MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Prometei


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736
SHA3-384 hash: 359a4e0b748c9e5f78b176e7ca421606b6106d2938211b5da52cfcb8d3ca789bc96b00391289ac597bd0d65dd5163e28
SHA1 hash: 696b9c6c865aa63cfb7520e99c01b3e3b55fc3af
MD5 hash: 8292bf1e7d19340782d66b3cacea8467
humanhash: robin-comet-uranus-georgia
File name:c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736
Download: download sample
Signature Prometei
Create hunting rule
File size:3'022 bytes
First seen:2026-06-08 19:26:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:yuxhu7NdoGBupThWDP9Vvup6oW8gIu15zuR5euwE4u7cEdoDupTAEWDP9cup6REg:dxchKXivm/G1ARzwEnAEJqEiliENUEDO
TLSH T1F55128CA73B112F52ECE6A7763242410BA89609254E23FD43CDDB4EDB38DD11AE925D3
Magika batch
Reporter c2hunter
Tags:Prometei sh wraith

Intelligence

File Origin
# of uploads :
1
# of downloads :
7
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2026-06-08T17:28:00Z UTC
Last seen:
2026-06-09T04:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8018ccc1-5f2c-41eb-b0ea-a2738bc6d5ef
Behavior Graph:
Download SVG
%3 guuid=92fe4863-1f00-0000-558d-01cc7c040000 pid=1148 /usr/bin/sudo guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154 /tmp/sample.bin guuid=92fe4863-1f00-0000-558d-01cc7c040000 pid=1148->guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154 execve guuid=a1497d65-1f00-0000-558d-01cc84040000 pid=1156 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=a1497d65-1f00-0000-558d-01cc84040000 pid=1156 execve guuid=f1d4b365-1f00-0000-558d-01cc86040000 pid=1158 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=f1d4b365-1f00-0000-558d-01cc86040000 pid=1158 clone guuid=71e9bf65-1f00-0000-558d-01cc87040000 pid=1159 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=71e9bf65-1f00-0000-558d-01cc87040000 pid=1159 execve guuid=21b84466-1f00-0000-558d-01cc8a040000 pid=1162 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=21b84466-1f00-0000-558d-01cc8a040000 pid=1162 execve guuid=19f17966-1f00-0000-558d-01cc8b040000 pid=1163 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=19f17966-1f00-0000-558d-01cc8b040000 pid=1163 clone guuid=763d8866-1f00-0000-558d-01cc8c040000 pid=1164 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=763d8866-1f00-0000-558d-01cc8c040000 pid=1164 execve guuid=d29fce66-1f00-0000-558d-01cc8e040000 pid=1166 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=d29fce66-1f00-0000-558d-01cc8e040000 pid=1166 execve guuid=e1b14f67-1f00-0000-558d-01cc8f040000 pid=1167 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=e1b14f67-1f00-0000-558d-01cc8f040000 pid=1167 clone guuid=0a605867-1f00-0000-558d-01cc91040000 pid=1169 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=0a605867-1f00-0000-558d-01cc91040000 pid=1169 execve guuid=d9f29167-1f00-0000-558d-01cc92040000 pid=1170 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=d9f29167-1f00-0000-558d-01cc92040000 pid=1170 execve guuid=5676cf67-1f00-0000-558d-01cc94040000 pid=1172 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=5676cf67-1f00-0000-558d-01cc94040000 pid=1172 clone guuid=c22ad967-1f00-0000-558d-01cc96040000 pid=1174 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=c22ad967-1f00-0000-558d-01cc96040000 pid=1174 execve guuid=f4e81368-1f00-0000-558d-01cc97040000 pid=1175 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=f4e81368-1f00-0000-558d-01cc97040000 pid=1175 execve guuid=c9135a68-1f00-0000-558d-01cc9a040000 