MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d
SHA3-384 hash: d537bef6f511650c231d0338b60ab022cee4f1cedcc6026d481be40c1438f15fd8701173d2289affdaff37fd8bea8ba9
SHA1 hash: 211429c782f8abdea06776233e8de544ae1f4a53
MD5 hash: 18a56578587aaed676f8fc4d6ab7d88f
humanhash: november-gee-arkansas-maine
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'344 bytes
First seen:2025-07-02 05:04:06 UTC
Last seen:2025-07-03 12:22:06 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:Itf9tZsf2Kbhfrrkfq2lffAsmsfMwTfOaOGgJfF16f04nLf4a4NIpKksf+yMEfAx:i+/U7Vp2b1GFL6J/NMOzBgJsFk
TLSH T1196185FA13424537DCAADEE331A88444B145809FA8CE5FB55BED29F50E4CEC9AC41E92
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.87.245/00101010101001/morte.x864fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mipsa81cd95a99e545fa8df1f913d95d4609dcae0c7933e1b5012a728b9ea9f4e46c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arc475367b6e70877052c1d83cb21a6542e9e023667e8a669b3983a9f7c70febacb Miraimirai opendir
http://196.251.87.245/00101010101001/morte.i468n/an/an/a
http://196.251.87.245/00101010101001/morte.i686502887af7e3bae97358328e359486004ac2e72a31500b26fb98b6a672d75fef9 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.x86_645f40e73a84e77e83a454da3ee487429836e3bdec4ceffc19d0d26c4901a911dd Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mpslf4d2edf5cb22fd836842fb0c277395557f3a1329cc90c280cc12839c3e6fd72c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm0e1c862fb7b3927bbf3f71b5c83949151be2dfedd584eb482c173ce2e851dd3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm5a67885abc3a05d82c9083e3df77c227e91f38aa242bc9988caf35b3a447ca596 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm661dfc5c73839259cb55254701e29c43307b89acaecf4c14b51be5d209ce80d5b Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm795d5407a92ac4b36ed3d0f10b3fb494fed6ae21491b9f5fce152b85b78fb2e12 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.ppc437732d5bde3a06c54a001342f0ad3735088bc10d3aaeb69d038520c3a00a9db Miraimirai opendir
http://196.251.87.245/00101010101001/morte.spcb98844c282ecfff203dabee396106d9726de54c4821bd35208239f7621d774b9 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.m68k7c5e6035418ce9f52bdb00eaff5e23d3d7a41f7a75554249c6cf6e44ce34ae3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.sh4e0fadfca7d4f0704722720c739c817d05fa639fdbb6edbd961d0083f73342c80 Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
12
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6864bdd6c9eb974737654c99linux22vpnfull_triage
Tags:
downloader phishing trojan agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/95119d1a-b006-4892-9691-8a9f82c43c22
Behavior Graph:
Download SVG
%3 guuid=2898f849-1900-0000-6dc0-2c26660c0000 pid=3174 /usr/bin/sudo guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176 /tmp/sample.bin guuid=2898f849-1900-0000-6dc0-2c26660c0000 pid=3174->guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176 execve guuid=02f9c84c-1900-0000-6dc0-2c26690c0000 pid=3177 /usr/bin/cp guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=02f9c84c-1900-0000-6dc0-2c26690c0000 pid=3177 execve guuid=7b457652-1900-0000-6dc0-2c26780c0000 pid=3192 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=7b457652-1900-0000-6dc0-2c26780c0000 pid=3192 execve guuid=1da18f57-1900-0000-6dc0-2c26850c0000 pid=3205 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=1da18f57-1900-0000-6dc0-2c26850c0000 pid=3205 execve guuid=ad2cd864-1900-0000-6dc0-2c268f0c0000 pid=3215 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=ad2cd864-1900-0000-6dc0-2c268f0c0000 pid=3215 execve guuid=67935565-1900-0000-6dc0-2c26900c0000 pid=3216 /tmp/morte.x86 net guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=67935565-1900-0000-6dc0-2c26900c0000 pid=3216 execve guuid=50378c66-1900-0000-6dc0-2c26940c0000 pid=3220 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=50378c66-1900-0000-6dc0-2c26940c0000 pid=3220 execve guuid=0c06e167-1900-0000-6dc0-2c26950c0000 pid=3221 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=0c06e167-1900-0000-6dc0-2c26950c0000 pid=3221 execve guuid=958d0b6d-1900-0000-6dc0-2c26960c0000 pid=3222 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=958d0b6d-1900-0000-6dc0-2c26960c0000 pid=3222 execve guuid=23f56774-1900-0000-6dc0-2c269b0c0000 pid=3227 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=23f56774-1900-0000-6dc0-2c269b0c0000 pid=3227 execve guuid=b523ab74-1900-0000-6dc0-2c269d0c0000 pid=3229 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=b523ab74-1900-0000-6dc0-2c269d0c0000 pid=3229 clone guuid=3c946175-1900-0000-6dc0-2c26a10c0000 pid=3233 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=3c946175-1900-0000-6dc0-2c26a10c0000 pid=3233 execve guuid=6d419f75-1900-0000-6dc0-2c26a20c0000 pid=3234 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=6d419f75-1900-0000-6dc0-2c26a20c0000 pid=3234 execve guuid=129b057a-1900-0000-6dc0-2c26ab0c0000 pid=3243 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=129b057a-1900-0000-6dc0-2c26ab0c0000 pid=3243 execve guuid=78a40f81-1900-0000-6dc0-2c26b20c0000 pid=3250 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=78a40f81-1900-0000-6dc0-2c26b20c0000 pid=3250 execve guuid=2a97a381-1900-0000-6dc0-2c26b30c0000 pid=3251 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=2a97a381-1900-0000-6dc0-2c26b30c0000 pid=3251 clone guuid=55774682-1900-0000-6dc0-2c26b50c0000 pid=3253 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=55774682-1900-0000-6dc0-2c26b50c0000 pid=3253 execve guuid=88d22483-1900-0000-6dc0-2c26b60c0000 pid=3254 /usr/bin/wget net send-data guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=88d22483-1900-0000-6dc0-2c26b60c0000 pid=3254 execve guuid=63bc6986-1900-0000-6dc0-2c26bb0c0000 pid=3259 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=63bc6986-1900-0000-6dc0-2c26bb0c0000 pid=3259 execve guuid=00f43a8c-1900-0000-6dc0-2c26c70c0000 pid=3271 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=00f43a8c-1900-0000-6dc0-2c26c70c0000 pid=3271 execve guuid=08089e8c-1900-0000-6dc0-2c26c80c0000 pid=3272 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=08089e8c-1900-0000-6dc0-2c26c80c0000 pid=3272 clone guuid=3a02ca8c-1900-0000-6dc0-2c26c90c0000 pid=3273 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=3a02ca8c-1900-0000-6dc0-2c26c90c0000 pid=3273 execve guuid=e781128d-1900-0000-6dc0-2c26cb0c0000 pid=3275 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=e781128d-1900-0000-6dc0-2c26cb0c0000 pid=3275 execve guuid=4d548491-1900-0000-6dc0-2c26d10c0000 pid=3281 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=4d548491-1900-0000-6dc0-2c26d10c0000 pid=3281 execve guuid=eadc8f95-1900-0000-6dc0-2c26d40c0000 pid=3284 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=eadc8f95-1900-0000-6dc0-2c26d40c0000 pid=3284 execve guuid=7538de95-1900-0000-6dc0-2c26d60c0000 pid=3286 /tmp/morte.i686 net guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=7538de95-1900-0000-6dc0-2c26d60c0000 pid=3286 execve guuid=d8c9c70d-1a00-0000-6dc0-2c26900d0000 pid=3472 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=d8c9c70d-1a00-0000-6dc0-2c26900d0000 pid=3472 execve guuid=1ef2320e-1a00-0000-6dc0-2c26930d0000 pid=3475 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=1ef2320e-1a00-0000-6dc0-2c26930d0000 