MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5
SHA3-384 hash: d5b3f0eb3f64aba3685e9301d295942054eccadce725ccd65be9def8a9741549d4b7ce814bf107f11fb93e8d85ed6e80
SHA1 hash: 8103a6832aa1121c2edd9f9e9b0b4ef59752a485
MD5 hash: a487d239e1ce8e26dfe9508e664eb97d
humanhash: equal-missouri-six-juliet
File name:router.zyxel.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'361 bytes
First seen:2025-08-20 05:21:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:lI0fBzfOCfk0xzfAHb+iKYg2m4t/e3Jn4zgIiJZ1a:y05zmC8UzgbVXj/eSiNa
TLSH T174218D9E889D7101B0F9CB02B80397948F1EC5A7AD905F50A75DBC77CB8DC04F525A8A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.84.253/kitty.armv7l80e712507f9e79bfe2b455dc77350d5e4036946a0417225f6f4f3a2ff940d078 Miraielf mirai ua-wget
http://196.251.84.253/kitty.armv6lc1ea896950b50eb46534a8a3aba9c0b6ac50483717822a8bae8eb439b576e94c Miraielf mirai ua-wget
http://196.251.84.253/kitty.armv5l955ff456db1482947fcaa4a2ca57a372e0ea3ab9e92a2c6c34c1a97b85269b50 Miraielf mirai ua-wget
http://196.251.84.253/kitty.mipsn/an/aelf mirai ua-wget
http://196.251.84.253/kitty.mipselcb93ba4bdeca9b98b820e6a54f5ce7259c6dea673d8ee2b92e88d39f70efb8ea Miraielf mirai ua-wget
http://196.251.84.253/kitty.aarch641a930b4aa7c5f6e140466a8309037bf5def5614f7ed514bd9010868b8f51710b Tsunamielf mirai Tsunami ua-wget
http://196.251.84.253/kitty.i6861856f5b82ce74dec870cdc0532a1aafcbb952a73f73268283fee5829ca0843a4 Miraielf mirai ua-wget
http://196.251.84.253/kitty.i486dff8915b9e3eaddfd2383c1b061ab2a0a0272d351a7d9bb8147a2b62b9ed3048 Miraielf mirai ua-wget
http://196.251.84.253/kitty.x86_64n/an/aelf mirai ua-wget
http://196.251.84.253/kitty.powerpc30fcafea6ab423a85ade81a48e89cd23e195ed24c746ed908b68d897b2c88dbc Miraielf mirai ua-wget
http://196.251.84.253/kitty.powerpc641fa67e0be9dac19cd3a37a238f58eb1c0d160352d874bbfc423db7444c5b5ccb Miraielf mirai ua-wget
http://196.251.84.253/kitty.m68kbaf58c8b685e602fc75a3591005d3f9f2bfc5ea0ccce6bf54e542a29fe5cd048 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9f404b17-71c1-4516-b44b-6a5994b29cc9
Behavior Graph:
Download SVG
%3 guuid=2fa0c4ee-1b00-0000-6909-f7d02a0d0000 pid=3370 /usr/bin/sudo guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377 /tmp/sample.bin guuid=2fa0c4ee-1b00-0000-6909-f7d02a0d0000 pid=3370->guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377 execve guuid=476aaef1-1b00-0000-6909-f7d0330d0000 pid=3379 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=476aaef1-1b00-0000-6909-f7d0330d0000 pid=3379 execve guuid=58fa945a-1c00-0000-6909-f7d03a0e0000 pid=3642 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=58fa945a-1c00-0000-6909-f7d03a0e0000 pid=3642 execve guuid=6fdaf55a-1c00-0000-6909-f7d03b0e0000 pid=3643 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=6fdaf55a-1c00-0000-6909-f7d03b0e0000 pid=3643 clone guuid=f73bc55b-1c00-0000-6909-f7d0410e0000 pid=3649 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=f73bc55b-1c00-0000-6909-f7d0410e0000 pid=3649 execve guuid=1f58135c-1c00-0000-6909-f7d0430e0000 pid=3651 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=1f58135c-1c00-0000-6909-f7d0430e0000 pid=3651 execve guuid=b8c95a86-1c00-0000-6909-f7d0b10e0000 pid=3761 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=b8c95a86-1c00-0000-6909-f7d0b10e0000 pid=3761 execve guuid=a3d7a986-1c00-0000-6909-f7d0b30e0000 pid=3763 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=a3d7a986-1c00-0000-6909-f7d0b30e0000 pid=3763 clone guuid=d7f25b87-1c00-0000-6909-f7d0b60e0000 pid=3766 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=d7f25b87-1c00-0000-6909-f7d0b60e0000 pid=3766 execve guuid=1c18ae87-1c00-0000-6909-f7d0b80e0000 pid=3768 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=1c18ae87-1c00-0000-6909-f7d0b80e0000 pid=3768 execve guuid=5104759d-1c00-0000-6909-f7d0fb0e0000 pid=3835 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=5104759d-1c00-0000-6909-f7d0fb0e0000 pid=3835 execve guuid=5020d39d-1c00-0000-6909-f7d0fd0e0000 pid=3837 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=5020d39d-1c00-0000-6909-f7d0fd0e0000 pid=3837 clone guuid=e3c7c79e-1c00-0000-6909-f7d0010f0000 pid=3841 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=e3c7c79e-1c00-0000-6909-f7d0010f0000 pid=3841 execve