MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab
SHA3-384 hash: d6f4f742c19d079a313b285c656c981ac2babb80d422c9b1bf83f211fb3c85ef39f019a02f5b77aa9edaf799924dd6cd
SHA1 hash: cdb4c1ecd27975f614b14bbe5e90def4851db95d
MD5 hash: 599439b62f30d86aa926f981149b8a7c
humanhash: lima-winter-gee-batman
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'285 bytes
First seen:2025-06-24 22:09:23 UTC
Last seen:2025-06-25 11:00:09 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:vBxsfBYuBfBcuclfBA8A1bfBApAyqJ1fBAhuAhPHfBAnAQMfBGYfB9utfBAB3AL2:vaNOxdqn1bqyyyNq75/qAQq561Vg4Lve
TLSH T12C615EC83731832829B2DD73B5F5865862E6D2E380885E85E1A4B8F6854CF0DF49A6D3
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.117.162/20oel/k03ldc.x86n/an/an/a
http://196.251.117.162/20oel/k03ldc.mipsn/an/an/a
http://196.251.117.162/20oel/k03ldc.mpsln/an/an/a
http://196.251.117.162/20oel/k03ldc.armn/an/an/a
http://196.251.117.162/20oel/k03ldc.arm5n/an/an/a
http://196.251.117.162/20oel/k03ldc.arm6n/an/an/a
http://196.251.117.162/20oel/k03ldc.arm7n/an/an/a
http://196.251.117.162/20oel/k03ldc.ppcn/an/an/a
http://196.251.117.162/20oel/k03ldc.m68kn/an/an/a
http://196.251.117.162/20oel/k03ldc.sh4n/an/an/a
http://196.251.117.162/20oel/k03ldc.spcn/an/an/a
http://196.251.117.162/20oel/k03ldc.arcn/an/an/a
http://196.251.117.162/20oel/k03ldc.x86_64n/an/an/a
http://196.251.117.162/20oel/k03ldc.i686n/an/an/a
http://196.251.117.162/20oel/k03ldc.i486n/an/an/a

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685b2223b06783b9ebd71a5elinux22vpnfull_triage
Tags:
ransomware downloader agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/49d31aec-49b2-46ba-9b21-501866cf62ed
Behavior Graph:
Download SVG
%3 guuid=9734677b-1900-0000-c576-99ecde090000 pid=2526 /usr/bin/sudo guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532 /tmp/sample.bin guuid=9734677b-1900-0000-c576-99ecde090000 pid=2526->guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532 execve guuid=5e135f7d-1900-0000-c576-99ece7090000 pid=2535 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=5e135f7d-1900-0000-c576-99ece7090000 pid=2535 execve guuid=d6ecf786-1900-0000-c576-99ecfa090000 pid=2554 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=d6ecf786-1900-0000-c576-99ecfa090000 pid=2554 execve guuid=824f65ac-1900-0000-c576-99ec710a0000 pid=2673 /usr/bin/cat guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=824f65ac-1900-0000-c576-99ec710a0000 pid=2673 execve guuid=9b3aecac-1900-0000-c576-99ec740a0000 pid=2676 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=9b3aecac-1900-0000-c576-99ec740a0000 pid=2676 execve guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678 execve guuid=53d029dd-1a00-0000-c576-99eca80c0000 pid=3240 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=53d029dd-1a00-0000-c576-99eca80c0000 pid=3240 execve guuid=3c1ac41f-1b00-0000-c576-99ec070d0000 pid=3335 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=3c1ac41f-1b00-0000-c576-99ec070d0000 pid=3335 execve guuid=3a49c429-1b00-0000-c576-99ec1c0d0000 pid=3356 /usr/bin/bash guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=3a49c429-1b00-0000-c576-99ec1c0d0000 pid=3356 clone guuid=452a012a-1b00-0000-c576-99ec1e0d0000 pid=3358 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=452a012a-1b00-0000-c576-99ec1e0d0000 pid=3358 execve guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359 execve guuid=4f399bfe-1d00-0000-c576-99ec71140000 pid=5233 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=4f399bfe-1d00-0000-c576-99ec71140000 pid=5233 execve guuid=6540a205-1e00-0000-c576-99ec72140000 pid=5234 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=6540a205-1e00-0000-c576-99ec72140000 pid=5234 execve guuid=c41cbd0d-1e00-0000-c576-99ec7b140000 pid=5243 /usr/bin/bash guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=c41cbd0d-1e00-0000-c576-99ec7b140000 pid=5243 clone guuid=af9cf60d-1e00-0000-c576-99ec7c140000 pid=5244 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=af9cf60d-1e00-0000-c576-99ec7c140000 pid=5244 execve guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245 execve guuid=0521f3e7-2000-0000-c576-99eca8140000 pid=5288 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=0521f3e7-2000-0000-c576-99eca8140000 pid=5288 execve guuid=ab993def-2000-0000-c576-99ecaa140000 pid=5290 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=ab993def-2000-0000-c576-99ecaa140000 pid=5290 execve guuid=567ef9f5-2000-0000-c576-99ecab140000 pid=5291 /usr/bin/bash guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=567ef9f5-2000-0000-c576-99ecab140000 pid=5291 