pid=3475 execve guuid=1accaf11-1a00-0000-6dc0-2c269d0d0000 pid=3485 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=1accaf11-1a00-0000-6dc0-2c269d0d0000 pid=3485 execve guuid=08170616-1a00-0000-6dc0-2c26a60d0000 pid=3494 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=08170616-1a00-0000-6dc0-2c26a60d0000 pid=3494 execve guuid=64ec4116-1a00-0000-6dc0-2c26a80d0000 pid=3496 /tmp/morte.x86_64 mprotect-exec net guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=64ec4116-1a00-0000-6dc0-2c26a80d0000 pid=3496 execve guuid=6952c116-1a00-0000-6dc0-2c26ac0d0000 pid=3500 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=6952c116-1a00-0000-6dc0-2c26ac0d0000 pid=3500 execve guuid=f9540c17-1a00-0000-6dc0-2c26ae0d0000 pid=3502 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=f9540c17-1a00-0000-6dc0-2c26ae0d0000 pid=3502 execve guuid=3b644c1a-1a00-0000-6dc0-2c26ba0d0000 pid=3514 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=3b644c1a-1a00-0000-6dc0-2c26ba0d0000 pid=3514 execve guuid=86b37621-1a00-0000-6dc0-2c26c90d0000 pid=3529 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=86b37621-1a00-0000-6dc0-2c26c90d0000 pid=3529 execve guuid=acdcff21-1a00-0000-6dc0-2c26ca0d0000 pid=3530 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=acdcff21-1a00-0000-6dc0-2c26ca0d0000 pid=3530 clone guuid=2956ec22-1a00-0000-6dc0-2c26cc0d0000 pid=3532 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=2956ec22-1a00-0000-6dc0-2c26cc0d0000 pid=3532 execve guuid=657f5d24-1a00-0000-6dc0-2c26d00d0000 pid=3536 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=657f5d24-1a00-0000-6dc0-2c26d00d0000 pid=3536 execve guuid=6bf77f27-1a00-0000-6dc0-2c26db0d0000 pid=3547 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=6bf77f27-1a00-0000-6dc0-2c26db0d0000 pid=3547 execve guuid=51067a2c-1a00-0000-6dc0-2c26e30d0000 pid=3555 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=51067a2c-1a00-0000-6dc0-2c26e30d0000 pid=3555 execve guuid=a931cc2c-1a00-0000-6dc0-2c26e40d0000 pid=3556 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=a931cc2c-1a00-0000-6dc0-2c26e40d0000 pid=3556 clone guuid=2624372f-1a00-0000-6dc0-2c26eb0d0000 pid=3563 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=2624372f-1a00-0000-6dc0-2c26eb0d0000 pid=3563 execve guuid=837e892f-1a00-0000-6dc0-2c26ec0d0000 pid=3564 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=837e892f-1a00-0000-6dc0-2c26ec0d0000 pid=3564 execve guuid=5041aa32-1a00-0000-6dc0-2c26f70d0000 pid=3575 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=5041aa32-1a00-0000-6dc0-2c26f70d0000 pid=3575 execve guuid=1b941237-1a00-0000-6dc0-2c26fa0d0000 pid=3578 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=1b941237-1a00-0000-6dc0-2c26fa0d0000 pid=3578 execve guuid=43c1ec37-1a00-0000-6dc0-2c26fc0d0000 pid=3580 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=43c1ec37-1a00-0000-6dc0-2c26fc0d0000 pid=3580 clone guuid=c5548e39-1a00-0000-6dc0-2c26fe0d0000 pid=3582 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=c5548e39-1a00-0000-6dc0-2c26fe0d0000 pid=3582 execve guuid=de186b3b-1a00-0000-6dc0-2c26030e0000 pid=3587 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=de186b3b-1a00-0000-6dc0-2c26030e0000 pid=3587 execve guuid=74b5dd3f-1a00-0000-6dc0-2c260c0e0000 pid=3596 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=74b5dd3f-1a00-0000-6dc0-2c260c0e0000 pid=3596 execve guuid=9094e847-1a00-0000-6dc0-2c26240e0000 pid=3620 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=9094e847-1a00-0000-6dc0-2c26240e0000 pid=3620 execve guuid=dc253d48-1a00-0000-6dc0-2c26250e0000 pid=3621 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=dc253d48-1a00-0000-6dc0-2c26250e0000 