MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76
SHA3-384 hash: 0f57e240064864dbbb87b9ed26c980f8d155c83f3f47eacb5367ea1425cc69b0139f9e29627d46454bbf4390716fe1c8
SHA1 hash: 893442be9e80a41ed290f7048f9375831c141ba0
MD5 hash: ec5c7b4c40f63df2f4076a169a7dc285
humanhash: orange-delaware-sweet-utah
File name:o
Download: download sample
Signature Mirai
Create hunting rule
File size:2'466 bytes
First seen:2026-01-28 19:15:08 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vj3r3rj3x37j3w3Xj3a3rbj3n3fj3Ah3AuJj3sQ3suj3Y3Nfj3M3Vg2j3W63W0/y:vTbrTx7T6XT0rbT3fT4rTHLTiNfT2Vgh
TLSH T10E5178D92372497B1D34EA9BE66AC44CE261E5DF0B9E6F5428DC28B840CCE1A5001D7B
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/697a6058a57b6af70d11048d/reports/eedd29a1-377d-4a98-a7ed-0d1aa86e8c2f/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-27T02:01:00Z UTC
Last seen:
2026-01-27T02:23:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4801e0fa-ea07-4f41-9ccb-f7a46bfa5b02
Behavior Graph:
Download SVG
%3 guuid=2029add9-1700-0000-8a1e-ebd4ee0b0000 pid=3054 /usr/bin/sudo guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061 /tmp/sample.bin guuid=2029add9-1700-0000-8a1e-ebd4ee0b0000 pid=3054->guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061 execve guuid=e5fa03dc-1700-0000-8a1e-ebd4f70b0000 pid=3063 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=e5fa03dc-1700-0000-8a1e-ebd4f70b0000 pid=3063 execve guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4472 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4472 execve guuid=908da6b8-1a00-0000-8a1e-ebd415120000 pid=4629 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=908da6b8-1a00-0000-8a1e-ebd415120000 pid=4629 execve guuid=32252cb9-1a00-0000-8a1e-ebd419120000 pid=4633 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=32252cb9-1a00-0000-8a1e-ebd419120000 pid=4633 clone guuid=0e093fba-1a00-0000-8a1e-ebd41c120000 pid=4636 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=0e093fba-1a00-0000-8a1e-ebd41c120000 pid=4636 execve guuid=37ed30bc-1a00-0000-8a1e-ebd424120000 pid=4644 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=37ed30bc-1a00-0000-8a1e-ebd424120000 pid=4644 execve guuid=7d57ddbc-1a00-0000-8a1e-ebd426120000 pid=4646 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=7d57ddbc-1a00-0000-8a1e-ebd426120000 pid=4646 execve guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4780 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4780 execve guuid=1dea5632-1b00-0000-8a1e-ebd446130000 pid=4934 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=1dea5632-1b00-0000-8a1e-ebd446130000 pid=4934 execve guuid=64a6cc32-1b00-0000-8a1e-ebd448130000 pid=4936 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=64a6cc32-1b00-0000-8a1e-ebd448130000 pid=4936 clone guuid=92a60435-1b00-0000-8a1e-ebd44e130000 pid=4942 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=92a60435-1b00-0000-8a1e-ebd44e130000 pid=4942 execve guuid=34b9d937-1b00-0000-8a1e-ebd456130000 pid=4950 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=34b9d937-1b00-0000-8a1e-ebd456130000 pid=4950 execve guuid=5d303d38-1b00-0000-8a1e-ebd458130000 pid=4952 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=5d303d38-1b00-0000-8a1e-ebd458130000 pid=4952 execve guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5089 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5089 execve guuid=e6e76d90-1b00-0000-8a1e-ebd465140000 pid=5221 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=e6e76d90-1b00-0000-8a1e-ebd465140000 pid=5221 execve guuid=d0b2cd90-1b00-0000-8a1e-ebd466140000 pid=5222 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=d0b2cd90-1b00-0000-8a1e-ebd466140000 pid=5222 clone guuid=b75c7591-1b00-0000-8a1e-ebd468140000 pid=5224 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=b75c7591-1b00-0000-8a1e-ebd468140000 pid=5224 execve guuid=2a8bcc91-1b00-0000-8a1e-ebd469140000 pid=5225 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2a8bcc91-1b00-0000-8a1e-ebd469140000 pid=5225 execve guuid=803c2292-1b00-0000-8a1e-ebd46a140000 pid=5226 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=803c2292-1b00-0000-8a1e-ebd46a140000 pid=5226 execve guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5238 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5238 execve guuid=a0a1361d-1c00-0000-8a1e-ebd478140000 pid=5240 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=a0a1361d-1c00-0000-8a1e-ebd478140000 