pid=1178 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=c9135a68-1f00-0000-558d-01cc9a040000 pid=1178 clone guuid=bea35f68-1f00-0000-558d-01cc9b040000 pid=1179 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=bea35f68-1f00-0000-558d-01cc9b040000 pid=1179 execve guuid=4e819968-1f00-0000-558d-01cc9d040000 pid=1181 /usr/bin/chmod guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=4e819968-1f00-0000-558d-01cc9d040000 pid=1181 execve guuid=43c7cf68-1f00-0000-558d-01cc9e040000 pid=1182 /usr/bin/dash guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=43c7cf68-1f00-0000-558d-01cc9e040000 pid=1182 clone guuid=582be368-1f00-0000-558d-01cc9f040000 pid=1183 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=582be368-1f00-0000-558d-01cc9f040000 pid=1183 execve guuid=48522369-1f00-0000-558d-01cca1040000 pid=1185 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=48522369-1f00-0000-558d-01cca1040000 pid=1185 execve guuid=41832410-2000-0000-558d-01cc2d050000 pid=1325 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=41832410-2000-0000-558d-01cc2d050000 pid=1325 execve guuid=73b9fc3e-2000-0000-558d-01cc37050000 pid=1335 /tmp/usagiarm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=73b9fc3e-2000-0000-558d-01cc37050000 pid=1335 execve guuid=cc49c940-2000-0000-558d-01cc39050000 pid=1337 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=cc49c940-2000-0000-558d-01cc39050000 pid=1337 execve guuid=893d5a41-2000-0000-558d-01cc3a050000 pid=1338 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=893d5a41-2000-0000-558d-01cc3a050000 pid=1338 execve guuid=b86e78b1-2000-0000-558d-01cce3050000 pid=1507 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=b86e78b1-2000-0000-558d-01cce3050000 pid=1507 execve guuid=af17a5b1-2000-0000-558d-01cce4050000 pid=1508 /tmp/usagiarm64 guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=af17a5b1-2000-0000-558d-01cce4050000 pid=1508 execve guuid=e3c4c5b2-2000-0000-558d-01ccea050000 pid=1514 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=e3c4c5b2-2000-0000-558d-01ccea050000 pid=1514 execve guuid=c3de0ab3-2000-0000-558d-01ccec050000 pid=1516 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=c3de0ab3-2000-0000-558d-01ccec050000 pid=1516 execve guuid=67ba3c5f-2100-0000-558d-01cc60070000 pid=1888 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=67ba3c5f-2100-0000-558d-01cc60070000 pid=1888 execve guuid=cab46d5f-2100-0000-558d-01cc62070000 pid=1890 /tmp/usagimips guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=cab46d5f-2100-0000-558d-01cc62070000 pid=1890 execve guuid=b10d9760-2100-0000-558d-01cc65070000 pid=1893 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=b10d9760-2100-0000-558d-01cc65070000 pid=1893 execve guuid=67410261-2100-0000-558d-01cc67070000 pid=1895 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=67410261-2100-0000-558d-01cc67070000 pid=1895 execve guuid=e70f6d05-2200-0000-558d-01cc58080000 pid=2136 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=e70f6d05-2200-0000-558d-01cc58080000 pid=2136 execve guuid=0ef3fe05-2200-0000-558d-01cc59080000 pid=2137 /tmp/usagimipsel guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=0ef3fe05-2200-0000-558d-01cc59080000 pid=2137 execve guuid=8b2e2a07-2200-0000-558d-01cc5b080000 pid=2139 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=8b2e2a07-2200-0000-558d-01cc5b080000 pid=2139 execve guuid=85b07507-2200-0000-558d-01cc5c080000 pid=2140 