guuid=ef6b2e9f-1c00-0000-6909-f7d0030f0000 pid=3843 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=ef6b2e9f-1c00-0000-6909-f7d0030f0000 pid=3843 execve guuid=ba5d2202-1d00-0000-6909-f7d0f90f0000 pid=4089 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=ba5d2202-1d00-0000-6909-f7d0f90f0000 pid=4089 execve guuid=c7c29402-1d00-0000-6909-f7d0fa0f0000 pid=4090 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=c7c29402-1d00-0000-6909-f7d0fa0f0000 pid=4090 clone guuid=d53f2203-1d00-0000-6909-f7d0fd0f0000 pid=4093 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=d53f2203-1d00-0000-6909-f7d0fd0f0000 pid=4093 execve guuid=bf916803-1d00-0000-6909-f7d0ff0f0000 pid=4095 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=bf916803-1d00-0000-6909-f7d0ff0f0000 pid=4095 execve guuid=ba63f440-1d00-0000-6909-f7d0d0100000 pid=4304 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=ba63f440-1d00-0000-6909-f7d0d0100000 pid=4304 execve guuid=89ac7541-1d00-0000-6909-f7d0d3100000 pid=4307 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=89ac7541-1d00-0000-6909-f7d0d3100000 pid=4307 clone guuid=22686542-1d00-0000-6909-f7d0d9100000 pid=4313 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=22686542-1d00-0000-6909-f7d0d9100000 pid=4313 execve guuid=3d5dda42-1d00-0000-6909-f7d0da100000 pid=4314 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=3d5dda42-1d00-0000-6909-f7d0da100000 pid=4314 execve guuid=6916f55d-1d00-0000-6909-f7d03e110000 pid=4414 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=6916f55d-1d00-0000-6909-f7d03e110000 pid=4414 execve guuid=9f2f5f5e-1d00-0000-6909-f7d041110000 pid=4417 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=9f2f5f5e-1d00-0000-6909-f7d041110000 pid=4417 clone guuid=6e79455f-1d00-0000-6909-f7d046110000 pid=4422 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=6e79455f-1d00-0000-6909-f7d046110000 pid=4422 execve guuid=8194945f-1d00-0000-6909-f7d047110000 pid=4423 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=8194945f-1d00-0000-6909-f7d047110000 pid=4423 execve guuid=6668de7b-1d00-0000-6909-f7d0af110000 pid=4527 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=6668de7b-1d00-0000-6909-f7d0af110000 pid=4527 execve guuid=73e6107c-1d00-0000-6909-f7d0b3110000 pid=4531 /tmp/kitty.i686 guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=73e6107c-1d00-0000-6909-f7d0b3110000 pid=4531 execve guuid=174b397c-1d00-0000-6909-f7d0b6110000 pid=4534 /usr/bin/rm guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=174b397c-1d00-0000-6909-f7d0b6110000 pid=4534 execve guuid=ff88d47c-1d00-0000-6909-f7d0b8110000 pid=4536 /usr/bin/wget guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=ff88d47c-1d00-0000-6909-f7d0b8110000 pid=4536 execve guuid=8d41f17c-1d00-0000-6909-f7d0b9110000 pid=4537 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=8d41f17c-1d00-0000-6909-f7d0b9110000 pid=4537 execve guuid=0b23467d-1d00-0000-6909-f7d0bc110000 pid=4540 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=0b23467d-1d00-0000-6909-f7d0bc110000 pid=4540 clone guuid=461a5b7d-1d00-0000-6909-f7d0bd110000 pid=4541 /usr/bin/rm guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=461a5b7d-1d00-0000-6909-f7d0bd110000 pid=4541 execve guuid=2b97a17d-1d00-0000-6909-f7d0be110000 pid=4542 /usr/bin/wget guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=2b97a17d-1d00-0000-6909-f7d0be110000 pid=4542 execve guuid=390bbb7d-1d00-0000-6909-f7d0bf110000 pid=4543 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=390bbb7d-1d00-0000-6909-f7d0bf110000 pid=4543 execve guuid=f74cdb7d-1d00-0000-6909-f7d0c0110000 pid=4544 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=f74cdb7d-1d00-0000-6909-f7d0c0110000 pid=4544 clone guuid=015ae67d-1d00-0000-6909-f7d0c1110000 pid=4545 /usr/bin/rm guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=015ae67d-1d00-0000-6909-f7d0c1110000 pid=4545 execve guuid=83db087e-1d00-0000-6909-f7d0c3110000 pid=4547 /usr/bin/wget guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=83db087e-1d00-0000-6909-f7d0c3110000 pid=4547 execve guuid=7978267e-1d00-0000-6909-f7d0c4110000 pid=4548 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=7978267e-1d00-0000-6909-f7d0c4110000 pid=4548 execve guuid=4cda6a7e-1d00-0000-6909-f7d0c6110000 