MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877
SHA3-384 hash: 144af8a737d733e8a11c5fcaca362a12b369ab15a800a42e0732f0d6914f2ca494bf3a507c6d4f2099128aecf1bdad9f
SHA1 hash: 213ca5445c334eaddb47ac383307ca8603ea2e92
MD5 hash: 50f0366b82c6d4e24afc6aff406c19fa
humanhash: fanta-nevada-item-spring
File name:cache
Download: download sample
Signature Mirai
Create hunting rule
File size:4'200 bytes
First seen:2026-02-20 16:17:38 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v+U1UH0lUmU8EUYU9UZUmUlU0UMU/UPUJn:v+U1UKUmU8EUYU9UZUmUlU0UMU/UPUJn
TLSH T1B48194C526434BE53E3D9A227BDFC619738845DB94803FD9F4DEF9A44E88DCA2C88152
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86cfd7b85428502260dd7e853e81aa617c2823b83fe903085a0b0434cd5baff1c5 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mipsc83f972587f815faa74299e76f8149e0fa3f3d55328273a3b122c99010503e2b Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl595cfd5764327df01acf613043b1d8453264d21fe3571747157a30ac88544142 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm8359ff7fbfba731c3b3f84a9ce113e0fc31a718ef72a4d928c2c9613b455fcdd Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5eee2b22e65b512db8b43163caf8c96f4a1c213a7a4b9d3b2d35d011d7db4c375 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm66dda009b89b5fc0915feb72f8a8675acca27844bad3c03af142155a4236fd1fb Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm706c784cb29bab2df6e066ce7df5141c5e2ddf498ad5cbf64ab82b40c0d242081 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc30cc071a6eefdc6fb7b4f043c24eafef2fb133af16a946aecae36c8b35a12a63 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68kf93a2a8830370b1a6243adf228bf50072327a1413009333b60939bf75142913f Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4441bef29f8af2939e88be02ff1af0aa95756bf2d7a32c82aac232bb41155dc20 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc157bb6eafe373a65d6a6c19462ebc3ba36f963e4e35effb2fa3cd4ffe2269051 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc91c6f6594cecb726eb5d3f2aa65ea31d98adcac7c840c573ded77e829f1fbe3f Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64627e9d530f65fefff8170b90535ed7529a79663df5264bbf9e956eeb4bb05b69 Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i6863acd558d10e218b1f1da771d28d21571b9f311e04a9aeb5adc9899777b2510cb Miraielf mirai ua-wget
http://180.93.52.81/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i48632869dbe85607a4a82bf57c7c8eec821f83986794bd9e6b1b1d83f8aae3903a2 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f75663be-29d4-4db0-acd6-9b51017cabb7
Behavior Graph:
Download SVG
%3 guuid=4d51f9a5-1800-0000-f4f7-8a78240d0000 pid=3364 /usr/bin/sudo guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368 /tmp/sample.bin guuid=4d51f9a5-1800-0000-f4f7-8a78240d0000 pid=3364->guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368 execve guuid=4bc988a8-1800-0000-f4f7-8a78290d0000 pid=3369 /usr/bin/wget net send-data write-file guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=4bc988a8-1800-0000-f4f7-8a78290d0000 pid=3369 execve guuid=ee2ad4f0-1800-0000-f4f7-8a78c40d0000 pid=3524 /usr/bin/curl net send-data write-file guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=ee2ad4f0-1800-0000-f4f7-8a78c40d0000 pid=3524 execve guuid=ceb7642d-1900-0000-f4f7-8a784b0e0000 pid=3659 /usr/bin/cat guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=ceb7642d-1900-0000-f4f7-8a784b0e0000 pid=3659 execve guuid=4759e02d-1900-0000-f4f7-8a784c0e0000 pid=3660 /usr/bin/chmod guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=4759e02d-1900-0000-f4f7-8a784c0e0000 pid=3660 execve guuid=385cd22e-1900-0000-f4f7-8a784d0e0000 pid=3661 /tmp/lovers net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=385cd22e-1900-0000-f4f7-8a784d0e0000 pid=3661 execve guuid=1808312f-1900-0000-f4f7-8a78500e0000 pid=3664 /usr/bin/wget net send-data write-file guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=1808312f-1900-0000-f4f7-8a78500e0000 pid=3664 execve guuid=ee1c2a7c-1900-0000-f4f7-8a78d90e0000 pid=3801 /usr/bin/curl net send-data write-file guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=ee1c2a7c-1900-0000-f4f7-8a78d90e0000 pid=3801 execve guuid=eddd72c3-1900-0000-f4f7-8a78e30f0000 pid=4067 /usr/bin/bash guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=eddd72c3-1900-0000-f4f7-8a78e30f0000 pid=4067 clone guuid=563a91c3-1900-0000-f4f7-8a78e40f0000 pid=4068 /usr/bin/chmod guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=563a91c3-1900-0000-f4f7-8a78e40f0000 pid=4068 execve guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070 /tmp/lovers net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070 execve guuid=9e21ee6b-1f00-0000-f4f7-8a789f140000 pid=5279 /usr/bin/wget