielf mirai
http://netrip.ddns.net/systemcl/x86_646f83f9621bd8b0e62a71359b184969f147b0046328455d84a8f20aa1a7ad0fae Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive medusa mirai
Link:
https://www.filescan.io/uploads/6922e554eecb08e4aa45aada/reports/8760ce42-d4b9-4f62-acc4-d0c0b4beb455/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-21T09:07:00Z UTC
Last seen:
2025-11-23T10:29:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8d67be24-5390-4e89-835a-a4f71753cf29
Behavior Graph:
Download SVG
%3 guuid=29a0fe79-1c00-0000-f290-eb46d30a0000 pid=2771 /usr/bin/sudo guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779 /tmp/sample.bin guuid=29a0fe79-1c00-0000-f290-eb46d30a0000 pid=2771->guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779 execve guuid=02ef687f-1c00-0000-f290-eb46dc0a0000 pid=2780 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=02ef687f-1c00-0000-f290-eb46dc0a0000 pid=2780 execve guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2829 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2829 execve guuid=e5d273b7-1c00-0000-f290-eb46550b0000 pid=2901 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=e5d273b7-1c00-0000-f290-eb46550b0000 pid=2901 execve guuid=e34ab6b7-1c00-0000-f290-eb46570b0000 pid=2903 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=e34ab6b7-1c00-0000-f290-eb46570b0000 pid=2903 execve guuid=b6e3f0b7-1c00-0000-f290-eb46590b0000 pid=2905 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=b6e3f0b7-1c00-0000-f290-eb46590b0000 pid=2905 clone guuid=ab5e6cb8-1c00-0000-f290-eb465c0b0000 pid=2908 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=ab5e6cb8-1c00-0000-f290-eb465c0b0000 pid=2908 execve guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2929 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2929 execve guuid=4f6ad2ea-1c00-0000-f290-eb46a30b0000 pid=2979 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=4f6ad2ea-1c00-0000-f290-eb46a30b0000 pid=2979 execve guuid=74b27ceb-1c00-0000-f290-eb46a60b0000 pid=2982 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=74b27ceb-1c00-0000-f290-eb46a60b0000 pid=2982 execve guuid=e060d8eb-1c00-0000-f290-eb46a80b0000 pid=2984 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=e060d8eb-1c00-0000-f290-eb46a80b0000 pid=2984 clone guuid=1600e4ec-1c00-0000-f290-eb46ad0b0000 pid=2989 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=1600e4ec-1c00-0000-f290-eb46ad0b0000 pid=2989 execve guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3052 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3052 execve guuid=763e8e2e-1d00-0000-f290-eb46520c0000 pid=3154 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=763e8e2e-1d00-0000-f290-eb46520c0000 pid=3154 execve guuid=b76bd72e-1d00-0000-f290-eb46540c0000 pid=3156 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=b76bd72e-1d00-0000-f290-eb46540c0000 pid=3156 execve guuid=66bf262f-1d00-0000-f290-eb46560c0000 pid=3158 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=66bf262f-1d00-0000-f290-eb46560c0000 pid=3158 clone guuid=5d7bad2f-1d00-0000-f290-eb46590c0000 pid=3161 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5d7bad2f-1d00-0000-f290-eb46590c0000 pid=3161 execve guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3198 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3198 execve guuid=ddb38872-1d00-0000-f290-eb46ac0c0000 pid=3244 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=ddb38872-1d00-0000-f290-eb46ac0c0000 pid=3244 execve guuid=bc07e072-1d00-0000-f290-eb46ad0c0000 pid=3245 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=bc07e072-1d00-0000-f290-eb46ad0c0000 pid=3245 execve guuid=5c082973-1d00-0000-f290-eb46ae0c0000 pid=3246 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5c082973-1d00-0000-f290-eb46ae0c0000 pid=3246 clone guuid=8f57be73-1d00-0000-f290-eb46b20c0000 pid=3250 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=8f57be73-1d00-0000-f290-eb46b20c0000 pid=3250 execve guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3303 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3303 execve guuid=e2a550b5-1d00-0000-f290-eb461f0d0000 pid=3359 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=e2a550b5-1d00-0000-f290-eb461f0d0000 pid=3359 execve guuid=d1c4b7b5-1d00-0000-f290-eb46210d0000 pid=3361 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=d1c4b7b5-1d00-0000-f290-eb46210d0000 pid=3361 execve guuid=1285f8b5-1d00-0000-f290-eb46230d0000 pid=3363 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=1285f8b5-1d00-0000-f290-eb46230d0000 pid=3363 clone guuid=a769c8b6-1d00-0000-f290-eb46280d0000 pid=3368 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=a769c8b6-1d00-0000-f290-eb46280d0000 pid=3368 execve guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3451 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3451 execve guuid=5aa027f8-1d00-0000-f290-eb46d20d0000 pid=3538 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5aa027f8-1d00-0000-f290-eb46d20d0000 pid=3538 