pid=5240 execve guuid=29d3f51d-1c00-0000-8a1e-ebd479140000 pid=5241 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=29d3f51d-1c00-0000-8a1e-ebd479140000 pid=5241 clone guuid=fa9e5221-1c00-0000-8a1e-ebd47b140000 pid=5243 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=fa9e5221-1c00-0000-8a1e-ebd47b140000 pid=5243 execve guuid=b468d221-1c00-0000-8a1e-ebd47c140000 pid=5244 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=b468d221-1c00-0000-8a1e-ebd47c140000 pid=5244 execve guuid=e2105022-1c00-0000-8a1e-ebd47d140000 pid=5245 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=e2105022-1c00-0000-8a1e-ebd47d140000 pid=5245 execve guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5246 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5246 execve guuid=24b4bd9a-1c00-0000-8a1e-ebd487140000 pid=5255 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=24b4bd9a-1c00-0000-8a1e-ebd487140000 pid=5255 execve guuid=e6e1c39b-1c00-0000-8a1e-ebd488140000 pid=5256 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=e6e1c39b-1c00-0000-8a1e-ebd488140000 pid=5256 clone guuid=2845449d-1c00-0000-8a1e-ebd48a140000 pid=5258 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2845449d-1c00-0000-8a1e-ebd48a140000 pid=5258 execve guuid=2a629db3-1c00-0000-8a1e-ebd48b140000 pid=5259 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2a629db3-1c00-0000-8a1e-ebd48b140000 pid=5259 execve guuid=09c3f4b3-1c00-0000-8a1e-ebd48c140000 pid=5260 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=09c3f4b3-1c00-0000-8a1e-ebd48c140000 pid=5260 execve guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5261 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5261 execve guuid=04dc7f2c-1d00-0000-8a1e-ebd48f140000 pid=5263 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=04dc7f2c-1d00-0000-8a1e-ebd48f140000 pid=5263 execve guuid=d371d12c-1d00-0000-8a1e-ebd490140000 pid=5264 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=d371d12c-1d00-0000-8a1e-ebd490140000 pid=5264 clone guuid=70289e2d-1d00-0000-8a1e-ebd492140000 pid=5266 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=70289e2d-1d00-0000-8a1e-ebd492140000 pid=5266 execve guuid=660cf82d-1d00-0000-8a1e-ebd493140000 pid=5267 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=660cf82d-1d00-0000-8a1e-ebd493140000 pid=5267 execve guuid=0f0e432e-1d00-0000-8a1e-ebd494140000 pid=5268 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=0f0e432e-1d00-0000-8a1e-ebd494140000 pid=5268 execve guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5275 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5275 execve guuid=0aeb439e-1d00-0000-8a1e-ebd4a7140000 pid=5287 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=0aeb439e-1d00-0000-8a1e-ebd4a7140000 pid=5287 execve guuid=72868c9e-1d00-0000-8a1e-ebd4a9140000 pid=5289 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=72868c9e-1d00-0000-8a1e-ebd4a9140000 pid=5289 clone guuid=f41f1c9f-1d00-0000-8a1e-ebd4ab140000 pid=5291 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=f41f1c9f-1d00-0000-8a1e-ebd4ab140000 pid=5291 execve guuid=c9525d9f-1d00-0000-8a1e-ebd4ac140000 pid=5292 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=c9525d9f-1d00-0000-8a1e-ebd4ac140000 pid=5292 execve guuid=61b8a29f-1d00-0000-8a1e-ebd4ae140000 pid=5294 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=61b8a29f-1d00-0000-8a1e-ebd4ae140000 pid=5294 execve guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5309 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5309 execve guuid=9bd5ca21-1f00-0000-8a1e-ebd4bf140000 pid=5311 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=9bd5ca21-1f00-0000-8a1e-ebd4bf140000 pid=5311 execve guuid=e23f6722-1f00-0000-8a1e-ebd4c0140000 pid=5312 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=e23f6722-1f00-0000-8a1e-ebd4c0140000 pid=5312 clone guuid=2c7aee23-1f00-0000-8a1e-ebd4c2140000 pid=5314 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2c7aee23-1f00-0000-8a1e-ebd4c2140000 pid=5314 execve guuid=3b238424-1f00-0000-8a1e-ebd4c3140000 pid=5315 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=3b238424-1f00-0000-8a1e-ebd4c3140000 pid=5315 execve guuid=88060e25-1f00-0000-8a1e-ebd4c4140000 pid=5316 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=88060e25-1f00-0000-8a1e-ebd4c4140000 pid=5316 execve guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5317 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5317 