net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=9e21ee6b-1f00-0000-f4f7-8a789f140000 pid=5279 execve guuid=12f9086d-1f00-0000-f4f7-8a78a4140000 pid=5284 /usr/bin/curl net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=12f9086d-1f00-0000-f4f7-8a78a4140000 pid=5284 execve guuid=159c936f-1f00-0000-f4f7-8a78a5140000 pid=5285 /usr/bin/bash guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=159c936f-1f00-0000-f4f7-8a78a5140000 pid=5285 clone guuid=9988af6f-1f00-0000-f4f7-8a78a6140000 pid=5286 /usr/bin/chmod guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=9988af6f-1f00-0000-f4f7-8a78a6140000 pid=5286 execve guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287 /tmp/lovers net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287 execve guuid=f91f1c17-2500-0000-f4f7-8a78ae140000 pid=5294 /usr/bin/wget net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=f91f1c17-2500-0000-f4f7-8a78ae140000 pid=5294 execve guuid=bddf9d18-2500-0000-f4f7-8a78af140000 pid=5295 /usr/bin/curl net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=bddf9d18-2500-0000-f4f7-8a78af140000 pid=5295 execve guuid=4cc2b61b-2500-0000-f4f7-8a78b0140000 pid=5296 /usr/bin/bash guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=4cc2b61b-2500-0000-f4f7-8a78b0140000 pid=5296 clone guuid=ae73d81b-2500-0000-f4f7-8a78b1140000 pid=5297 /usr/bin/chmod guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=ae73d81b-2500-0000-f4f7-8a78b1140000 pid=5297 execve guuid=67ea492c-2500-0000-f4f7-8a78b2140000 pid=5298 /tmp/lovers net guuid=57b8dfa7-1800-0000-f4f7-8a78280d0000 pid=3368->guuid=67ea492c-2500-0000-f4f7-8a78b2140000 pid=5298 execve 2e0e310a-0ce5-5fd3-aba6-01a2c70d1198 180.93.52.81:80 guuid=4bc988a8-1800-0000-f4f7-8a78290d0000 pid=3369->2e0e310a-0ce5-5fd3-aba6-01a2c70d1198 send: 176B guuid=ee2ad4f0-1800-0000-f4f7-8a78c40d0000 pid=3524->2e0e310a-0ce5-5fd3-aba6-01a2c70d1198 send: 125B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=385cd22e-1900-0000-f4f7-8a784d0e0000 pid=3661->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=83a6172f-1900-0000-f4f7-8a784e0e0000 pid=3662 /tmp/lovers guuid=385cd22e-1900-0000-f4f7-8a784d0e0000 pid=3661->guuid=83a6172f-1900-0000-f4f7-8a784e0e0000 pid=3662 clone guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663 /tmp/lovers dns net send-data zombie guuid=385cd22e-1900-0000-f4f7-8a784d0e0000 pid=3661->guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663 clone guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 76B 33c51d9b-af67-5638-a9aa-daf5a6ede2d2 cnc.mu-minhvuong.com:60195 guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->33c51d9b-af67-5638-a9aa-daf5a6ede2d2 con guuid=b0704a2f-1900-0000-f4f7-8a78510e0000 pid=3665 /tmp/lovers guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->guuid=b0704a2f-1900-0000-f4f7-8a78510e0000 pid=3665 clone guuid=eb3b532f-1900-0000-f4f7-8a78520e0000 pid=3666 /tmp/lovers guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->guuid=eb3b532f-1900-0000-f4f7-8a78520e0000 pid=3666 clone guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667 /tmp/lovers net net-scan send-data zombie guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667 clone guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668 /tmp/lovers net net-scan send-data zombie guuid=de7b1f2f-1900-0000-f4f7-8a784f0e0000 pid=3663->guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668 clone 6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 cnc.mu-minhvuong.com:80 guuid=1808312f-1900-0000-f4f7-8a78500e0000 pid=3664->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 send: 177B guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667|send-data send-data to 3040 IP addresses review logs to see them all guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667->guuid=691f582f-1900-0000-f4f7-8a78530e0000 pid=3667|send-data send guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668|send-data send-data to 4097 IP addresses review logs to see them all guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668->guuid=7b935b2f-1900-0000-f4f7-8a78540e0000 pid=3668|send-data send guuid=ee1c2a7c-1900-0000-f4f7-8a78d90e0000 pid=3801->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 send: 126B guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con b2d8e54b-c731-5e9d-91ce-9be6b900c2bd 0.0.0.0:63841 guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=5071dc6b-1f00-0000-f4f7-8a789d140000 pid=5277 /tmp/lovers guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070->guuid=5071dc6b-1f00-0000-f4f7-8a789d140000 pid=5277 clone guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278 /tmp/lovers net send-data zombie guuid=51bfe4c3-1900-0000-f4f7-8a78e60f0000 