pid=3621 clone guuid=6bd1d248-1a00-0000-6dc0-2c26290e0000 pid=3625 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=6bd1d248-1a00-0000-6dc0-2c26290e0000 pid=3625 execve guuid=5afc1e49-1a00-0000-6dc0-2c262b0e0000 pid=3627 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=5afc1e49-1a00-0000-6dc0-2c262b0e0000 pid=3627 execve guuid=064dd54c-1a00-0000-6dc0-2c26350e0000 pid=3637 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=064dd54c-1a00-0000-6dc0-2c26350e0000 pid=3637 execve guuid=96145a52-1a00-0000-6dc0-2c26410e0000 pid=3649 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=96145a52-1a00-0000-6dc0-2c26410e0000 pid=3649 execve guuid=c420cd52-1a00-0000-6dc0-2c26420e0000 pid=3650 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=c420cd52-1a00-0000-6dc0-2c26420e0000 pid=3650 clone guuid=f31cc353-1a00-0000-6dc0-2c26440e0000 pid=3652 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=f31cc353-1a00-0000-6dc0-2c26440e0000 pid=3652 execve guuid=17a7ce56-1a00-0000-6dc0-2c26460e0000 pid=3654 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=17a7ce56-1a00-0000-6dc0-2c26460e0000 pid=3654 execve guuid=e8f2ad5a-1a00-0000-6dc0-2c264e0e0000 pid=3662 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=e8f2ad5a-1a00-0000-6dc0-2c264e0e0000 pid=3662 execve guuid=a01cae60-1a00-0000-6dc0-2c26580e0000 pid=3672 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=a01cae60-1a00-0000-6dc0-2c26580e0000 pid=3672 execve guuid=d3da2261-1a00-0000-6dc0-2c26590e0000 pid=3673 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=d3da2261-1a00-0000-6dc0-2c26590e0000 pid=3673 clone guuid=7c21fb61-1a00-0000-6dc0-2c265d0e0000 pid=3677 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=7c21fb61-1a00-0000-6dc0-2c265d0e0000 pid=3677 execve guuid=34bb6e62-1a00-0000-6dc0-2c26600e0000 pid=3680 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=34bb6e62-1a00-0000-6dc0-2c26600e0000 pid=3680 execve guuid=b0446e66-1a00-0000-6dc0-2c266a0e0000 pid=3690 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=b0446e66-1a00-0000-6dc0-2c266a0e0000 pid=3690 execve guuid=e20a286b-1a00-0000-6dc0-2c267d0e0000 pid=3709 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=e20a286b-1a00-0000-6dc0-2c267d0e0000 pid=3709 execve guuid=a3c5666b-1a00-0000-6dc0-2c267f0e0000 pid=3711 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=a3c5666b-1a00-0000-6dc0-2c267f0e0000 pid=3711 clone guuid=6d31fd6b-1a00-0000-6dc0-2c26810e0000 pid=3713 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=6d31fd6b-1a00-0000-6dc0-2c26810e0000 pid=3713 execve guuid=86c64f6c-1a00-0000-6dc0-2c26820e0000 pid=3714 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=86c64f6c-1a00-0000-6dc0-2c26820e0000 pid=3714 execve guuid=72eea66f-1a00-0000-6dc0-2c268f0e0000 pid=3727 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=72eea66f-1a00-0000-6dc0-2c268f0e0000 pid=3727 execve guuid=24f1aa77-1a00-0000-6dc0-2c26920e0000 pid=3730 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=24f1aa77-1a00-0000-6dc0-2c26920e0000 pid=3730 execve guuid=84a92978-1a00-0000-6dc0-2c26940e0000 pid=3732 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=84a92978-1a00-0000-6dc0-2c26940e0000 pid=3732 clone guuid=68e03779-1a00-0000-6dc0-2c269b0e0000 pid=3739 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=68e03779-1a00-0000-6dc0-2c269b0e0000 pid=3739 execve guuid=446ab679-1a00-0000-6dc0-2c269d0e0000 pid=3741 /usr/bin/wget net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=446ab679-1a00-0000-6dc0-2c269d0e0000 pid=3741 execve guuid=5ff0bd7d-1a00-0000-6dc0-2c26a30e0000 pid=3747 /usr/bin/curl net send-data