pid=4550 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=4cda6a7e-1d00-0000-6909-f7d0c6110000 pid=4550 clone guuid=e1e5717e-1d00-0000-6909-f7d0c7110000 pid=4551 /usr/bin/rm guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=e1e5717e-1d00-0000-6909-f7d0c7110000 pid=4551 execve guuid=bedabe7e-1d00-0000-6909-f7d0c9110000 pid=4553 /usr/bin/wget guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=bedabe7e-1d00-0000-6909-f7d0c9110000 pid=4553 execve guuid=0106d37e-1d00-0000-6909-f7d0ca110000 pid=4554 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=0106d37e-1d00-0000-6909-f7d0ca110000 pid=4554 execve guuid=4874117f-1d00-0000-6909-f7d0cb110000 pid=4555 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=4874117f-1d00-0000-6909-f7d0cb110000 pid=4555 clone guuid=fd441a7f-1d00-0000-6909-f7d0cc110000 pid=4556 /usr/bin/rm guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=fd441a7f-1d00-0000-6909-f7d0cc110000 pid=4556 execve guuid=6e9e7c7f-1d00-0000-6909-f7d0cf110000 pid=4559 /usr/bin/wget net send-data write-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=6e9e7c7f-1d00-0000-6909-f7d0cf110000 pid=4559 execve guuid=f57ebce0-1d00-0000-6909-f7d008130000 pid=4872 /usr/bin/chmod guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=f57ebce0-1d00-0000-6909-f7d008130000 pid=4872 execve guuid=1bd4f6e0-1d00-0000-6909-f7d009130000 pid=4873 /usr/bin/dash guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=1bd4f6e0-1d00-0000-6909-f7d009130000 pid=4873 clone guuid=1364a6e1-1d00-0000-6909-f7d00b130000 pid=4875 /usr/bin/rm delete-file guuid=dc4363f1-1b00-0000-6909-f7d0310d0000 pid=3377->guuid=1364a6e1-1d00-0000-6909-f7d00b130000 pid=4875 execve c36a0b40-e761-5342-9869-7d0f3e9f67ae 196.251.84.253:80 guuid=476aaef1-1b00-0000-6909-f7d0330d0000 pid=3379->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 141B guuid=1f58135c-1c00-0000-6909-f7d0430e0000 pid=3651->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 141B guuid=1c18ae87-1c00-0000-6909-f7d0b80e0000 pid=3768->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 141B guuid=ef6b2e9f-1c00-0000-6909-f7d0030f0000 pid=3843->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 139B guuid=bf916803-1d00-0000-6909-f7d0ff0f0000 pid=4095->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 141B guuid=3d5dda42-1d00-0000-6909-f7d0da100000 pid=4314->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 142B guuid=8194945f-1d00-0000-6909-f7d047110000 pid=4423->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 139B guuid=f6642d7c-1d00-0000-6909-f7d0b4110000 pid=4532 /tmp/kitty.i686 guuid=73e6107c-1d00-0000-6909-f7d0b3110000 pid=4531->guuid=f6642d7c-1d00-0000-6909-f7d0b4110000 pid=4532 clone guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4533 /tmp/kitty.i686 delete-file net send-data zombie guuid=f6642d7c-1d00-0000-6909-f7d0b4110000 pid=4532->guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4533 clone eb9dca7b-d301-522e-83c7-8d6f291efc38 66.78.40.221:9080 guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4533->eb9dca7b-d301-522e-83c7-8d6f291efc38 send: 35B 74e4e219-c467-5008-a212-50a3f10516d3 114.114.115.115:53 guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4533->74e4e219-c467-5008-a212-50a3f10516d3 send: 40B guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4535 /tmp/kitty.i686 zombie guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4533->guuid=c655367c-1d00-0000-6909-f7d0b5110000 pid=4535 clone guuid=6e9e7c7f-1d00-0000-6909-f7d0cf110000 pid=4559->c36a0b40-e761-5342-9869-7d0f3e9f67ae send: 139B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-20 05:22:39 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zv6elngglhlurwy7s4zuborfgelawhuyoaclzg2aotxbvqdyyhkq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250820-f2s5cszrs9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh cd7c45b4c659d748db1f973340ba2531160b1e987004bc9b4074ee1ac078c1d5

(this sample)

Mirai

elf d2e3797d560655d10343c8749c8b5764fad4e198922fb2eeb926d0d118336086

  
URLhaus
https://urlhaus.abuse.ch/url/3607071/
  
Delivery method
Distributed via web download
  
Dropping
MD5 593cc3ec6c1723bf95f71fda5a440e84
  
Dropping
SHA256 d2e3797d560655d10343c8749c8b5764fad4e198922fb2eeb926d0d118336086

Comments