pid=4070->guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278 clone guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 76B guuid=7781ff6b-1f00-0000-f4f7-8a78a0140000 pid=5280 /tmp/lovers guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278->guuid=7781ff6b-1f00-0000-f4f7-8a78a0140000 pid=5280 clone guuid=a1ed126c-1f00-0000-f4f7-8a78a1140000 pid=5281 /tmp/lovers guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278->guuid=a1ed126c-1f00-0000-f4f7-8a78a1140000 pid=5281 clone guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282 /tmp/lovers net net-scan send-data zombie guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278->guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282 clone guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283 /tmp/lovers net net-scan send-data zombie guuid=9b8fe26b-1f00-0000-f4f7-8a789e140000 pid=5278->guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283 clone guuid=9e21ee6b-1f00-0000-f4f7-8a789f140000 pid=5279->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 con guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282|send-data send-data to 2720 IP addresses review logs to see them all guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282->guuid=a03e1e6c-1f00-0000-f4f7-8a78a2140000 pid=5282|send-data send guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283|send-data send-data to 4097 IP addresses review logs to see them all guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283->guuid=cd40306c-1f00-0000-f4f7-8a78a3140000 pid=5283|send-data send guuid=12f9086d-1f00-0000-f4f7-8a78a4140000 pid=5284->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 con guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=fc13f416-2500-0000-f4f7-8a78a8140000 pid=5288 /tmp/lovers guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287->guuid=fc13f416-2500-0000-f4f7-8a78a8140000 pid=5288 clone guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289 /tmp/lovers net send-data zombie guuid=df8df66f-1f00-0000-f4f7-8a78a7140000 pid=5287->guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289 clone guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 76B guuid=8c870c17-2500-0000-f4f7-8a78aa140000 pid=5290 /tmp/lovers guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289->guuid=8c870c17-2500-0000-f4f7-8a78aa140000 pid=5290 clone guuid=b8221317-2500-0000-f4f7-8a78ab140000 pid=5291 /tmp/lovers guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289->guuid=b8221317-2500-0000-f4f7-8a78ab140000 pid=5291 clone guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292 /tmp/lovers net net-scan send-data zombie guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289->guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292 clone guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293 /tmp/lovers net net-scan send-data zombie guuid=84cafc16-2500-0000-f4f7-8a78a9140000 pid=5289->guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293 clone guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292|send-data send-data to 2720 IP addresses review logs to see them all guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292->guuid=919c1717-2500-0000-f4f7-8a78ac140000 pid=5292|send-data send guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293|send-data send-data to 4096 IP addresses review logs to see them all guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293->guuid=acda1b17-2500-0000-f4f7-8a78ad140000 pid=5293|send-data send guuid=f91f1c17-2500-0000-f4f7-8a78ae140000 pid=5294->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 con guuid=bddf9d18-2500-0000-f4f7-8a78af140000 pid=5295->6a6543f6-9d27-5a6c-9be2-9f923ac74ce2 con guuid=67ea492c-2500-0000-f4f7-8a78b2140000 pid=5298->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=67ea492c-2500-0000-f4f7-8a78b2140000 pid=5298->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-20 16:18:41 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zrmg6ikxwevfievvihllpo63pvc66zvwpgmxvchc2beqjo4z7b3q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/260220-tscb5se16g/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (44001) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
cnc.mu-minhvuong.com
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/cc586f2157b1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cc586f2157b12a5412b541d6b7bbdb7d45ef66b679997a88e2d04904bb99f877

(this sample)

Mirai

elf cfd7b85428502260dd7e853e81aa617c2823b83fe903085a0b0434cd5baff1c5

  
URLhaus
https://urlhaus.abuse.ch/url/3781830/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3781928/
  
Dropping
MD5 4799f6b798bff4951d6eaa76bb424214
  
Dropping
SHA256 cfd7b85428502260dd7e853e81aa617c2823b83fe903085a0b0434cd5baff1c5

Comments