clone guuid=c37f2ef6-2000-0000-c576-99ecac140000 pid=5292 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=c37f2ef6-2000-0000-c576-99ecac140000 pid=5292 execve guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293 execve guuid=6527bfcd-2300-0000-c576-99ecb1140000 pid=5297 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=6527bfcd-2300-0000-c576-99ecb1140000 pid=5297 execve guuid=76524bd4-2300-0000-c576-99ecb3140000 pid=5299 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=76524bd4-2300-0000-c576-99ecb3140000 pid=5299 execve guuid=45c855db-2300-0000-c576-99ecb4140000 pid=5300 /usr/bin/bash guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=45c855db-2300-0000-c576-99ecb4140000 pid=5300 clone guuid=ff0a86db-2300-0000-c576-99ecb5140000 pid=5301 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=ff0a86db-2300-0000-c576-99ecb5140000 pid=5301 execve guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302 execve guuid=13cab9b1-2600-0000-c576-99ecb9140000 pid=5305 /usr/bin/wget net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=13cab9b1-2600-0000-c576-99ecb9140000 pid=5305 execve guuid=26f798b9-2600-0000-c576-99ecbc140000 pid=5308 /usr/bin/curl net send-data write-file guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=26f798b9-2600-0000-c576-99ecbc140000 pid=5308 execve guuid=ba8424c1-2600-0000-c576-99ecbd140000 pid=5309 /usr/bin/bash guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=ba8424c1-2600-0000-c576-99ecbd140000 pid=5309 clone guuid=cdd269c1-2600-0000-c576-99ecbe140000 pid=5310 /usr/bin/chmod guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=cdd269c1-2600-0000-c576-99ecbe140000 pid=5310 execve guuid=95090fc2-2600-0000-c576-99ecbf140000 pid=5311 /tmp/loudscream net guuid=19dd057d-1900-0000-c576-99ece4090000 pid=2532->guuid=95090fc2-2600-0000-c576-99ecbf140000 pid=5311 execve 0c3b1b7f-3118-5433-8db0-0c521669c849 196.251.117.162:80 guuid=5e135f7d-1900-0000-c576-99ece7090000 pid=2535->0c3b1b7f-3118-5433-8db0-0c521669c849 send: 146B guuid=d6ecf786-1900-0000-c576-99ecfa090000 pid=2554->0c3b1b7f-3118-5433-8db0-0c521669c849 send: 95B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con b2d8e54b-c731-5e9d-91ce-9be6b900c2bd 0.0.0.0:63841 guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=f72910dd-1a00-0000-c576-99eca60c0000 pid=3238 /tmp/loudscream guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678->guuid=f72910dd-1a00-0000-c576-99eca60c0000 pid=3238 clone guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239 /tmp/loudscream dns net send-data zombie guuid=430d78ad-1900-0000-c576-99ec760a0000 pid=2678->guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239 clone guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B 871c3b2d-a197-52ab-81a9-6231a2a71e8d jbvpshosti.com:60195 guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239->871c3b2d-a197-52ab-81a9-6231a2a71e8d send: 16B guuid=081f3bdd-1a00-0000-c576-99eca90c0000 pid=3241 /tmp/loudscream guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239->guuid=081f3bdd-1a00-0000-c576-99eca90c0000 pid=3241 clone guuid=cc8e40dd-1a00-0000-c576-99ecaa0c0000 pid=3242 /tmp/loudscream guuid=daaf14dd-1a00-0000-c576-99eca70c0000 pid=3239->guuid=cc8e40dd-1a00-0000-c576-99ecaa0c0000 pid=3242 clone 56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 jbvpshosti.com:80 guuid=53d029dd-1a00-0000-c576-99eca80c0000 pid=3240->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 147B guuid=3c1ac41f-1b00-0000-c576-99ec070d0000 pid=3335->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 96B guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=92e476fe-1d00-0000-c576-99ec6d140000 pid=5229 /tmp/loudscream guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359->guuid=92e476fe-1d00-0000-c576-99ec6d140000 pid=5229 clone guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230 /tmp/loudscream dns net send-data zombie guuid=7aa8522a-1b00-0000-c576-99ec1f0d0000 pid=3359->guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230 clone guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 256B guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230->871c3b2d-a197-52ab-81a9-6231a2a71e8d send: 128B guuid=1f7f95fe-1d00-0000-c576-99ec6f140000 pid=5231 /tmp/loudscream guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230->guuid=1f7f95fe-1d00-0000-c576-99ec6f140000 pid=5231 clone guuid=25bf9afe-1d00-0000-c576-99ec70140000 pid=5232 /tmp/loudscream guuid=ae6e80fe-1d00-0000-c576-99ec6e140000 pid=5230->guuid=25bf9afe-1d00-0000-c576-99ec70140000 pid=5232 clone guuid=4f399bfe-1d00-0000-c576-99ec71140000 