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=85b07507-2200-0000-558d-01cc5c080000 pid=2140 execve guuid=10929d8f-2200-0000-558d-01cc20090000 pid=2336 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=10929d8f-2200-0000-558d-01cc20090000 pid=2336 execve guuid=6e0aec8f-2200-0000-558d-01cc22090000 pid=2338 /tmp/usagix86 guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=6e0aec8f-2200-0000-558d-01cc22090000 pid=2338 execve guuid=9a817d93-2200-0000-558d-01cc26090000 pid=2342 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=9a817d93-2200-0000-558d-01cc26090000 pid=2342 execve guuid=c8edd693-2200-0000-558d-01cc28090000 pid=2344 /usr/bin/busybox net send-data guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=c8edd693-2200-0000-558d-01cc28090000 pid=2344 execve guuid=afbcf201-2300-0000-558d-01ccdd090000 pid=2525 /usr/bin/busybox guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=afbcf201-2300-0000-558d-01ccdd090000 pid=2525 execve guuid=e6221902-2300-0000-558d-01ccde090000 pid=2526 /tmp/usagix64 guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=e6221902-2300-0000-558d-01ccde090000 pid=2526 execve guuid=e8ba9503-2300-0000-558d-01cce1090000 pid=2529 /usr/bin/rm guuid=2eff3665-1f00-0000-558d-01cc82040000 pid=1154->guuid=e8ba9503-2300-0000-558d-01cce1090000 pid=2529 execve 82e5c55d-ad1f-5499-900e-c947e1f85023 5.161.89.141:21 guuid=48522369-1f00-0000-558d-01cca1040000 pid=1185->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 122B d4cfbc98-3fef-554a-ab94-684a1cd245d1 5.161.89.141:50095 guuid=48522369-1f00-0000-558d-01cca1040000 pid=1185->d4cfbc98-3fef-554a-ab94-684a1cd245d1 con guuid=893d5a41-2000-0000-558d-01cc3a050000 pid=1338->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 126B 99121123-bff1-50a1-9388-af37b7c54a5f 5.161.89.141:50044 guuid=893d5a41-2000-0000-558d-01cc3a050000 pid=1338->99121123-bff1-50a1-9388-af37b7c54a5f con guuid=c3de0ab3-2000-0000-558d-01ccec050000 pid=1516->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 124B 0636e60c-a90c-5549-924d-44325d5b2848 5.161.89.141:50011 guuid=c3de0ab3-2000-0000-558d-01ccec050000 pid=1516->0636e60c-a90c-5549-924d-44325d5b2848 con guuid=67410261-2100-0000-558d-01cc67070000 pid=1895->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 128B dc5c9404-b2a2-5f9b-a291-13fbc7fb0eed 5.161.89.141:50018 guuid=67410261-2100-0000-558d-01cc67070000 pid=1895->dc5c9404-b2a2-5f9b-a291-13fbc7fb0eed con guuid=85b07507-2200-0000-558d-01cc5c080000 pid=2140->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 122B 950f015e-99d3-50f8-9d1a-6b89de77cf47 5.161.89.141:50043 guuid=85b07507-2200-0000-558d-01cc5c080000 pid=2140->950f015e-99d3-50f8-9d1a-6b89de77cf47 con guuid=c8edd693-2200-0000-558d-01cc28090000 pid=2344->82e5c55d-ad1f-5499-900e-c947e1f85023 send: 122B c821469a-d6f6-5b94-854b-bc21ea127506 5.161.89.141:50022 guuid=c8edd693-2200-0000-558d-01cc28090000 pid=2344->c821469a-d6f6-5b94-854b-bc21ea127506 con
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736
Gathering data
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-06-09 05:53:39 UTC
File Type:
Text (Shell)
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zb7q2t3htw6arme6wekv5h7rsga723ukgruphx656mq245rfs43a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c87f0d4f679dbc08b09eb1155e9ff19181fd6e8a3468f3dfddf321ae76259736

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
ftp://8a097cbd88b5404fba8011ea14eb92de:0xoumWOCxbyrFq6TDuWkTPTrTMfie2wI@5.161.89.141/myfirstbotnet.sh

Comments