write-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=5ff0bd7d-1a00-0000-6dc0-2c26a30e0000 pid=3747 execve guuid=87da3e83-1a00-0000-6dc0-2c26a40e0000 pid=3748 /usr/bin/chmod guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=87da3e83-1a00-0000-6dc0-2c26a40e0000 pid=3748 execve guuid=9bf4d783-1a00-0000-6dc0-2c26a80e0000 pid=3752 /usr/bin/bash guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=9bf4d783-1a00-0000-6dc0-2c26a80e0000 pid=3752 clone guuid=3d1fc385-1a00-0000-6dc0-2c26b00e0000 pid=3760 /usr/bin/rm delete-file guuid=17eb544c-1900-0000-6dc0-2c26680c0000 pid=3176->guuid=3d1fc385-1a00-0000-6dc0-2c26b00e0000 pid=3760 execve d047be9e-0261-5db6-bcf1-f98b662bc156 196.251.87.245:80 guuid=7b457652-1900-0000-6dc0-2c26780c0000 pid=3192->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B guuid=1da18f57-1900-0000-6dc0-2c26850c0000 pid=3205->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=67935565-1900-0000-6dc0-2c26900c0000 pid=3216->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=abe46266-1900-0000-6dc0-2c26910c0000 pid=3217 /tmp/morte.x86 guuid=67935565-1900-0000-6dc0-2c26900c0000 pid=3216->guuid=abe46266-1900-0000-6dc0-2c26910c0000 pid=3217 clone guuid=e4687066-1900-0000-6dc0-2c26920c0000 pid=3218 /tmp/morte.x86 delete-file dns net send-data zombie guuid=67935565-1900-0000-6dc0-2c26900c0000 pid=3216->guuid=e4687066-1900-0000-6dc0-2c26920c0000 pid=3218 clone guuid=e4687066-1900-0000-6dc0-2c26920c0000 pid=3218->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 37B f2314dec-3f4f-5fb5-9b72-f7ca6bdedfc6 vip.jbvipnetwork.cc:12121 guuid=e4687066-1900-0000-6dc0-2c26920c0000 pid=3218->f2314dec-3f4f-5fb5-9b72-f7ca6bdedfc6 send: 15B guuid=163f8166-1900-0000-6dc0-2c26930c0000 pid=3219 /tmp/morte.x86 guuid=e4687066-1900-0000-6dc0-2c26920c0000 pid=3218->guuid=163f8166-1900-0000-6dc0-2c26930c0000 pid=3219 clone guuid=0c06e167-1900-0000-6dc0-2c26950c0000 pid=3221->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=958d0b6d-1900-0000-6dc0-2c26960c0000 pid=3222->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B 4067ea6f-c2a0-54b4-a483-2d9064a15430 vip.jbvipnetwork.cc:80 guuid=6d419f75-1900-0000-6dc0-2c26a20c0000 pid=3234->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 153B guuid=129b057a-1900-0000-6dc0-2c26ab0c0000 pid=3243->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 102B guuid=88d22483-1900-0000-6dc0-2c26b60c0000 pid=3254->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=63bc6986-1900-0000-6dc0-2c26bb0c0000 pid=3259->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=e781128d-1900-0000-6dc0-2c26cb0c0000 pid=3275->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=4d548491-1900-0000-6dc0-2c26d10c0000 pid=3281->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=7538de95-1900-0000-6dc0-2c26d60c0000 pid=3286->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=7538de95-1900-0000-6dc0-2c26d60c0000 pid=3286->f77ebf5e-2af7-5b09-86f4-388588a8b445 con guuid=1ef2320e-1a00-0000-6dc0-2c26930d0000 pid=3475->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 156B guuid=1accaf11-1a00-0000-6dc0-2c269d0d0000 pid=3485->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 105B guuid=64ec4116-1a00-0000-6dc0-2c26a80d0000 pid=3496->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e923b216-1a00-0000-6dc0-2c26a90d0000 pid=3497 /tmp/morte.x86_64 guuid=64ec4116-1a00-0000-6dc0-2c26a80d0000 pid=3496->guuid=e923b216-1a00-0000-6dc0-2c26a90d0000 pid=3497 clone guuid=df3fb616-1a00-0000-6dc0-2c26aa0d0000 pid=3498 /tmp/morte.x86_64 dns net send-data zombie guuid=64ec4116-1a00-0000-6dc0-2c26a80d0000 pid=3496->guuid=df3fb616-1a00-0000-6dc0-2c26aa0d0000 pid=3498 clone