execve guuid=46de7df8-1d00-0000-f290-eb46d30d0000 pid=3539 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=46de7df8-1d00-0000-f290-eb46d30d0000 pid=3539 execve guuid=5424c3f8-1d00-0000-f290-eb46d50d0000 pid=3541 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5424c3f8-1d00-0000-f290-eb46d50d0000 pid=3541 clone guuid=9d498ff9-1d00-0000-f290-eb46d70d0000 pid=3543 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=9d498ff9-1d00-0000-f290-eb46d70d0000 pid=3543 execve guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3603 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3603 execve guuid=97cb923f-1e00-0000-f290-eb46590e0000 pid=3673 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=97cb923f-1e00-0000-f290-eb46590e0000 pid=3673 execve guuid=2fb62340-1e00-0000-f290-eb465a0e0000 pid=3674 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=2fb62340-1e00-0000-f290-eb465a0e0000 pid=3674 execve guuid=9bf37240-1e00-0000-f290-eb465c0e0000 pid=3676 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=9bf37240-1e00-0000-f290-eb465c0e0000 pid=3676 clone guuid=17ad0941-1e00-0000-f290-eb465f0e0000 pid=3679 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=17ad0941-1e00-0000-f290-eb465f0e0000 pid=3679 execve guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3772 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3772 execve guuid=2150597c-1e00-0000-f290-eb46240f0000 pid=3876 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=2150597c-1e00-0000-f290-eb46240f0000 pid=3876 execve guuid=7a2cca7c-1e00-0000-f290-eb46260f0000 pid=3878 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=7a2cca7c-1e00-0000-f290-eb46260f0000 pid=3878 execve guuid=18e0407d-1e00-0000-f290-eb46290f0000 pid=3881 /usr/bin/dash guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=18e0407d-1e00-0000-f290-eb46290f0000 pid=3881 clone guuid=4046c87d-1e00-0000-f290-eb462b0f0000 pid=3883 /usr/bin/wget dns net send-data guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=4046c87d-1e00-0000-f290-eb462b0f0000 pid=3883 execve guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3941 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3941 execve guuid=751fb8a1-1e00-0000-f290-eb46a50f0000 pid=4005 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=751fb8a1-1e00-0000-f290-eb46a50f0000 pid=4005 execve guuid=cd6e1fa2-1e00-0000-f290-eb46a60f0000 pid=4006 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=cd6e1fa2-1e00-0000-f290-eb46a60f0000 pid=4006 execve guuid=8f5088a2-1e00-0000-f290-eb46aa0f0000 pid=4010 /tmp/sh4 guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=8f5088a2-1e00-0000-f290-eb46aa0f0000 pid=4010 execve guuid=24e4e0a2-1e00-0000-f290-eb46ad0f0000 pid=4013 /usr/bin/wget dns net send-data guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=24e4e0a2-1e00-0000-f290-eb46ad0f0000 pid=4013 execve guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4071 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4071 execve guuid=1162a3c5-1e00-0000-f290-eb4631100000 pid=4145 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=1162a3c5-1e00-0000-f290-eb4631100000 pid=4145 execve guuid=a51502c6-1e00-0000-f290-eb4634100000 pid=4148 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=a51502c6-1e00-0000-f290-eb4634100000 pid=4148 execve guuid=54df64c6-1e00-0000-f290-eb4636100000 pid=4150 /tmp/spc guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=54df64c6-1e00-0000-f290-eb4636100000 pid=4150 execve guuid=fcbda1c6-1e00-0000-f290-eb4638100000 pid=4152 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=fcbda1c6-1e00-0000-f290-eb4638100000 pid=4152 execve guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4255 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4255 execve guuid=ae0d35fa-1e00-0000-f290-eb4604110000 pid=4356 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=ae0d35fa-1e00-0000-f290-eb4604110000 pid=4356 execve guuid=2f0474fa-1e00-0000-f290-eb4607110000 pid=4359 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=2f0474fa-1e00-0000-f290-eb4607110000 pid=4359 execve guuid=7c85d7fa-1e00-0000-f290-eb460b110000 pid=4363 /tmp/x86 net guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=7c85d7fa-1e00-0000-f290-eb460b110000 pid=4363 execve guuid=fdfdea16-1f00-0000-f290-eb464a110000 pid=4426 /usr/bin/wget dns net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=fdfdea16-1f00-0000-f290-eb464a110000 pid=4426 execve guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4495 /usr/bin/curl net send-data write-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4495 execve guuid=33a6c552-1f00-0000-f290-eb46e8110000 pid=4584 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=33a6c552-1f00-0000-f290-eb46e8110000 pid=4584 execve guuid=35911553-1f00-0000-f290-eb46eb110000 pid=4587 /usr/bin/chmod guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=35911553-1f00-0000-f290-eb46eb110000 pid=4587 execve guuid=d6e65353-1f00-0000-f290-eb46ec110000 pid=4588 /tmp/x86_64 net guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=d6e65353-1f00-0000-f290-eb46ec110000 pid=4588 execve guuid=0235cc6d-1f00-0000-f290-eb4664120000 pid=4708 /usr/bin/rm delete-file guuid=1e8e117f-1c00-0000-f290-eb46db0a0000 pid=2779->guuid=0235cc6d-1f00-0000-f290-eb4664120000 pid=4708 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=02ef687f-1c00-0000-f290-eb46dc0a0000 pid=2780->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B ee838ae7-7dec-5cba-ab0c-c069585a4fa0 netrip.ddns.net:80 guuid=02ef687f-1c00-0000-f290-eb46dc0a0000 pid=2780->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 142B guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2829->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 91B guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2842 /usr/bin/curl dns net send-data guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2829->guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2842 clone guuid=bfd5569a-1c00-0000-f290-eb460d0b0000 pid=2842->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=ab5e6cb8-1c00-0000-f290-eb465c0b0000 pid=2908->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=ab5e6cb8-1c00-0000-f290-eb465c0b0000 pid=2908->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2929->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2934 /usr/bin/curl dns net send-data guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2929->guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2934 clone guuid=a09020d1-1c00-0000-f290-eb46710b0000 pid=2934->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=1600e4ec-1c00-0000-f290-eb46ad0b0000 pid=2989->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=1600e4ec-1c00-0000-f290-eb46ad0b0000 pid=2989->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3052->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3059 /usr/bin/curl dns net send-data guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3052->guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3059 clone guuid=1e25cf0d-1d00-0000-f290-eb46ec0b0000 pid=3059->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=5d7bad2f-1d00-0000-f290-eb46590c0000 pid=3161->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=5d7bad2f-1d00-0000-f290-eb46590c0000 pid=3161->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3198->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3200 /usr/bin/curl dns net send-data guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3198->guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3200 clone guuid=ebb4b64f-1d00-0000-f290-eb467e0c0000 pid=3200->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=8f57be73-1d00-0000-f290-eb46b20c0000 pid=3250->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=8f57be73-1d00-0000-f290-eb46b20c0000 pid=3250->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3303->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3314 /usr/bin/curl dns net send-data guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3303->guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3314 clone guuid=25df0094-1d00-0000-f290-eb46e70c0000 pid=3314->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=a769c8b6-1d00-0000-f290-eb46280d0000 pid=3368->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=a769c8b6-1d00-0000-f290-eb46280d0000 pid=3368->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3451->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3459 /usr/bin/curl dns net send-data guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3451->guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3459 clone guuid=2d1103d6-1d00-0000-f290-eb467b0d0000 pid=3459->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=9d498ff9-1d00-0000-f290-eb46d70d0000 pid=3543->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=9d498ff9-1d00-0000-f290-eb46d70d0000 pid=3543->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 143B guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3603->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 92B guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3609 /usr/bin/curl dns net send-data guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3603->guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3609 clone guuid=5cfbc019-1e00-0000-f290-eb46130e0000 pid=3609->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=17ad0941-1e00-0000-f290-eb465f0e0000 pid=3679->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=17ad0941-1e00-0000-f290-eb465f0e0000 pid=3679->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 142B guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3772->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 91B guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3782 /usr/bin/curl dns net send-data guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3772->guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3782 clone guuid=daf42b61-1e00-0000-f290-eb46bc0e0000 pid=3782->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=4046c87d-1e00-0000-f290-eb462b0f0000 