pid=5233->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 147B guuid=6540a205-1e00-0000-c576-99ec72140000 pid=5234->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 96B guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=6f25cae7-2000-0000-c576-99eca5140000 pid=5285 /tmp/loudscream guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245->guuid=6f25cae7-2000-0000-c576-99eca5140000 pid=5285 clone guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286 /tmp/loudscream dns net send-data zombie guuid=5db97a0e-1e00-0000-c576-99ec7d140000 pid=5245->guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286 clone guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 64B guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286->871c3b2d-a197-52ab-81a9-6231a2a71e8d send: 32B guuid=e29debe7-2000-0000-c576-99eca7140000 pid=5287 /tmp/loudscream guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286->guuid=e29debe7-2000-0000-c576-99eca7140000 pid=5287 clone guuid=29f2f6e7-2000-0000-c576-99eca9140000 pid=5289 /tmp/loudscream guuid=6887d8e7-2000-0000-c576-99eca6140000 pid=5286->guuid=29f2f6e7-2000-0000-c576-99eca9140000 pid=5289 clone guuid=0521f3e7-2000-0000-c576-99eca8140000 pid=5288->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 146B guuid=ab993def-2000-0000-c576-99ecaa140000 pid=5290->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 95B guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=0adc99cd-2300-0000-c576-99ecae140000 pid=5294 /tmp/loudscream guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293->guuid=0adc99cd-2300-0000-c576-99ecae140000 pid=5294 clone guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295 /tmp/loudscream dns net send-data zombie guuid=298bb8f6-2000-0000-c576-99ecad140000 pid=5293->guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295 clone guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295->871c3b2d-a197-52ab-81a9-6231a2a71e8d send: 16B guuid=7541bccd-2300-0000-c576-99ecb0140000 pid=5296 /tmp/loudscream guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295->guuid=7541bccd-2300-0000-c576-99ecb0140000 pid=5296 clone guuid=8a3ac8cd-2300-0000-c576-99ecb2140000 pid=5298 /tmp/loudscream guuid=bb3fa4cd-2300-0000-c576-99ecaf140000 pid=5295->guuid=8a3ac8cd-2300-0000-c576-99ecb2140000 pid=5298 clone guuid=6527bfcd-2300-0000-c576-99ecb1140000 pid=5297->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 147B guuid=76524bd4-2300-0000-c576-99ecb3140000 pid=5299->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 96B guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con guuid=318792b1-2600-0000-c576-99ecb7140000 pid=5303 /tmp/loudscream guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302->guuid=318792b1-2600-0000-c576-99ecb7140000 pid=5303 clone guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304 /tmp/loudscream dns net send-data zombie guuid=c15e44dc-2300-0000-c576-99ecb6140000 pid=5302->guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304 clone guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 64B guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304->871c3b2d-a197-52ab-81a9-6231a2a71e8d send: 32B guuid=46d4bfb1-2600-0000-c576-99ecba140000 pid=5306 /tmp/loudscream guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304->guuid=46d4bfb1-2600-0000-c576-99ecba140000 pid=5306 clone guuid=97efc6b1-2600-0000-c576-99ecbb140000 pid=5307 /tmp/loudscream guuid=bfc4a2b1-2600-0000-c576-99ecb8140000 pid=5304->guuid=97efc6b1-2600-0000-c576-99ecbb140000 pid=5307 clone guuid=13cab9b1-2600-0000-c576-99ecb9140000 pid=5305->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 147B guuid=26f798b9-2600-0000-c576-99ecbc140000 pid=5308->56d2c9c1-1a90-5e50-a3f5-d00590bd5ef1 send: 96B guuid=95090fc2-2600-0000-c576-99ecbf140000 pid=5311->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=95090fc2-2600-0000-c576-99ecbf140000 pid=5311->b2d8e54b-c731-5e9d-91ce-9be6b900c2bd con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-06-24 17:27:25 UTC
File Type:
Text (Shell)
AV detection:
23 of 38 (60.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2h2ezsfrps3kgyxecdfocug3yegfqg2l7m2645q2gikloeegusvq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/250624-125hlszycy/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d1f44cc8b17c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mirai
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d1f44cc8b17cb6a362e410cae150dbc10c581b4bfb35ee761a3214b71086a4ab

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3569420/
  
Delivery method
Distributed via web download

Comments