execve guuid=fdd36c80-1f00-0000-8a1e-ebd4c7140000 pid=5319 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=fdd36c80-1f00-0000-8a1e-ebd4c7140000 pid=5319 execve guuid=48abb080-1f00-0000-8a1e-ebd4c8140000 pid=5320 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=48abb080-1f00-0000-8a1e-ebd4c8140000 pid=5320 clone guuid=7af71282-1f00-0000-8a1e-ebd4ca140000 pid=5322 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=7af71282-1f00-0000-8a1e-ebd4ca140000 pid=5322 execve guuid=00bbb082-1f00-0000-8a1e-ebd4cb140000 pid=5323 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=00bbb082-1f00-0000-8a1e-ebd4cb140000 pid=5323 execve guuid=19f11183-1f00-0000-8a1e-ebd4cc140000 pid=5324 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=19f11183-1f00-0000-8a1e-ebd4cc140000 pid=5324 execve guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5325 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5325 execve guuid=236030f5-1f00-0000-8a1e-ebd4cf140000 pid=5327 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=236030f5-1f00-0000-8a1e-ebd4cf140000 pid=5327 execve guuid=46e7b6f5-1f00-0000-8a1e-ebd4d0140000 pid=5328 /usr/bin/bash guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=46e7b6f5-1f00-0000-8a1e-ebd4d0140000 pid=5328 clone guuid=ac8e51f6-1f00-0000-8a1e-ebd4d2140000 pid=5330 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=ac8e51f6-1f00-0000-8a1e-ebd4d2140000 pid=5330 execve guuid=c7e99af6-1f00-0000-8a1e-ebd4d3140000 pid=5331 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=c7e99af6-1f00-0000-8a1e-ebd4d3140000 pid=5331 execve guuid=4748dff6-1f00-0000-8a1e-ebd4d4140000 pid=5332 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=4748dff6-1f00-0000-8a1e-ebd4d4140000 pid=5332 execve guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5333 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5333 execve guuid=d5899f4d-2000-0000-8a1e-ebd4d7140000 pid=5335 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=d5899f4d-2000-0000-8a1e-ebd4d7140000 pid=5335 execve guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336 /tmp/0upx64 net guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336 execve guuid=8c25854e-2000-0000-8a1e-ebd4dc140000 pid=5340 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=8c25854e-2000-0000-8a1e-ebd4dc140000 pid=5340 execve guuid=0d970d4f-2000-0000-8a1e-ebd4df140000 pid=5343 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=0d970d4f-2000-0000-8a1e-ebd4df140000 pid=5343 execve guuid=d4179f4f-2000-0000-8a1e-ebd4e0140000 pid=5344 /usr/bin/wget dns net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=d4179f4f-2000-0000-8a1e-ebd4e0140000 pid=5344 execve guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5345 /usr/bin/curl net send-data write-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5345 execve guuid=750bbea7-2000-0000-8a1e-ebd4e3140000 pid=5347 /usr/bin/chmod guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=750bbea7-2000-0000-8a1e-ebd4e3140000 pid=5347 execve guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348 /tmp/0upx86 net guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348 execve guuid=288f5fa8-2000-0000-8a1e-ebd4e8140000 pid=5352 /usr/bin/rm delete-file guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=288f5fa8-2000-0000-8a1e-ebd4e8140000 pid=5352 execve guuid=731cbda8-2000-0000-8a1e-ebd4eb140000 pid=5355 /usr/bin/rm guuid=5715abdb-1700-0000-8a1e-ebd4f50b0000 pid=3061->guuid=731cbda8-2000-0000-8a1e-ebd4eb140000 pid=5355 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=e5fa03dc-1700-0000-8a1e-ebd4f70b0000 pid=3063->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 195B f6641238-6490-5957-9040-77a5386f55cb basic1997.duckdns.org:8443 guuid=e5fa03dc-1700-0000-8a1e-ebd4f70b0000 pid=3063->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4472->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4485 /usr/bin/curl dns net send-data guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4472->guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4485 clone guuid=2e5e2c70-1a00-0000-8a1e-ebd478110000 pid=4485->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=7d57ddbc-1a00-0000-8a1e-ebd426120000 pid=4646->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=7d57ddbc-1a00-0000-8a1e-ebd426120000 pid=4646->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4780->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4794 /usr/bin/curl dns net send-data guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4780->guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4794 clone guuid=4cb291f6-1a00-0000-8a1e-ebd4ac120000 pid=4794->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=5d303d38-1b00-0000-8a1e-ebd458130000 pid=4952->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=5d303d38-1b00-0000-8a1e-ebd458130000 pid=4952->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5089->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5100 /usr/bin/curl dns net send-data guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5089->guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5100 clone guuid=f6056363-1b00-0000-8a1e-ebd4e1130000 pid=5100->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=803c2292-1b00-0000-8a1e-ebd46a140000 pid=5226->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=803c2292-1b00-0000-8a1e-ebd46a140000 pid=5226->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5238->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5239 /usr/bin/curl dns net send-data guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5238->guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5239 clone guuid=4f45f7d5-1b00-0000-8a1e-ebd476140000 pid=5239->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=e2105022-1c00-0000-8a1e-ebd47d140000 pid=5245->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=e2105022-1c00-0000-8a1e-ebd47d140000 pid=5245->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5246->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5247 /usr/bin/curl dns net send-data guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5246->guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5247 clone guuid=c8969459-1c00-0000-8a1e-ebd47e140000 pid=5247->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=09c3f4b3-1c00-0000-8a1e-ebd48c140000 pid=5260->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=09c3f4b3-1c00-0000-8a1e-ebd48c140000 pid=5260->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5261->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5262 /usr/bin/curl dns net send-data guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5261->guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5262 clone guuid=484983f0-1c00-0000-8a1e-ebd48d140000 pid=5262->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=0f0e432e-1d00-0000-8a1e-ebd494140000 pid=5268->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=0f0e432e-1d00-0000-8a1e-ebd494140000 pid=5268->f6641238-6490-5957-9040-77a5386f55cb send: 148B guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5275->f6641238-6490-5957-9040-77a5386f55cb send: 97B guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5276 /usr/bin/curl dns net send-data guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5275->guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5276 clone guuid=26be2e65-1d00-0000-8a1e-ebd49b140000 pid=5276->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=61b8a29f-1d00-0000-8a1e-ebd4ae140000 pid=5294->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=61b8a29f-1d00-0000-8a1e-ebd4ae140000 pid=5294->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5309->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5310 /usr/bin/curl dns net send-data guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5309->guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5310 clone guuid=9551eec9-1d00-0000-8a1e-ebd4bd140000 pid=5310->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 156B guuid=88060e25-1f00-0000-8a1e-ebd4c4140000 pid=5316->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=88060e25-1f00-0000-8a1e-ebd4c4140000 pid=5316->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5317->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5318 /usr/bin/curl dns net send-data guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5317->guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5318 clone guuid=f4999f51-1f00-0000-8a1e-ebd4c5140000 pid=5318->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=19f11183-1f00-0000-8a1e-ebd4cc140000 pid=5324->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=19f11183-1f00-0000-8a1e-ebd4cc140000 pid=5324->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5325->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5326 /usr/bin/curl dns net send-data guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5325->guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5326 clone guuid=982df3bb-1f00-0000-8a1e-ebd4cd140000 pid=5326->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=4748dff6-1f00-0000-8a1e-ebd4d4140000 pid=5332->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=4748dff6-1f00-0000-8a1e-ebd4d4140000 pid=5332->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5333->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5334 /usr/bin/curl dns net send-data guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5333->guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5334 clone guuid=03cc6720-2000-0000-8a1e-ebd4d5140000 pid=5334->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8007674e-2000-0000-8a1e-ebd4d9140000 pid=5337 /tmp/0upx64 zombie guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336->guuid=8007674e-2000-0000-8a1e-ebd4d9140000 pid=5337 clone guuid=5d1e6d4e-2000-0000-8a1e-ebd4da140000 pid=5338 /tmp/0upx64 guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336->guuid=5d1e6d4e-2000-0000-8a1e-ebd4da140000 pid=5338 clone guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339 /tmp/0upx64 net send-data zombie guuid=0c883c4e-2000-0000-8a1e-ebd4d8140000 pid=5336->guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339 clone guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con e6759ed1-8e2f-5682-b2a3-4df9bb531656 87.120.191.59:8080 guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339->e6759ed1-8e2f-5682-b2a3-4df9bb531656 send: 10B guuid=db8a8c4e-2000-0000-8a1e-ebd4dd140000 pid=5341 /tmp/0upx64 guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339->guuid=db8a8c4e-2000-0000-8a1e-ebd4dd140000 pid=5341 clone guuid=262b974e-2000-0000-8a1e-ebd4de140000 pid=5342 /tmp/0upx64 guuid=4279734e-2000-0000-8a1e-ebd4db140000 pid=5339->guuid=262b974e-2000-0000-8a1e-ebd4de140000 pid=5342 clone guuid=d4179f4f-2000-0000-8a1e-ebd4e0140000 pid=5344->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=d4179f4f-2000-0000-8a1e-ebd4e0140000 pid=5344->f6641238-6490-5957-9040-77a5386f55cb send: 147B guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5345->f6641238-6490-5957-9040-77a5386f55cb send: 96B guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5346 /usr/bin/curl dns net send-data guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5345->guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5346 clone guuid=eac6fe7a-2000-0000-8a1e-ebd4e1140000 pid=5346->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 78B guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=989e46a8-2000-0000-8a1e-ebd4e5140000 pid=5349 /tmp/0upx86 zombie guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348->guuid=989e46a8-2000-0000-8a1e-ebd4e5140000 pid=5349 clone guuid=1ba94aa8-2000-0000-8a1e-ebd4e6140000 pid=5350 /tmp/0upx86 guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348->guuid=1ba94aa8-2000-0000-8a1e-ebd4e6140000 pid=5350 clone guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351 /tmp/0upx86 net send-data zombie guuid=2ff928a8-2000-0000-8a1e-ebd4e4140000 pid=5348->guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351 clone guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351->e6759ed1-8e2f-5682-b2a3-4df9bb531656 send: 10B guuid=ced06ba8-2000-0000-8a1e-ebd4e9140000 pid=5353 /tmp/0upx86 guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351->guuid=ced06ba8-2000-0000-8a1e-ebd4e9140000 pid=5353 clone guuid=7f1174a8-2000-0000-8a1e-ebd4ea140000 pid=5354 /tmp/0upx86 guuid=b2ce4fa8-2000-0000-8a1e-ebd4e7140000 pid=5351->guuid=7f1174a8-2000-0000-8a1e-ebd4ea140000 pid=5354 clone
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76
Threat name:
Linux.Trojan.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-01-28 19:15:38 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x425pnkyhfbg4bw6rg2mus4wynczcxiq5jrg5kdobqrm45pjrv3a._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:owari antivm botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260128-xyjvysaz4b/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Unexpected DNS network traffic destination
Mirai
Mirai family
Malware Config
C2 Extraction:
sophos1997.camdvr.org
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bf35d7b55839426e06de89b4ca4b96c345915d10ea626ea86e0c22ce75e98d76

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3765205/
  
Delivery method
Distributed via web download

Comments