pid=3883->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=4046c87d-1e00-0000-f290-eb462b0f0000 pid=3883->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 142B guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3941->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 91B guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3947 /usr/bin/curl dns net send-data guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3941->guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3947 clone guuid=215e568f-1e00-0000-f290-eb46650f0000 pid=3947->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=24e4e0a2-1e00-0000-f290-eb46ad0f0000 pid=4013->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=24e4e0a2-1e00-0000-f290-eb46ad0f0000 pid=4013->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 142B guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4071->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 91B guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4077 /usr/bin/curl dns net send-data guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4071->guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4077 clone guuid=5bf9d5b3-1e00-0000-f290-eb46e70f0000 pid=4077->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=fcbda1c6-1e00-0000-f290-eb4638100000 pid=4152->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=fcbda1c6-1e00-0000-f290-eb4638100000 pid=4152->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 142B guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4255->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 91B guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4267 /usr/bin/curl dns net send-data guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4255->guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4267 clone guuid=5e12aadf-1e00-0000-f290-eb469f100000 pid=4267->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=7c85d7fa-1e00-0000-f290-eb460b110000 pid=4363->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d858dc16-1f00-0000-f290-eb4647110000 pid=4423 /tmp/x86 guuid=7c85d7fa-1e00-0000-f290-eb460b110000 pid=4363->guuid=d858dc16-1f00-0000-f290-eb4647110000 pid=4423 clone guuid=1b6ce116-1f00-0000-f290-eb4648110000 pid=4424 /tmp/x86 dns net send-data zombie guuid=7c85d7fa-1e00-0000-f290-eb460b110000 pid=4363->guuid=1b6ce116-1f00-0000-f290-eb4648110000 pid=4424 clone guuid=1b6ce116-1f00-0000-f290-eb4648110000 pid=4424->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B 92baddd7-8a81-534e-9407-4c1f931774f6 ahahahahahajs.unproxy.st:9772 guuid=1b6ce116-1f00-0000-f290-eb4648110000 pid=4424->92baddd7-8a81-534e-9407-4c1f931774f6 send: 41B guuid=fdfdea16-1f00-0000-f290-eb464a110000 pid=4426->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=fdfdea16-1f00-0000-f290-eb464a110000 pid=4426->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 145B guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4495->ee838ae7-7dec-5cba-ab0c-c069585a4fa0 send: 94B guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4529 /usr/bin/curl dns net send-data guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4495->guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4529 clone guuid=06ff0f31-1f00-0000-f290-eb468f110000 pid=4529->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 66B guuid=d6e65353-1f00-0000-f290-eb46ec110000 pid=4588->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d75bc06d-1f00-0000-f290-eb4662120000 pid=4706 /tmp/x86_64 zombie guuid=d6e65353-1f00-0000-f290-eb46ec110000 pid=4588->guuid=d75bc06d-1f00-0000-f290-eb4662120000 pid=4706 clone guuid=4621c56d-1f00-0000-f290-eb4663120000 pid=4707 /tmp/x86_64 dns net send-data zombie guuid=d6e65353-1f00-0000-f290-eb46ec110000 pid=4588->guuid=4621c56d-1f00-0000-f290-eb4663120000 pid=4707 clone guuid=4621c56d-1f00-0000-f290-eb4663120000 pid=4707->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B guuid=4621c56d-1f00-0000-f290-eb4663120000 pid=4707->92baddd7-8a81-534e-9407-4c1f931774f6 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-11 10:38:21 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtjubz2gn3abtcwsak77gwpfar4mv2wtw6wabgk3yvhmwk75ukaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251123-mszzwatrc1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:UNK_install_script
Create hunting rule
Author:evilcel3ri
Description:Detects a suspicious behaviour in an bash installation script

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bcd340e7466ec0198ad202bff359e50478caead3b7ac00995bc54ecb2bfda280

(this sample)

Mirai

elf 1a16ce155a3f026fcf3158a138278f0ab7be1440a8db7e72251df784238f12f5

Mirai

elf 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

  
URLhaus
https://urlhaus.abuse.ch/url/3714796/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3714798/
  
URLhaus
https://urlhaus.abuse.ch/url/3714799/
  
Dropping
MD5 e3dd5b13a3edce553468bc4464e080c6
  
Dropping
SHA256 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

Comments