guuid=df3fb616-1a00-0000-6dc0-2c26aa0d0000 pid=3498->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 37B guuid=df3fb616-1a00-0000-6dc0-2c26aa0d0000 pid=3498->f2314dec-3f4f-5fb5-9b72-f7ca6bdedfc6 send: 22B guuid=5d90c016-1a00-0000-6dc0-2c26ab0d0000 pid=3499 /tmp/morte.x86_64 guuid=df3fb616-1a00-0000-6dc0-2c26aa0d0000 pid=3498->guuid=5d90c016-1a00-0000-6dc0-2c26ab0d0000 pid=3499 clone guuid=f9540c17-1a00-0000-6dc0-2c26ae0d0000 pid=3502->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=3b644c1a-1a00-0000-6dc0-2c26ba0d0000 pid=3514->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=657f5d24-1a00-0000-6dc0-2c26d00d0000 pid=3536->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 153B guuid=6bf77f27-1a00-0000-6dc0-2c26db0d0000 pid=3547->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 102B guuid=837e892f-1a00-0000-6dc0-2c26ec0d0000 pid=3564->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=5041aa32-1a00-0000-6dc0-2c26f70d0000 pid=3575->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=de186b3b-1a00-0000-6dc0-2c26030e0000 pid=3587->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=74b5dd3f-1a00-0000-6dc0-2c260c0e0000 pid=3596->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=5afc1e49-1a00-0000-6dc0-2c262b0e0000 pid=3627->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=064dd54c-1a00-0000-6dc0-2c26350e0000 pid=3637->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=17a7ce56-1a00-0000-6dc0-2c26460e0000 pid=3654->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 153B guuid=e8f2ad5a-1a00-0000-6dc0-2c264e0e0000 pid=3662->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 102B guuid=34bb6e62-1a00-0000-6dc0-2c26600e0000 pid=3680->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 153B guuid=b0446e66-1a00-0000-6dc0-2c266a0e0000 pid=3690->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 102B guuid=86c64f6c-1a00-0000-6dc0-2c26820e0000 pid=3714->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 154B guuid=72eea66f-1a00-0000-6dc0-2c268f0e0000 pid=3727->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 103B guuid=446ab679-1a00-0000-6dc0-2c269d0e0000 pid=3741->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 153B guuid=5ff0bd7d-1a00-0000-6dc0-2c26a30e0000 pid=3747->4067ea6f-c2a0-54b4-a483-2d9064a15430 send: 102B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d/
Verdict:
Malicious
Threat:
Linux.Downloader.Medusa
Link:
https://tip.neiki.dev/file/c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-02 05:05:30 UTC
File Type:
Text (Shell)
AV detection:
22 of 38 (57.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yuryrn7b43y3bygvx4vtfk522bynhfyg6ywuxk7qrv77pccvsq6q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250702-fqd63aep6x/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads process memory
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware Config
C2 Extraction:
vip.jbvipnetwork.cc
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c52388b7e1e6f1b0e0d5bf2b32abbad070d39706f62d4babf08d7ff78855943d

(this sample)

Mirai

elf c3fea6e9643828f73d14928459c64bce99876e8af7fc388dddff9a82d6b740e9

  
URLhaus
https://urlhaus.abuse.ch/url/3572371/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3571684/
  
URLhaus
https://urlhaus.abuse.ch/url/3571658/
  
Dropping
MD5 b3f72296fa98c5344f79aac70ad41eb2
  
Dropping
SHA256 c3fea6e9643828f73d14928459c64bce99876e8af7fc388dddff9a82d6b740e9
  
URLhaus
https://urlhaus.abuse.ch/url/3573027/
  
URLhaus
https://urlhaus.abuse.ch/url/3572957/
  
URLhaus
https://urlhaus.abuse.ch/url/3571655/
  
URLhaus
https://urlhaus.abuse.ch/url/3572995/
  
URLhaus
https://urlhaus.abuse.ch/url/3572921/

Comments