MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a
SHA3-384 hash: 54b63318334670eadf4eb4f7a18f74122af41a90e119b2ac435066b0950c4de4ff842ab9944698e1c007d926ee06943d
SHA1 hash: 11368da2ed11cd0e5280f65ff8fa4d239f54f59d
MD5 hash: a441bf7a252c6bda5a944e03a13aa3b3
humanhash: utah-sink-nebraska-cat
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:894 bytes
First seen:2025-08-19 18:04:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:/OgY6xNI7rBKb8+I/xjALTYklHFt86HH6jn:/OgY6srBUZI/xcfYQI6Haj
TLSH T19411DDCE776671661B44CE34716584889136ABC032901B9E6C9E0CB7D9D9A10F22EE6C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.24.65/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced m68k mirai ua-wget USA
http://31.97.24.65/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Miraielf geofenced mips mirai ua-wget USA
http://31.97.24.65/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mips mirai ua-wget USA
http://31.97.24.65/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.24.65/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai SuperH ua-wget USA
http://31.97.24.65/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai sparc ua-wget USA
http://31.97.24.65/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Miraielf geofenced mirai ua-wget USA x86
http://31.97.24.65/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraiarc elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68a4bcb6419c816a6e8c5c24/reports/b0e7ec61-9741-4736-b584-e73a90efb6fd/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b2967be7-1640-4e8c-baa3-e0f1451b7c2c
Behavior Graph:
Download SVG
%3 guuid=843aa6c6-1900-0000-10d3-a980b40f0000 pid=4020 /usr/bin/sudo guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027 /tmp/sample.bin guuid=843aa6c6-1900-0000-10d3-a980b40f0000 pid=4020->guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027 execve guuid=c20cc8c8-1900-0000-10d3-a980bc0f0000 pid=4028 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=c20cc8c8-1900-0000-10d3-a980bc0f0000 pid=4028 execve guuid=5fd21bf1-1900-0000-10d3-a9802b100000 pid=4139 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=5fd21bf1-1900-0000-10d3-a9802b100000 pid=4139 execve guuid=dfbeb5f1-1900-0000-10d3-a9802e100000 pid=4142 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=dfbeb5f1-1900-0000-10d3-a9802e100000 pid=4142 clone guuid=1b00bff3-1900-0000-10d3-a98035100000 pid=4149 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=1b00bff3-1900-0000-10d3-a98035100000 pid=4149 execve guuid=59b5bf1c-1a00-0000-10d3-a98095100000 pid=4245 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=59b5bf1c-1a00-0000-10d3-a98095100000 pid=4245 execve guuid=d97f6c1d-1a00-0000-10d3-a98099100000 pid=4249 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=d97f6c1d-1a00-0000-10d3-a98099100000 pid=4249 clone guuid=4b8dd61e-1a00-0000-10d3-a9809c100000 pid=4252 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=4b8dd61e-1a00-0000-10d3-a9809c100000 pid=4252 execve guuid=b42aba46-1a00-0000-10d3-a98003110000 pid=4355 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=b42aba46-1a00-0000-10d3-a98003110000 pid=4355 execve guuid=82202247-1a00-0000-10d3-a98005110000 pid=4357 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=82202247-1a00-0000-10d3-a98005110000 pid=4357 clone guuid=258ff847-1a00-0000-10d3-a9800a110000 pid=4362 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=258ff847-1a00-0000-10d3-a9800a110000 pid=4362 execve guuid=5310f07c-1a00-0000-10d3-a98099110000 pid=4505 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=5310f07c-1a00-0000-10d3-a98099110000 pid=4505 execve guuid=7b73487d-1a00-0000-10d3-a9809a110000 pid=4506 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=7b73487d-1a00-0000-10d3-a9809a110000 pid=4506 clone guuid=6b08367f-1a00-0000-10d3-a980a0110000 pid=4512 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=6b08367f-1a00-0000-10d3-a980a0110000 pid=4512 execve guuid=d2db78b4-1a00-0000-10d3-a9801c120000 pid=4636 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=d2db78b4-1a00-0000-10d3-a9801c120000 pid=4636 execve guuid=c3a0ecb4-1a00-0000-10d3-a9801e120000 pid=4638 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=c3a0ecb4-1a00-0000-10d3-a9801e120000 pid=4638 clone guuid=d6e1dab6-1a00-0000-10d3-a98022120000 pid=4642 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=d6e1dab6-1a00-0000-10d3-a98022120000 pid=4642 execve guuid=5f6a49ed-1a00-0000-10d3-a98072120000 pid=4722 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=5f6a49ed-1a00-0000-10d3-a98072120000 pid=4722 execve guuid=42db0fee-1a00-0000-10d3-a98074120000 pid=4724 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=42db0fee-1a00-0000-10d3-a98074120000 pid=4724 clone guuid=8f47ecf0-1a00-0000-10d3-a9807c120000 pid=4732 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=8f47ecf0-1a00-0000-10d3-a9807c120000 pid=4732 execve guuid=16000a22-1b00-0000-10d3-a980d2120000 pid=4818 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=16000a22-1b00-0000-10d3-a980d2120000 pid=4818 execve guuid=17697522-1b00-0000-10d3-a980d4120000 pid=4820 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=17697522-1b00-0000-10d3-a980d4120000 pid=4820 clone guuid=2f25d523-1b00-0000-10d3-a980d9120000 pid=4825 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=2f25d523-1b00-0000-10d3-a980d9120000 pid=4825 execve guuid=fbd0d54b-1b00-0000-10d3-a9802b130000 pid=4907 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=fbd0d54b-1b00-0000-10d3-a9802b130000 pid=4907 execve guuid=9ac73b4c-1b00-0000-10d3-a9802d130000 pid=4909 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=9ac73b4c-1b00-0000-10d3-a9802d130000 pid=4909 clone guuid=31d4174d-1b00-0000-10d3-a98031130000 pid=4913 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=31d4174d-1b00-0000-10d3-a98031130000 pid=4913 execve guuid=ee278c80-1b00-0000-10d3-a980a0130000 pid=5024 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=ee278c80-1b00-0000-10d3-a980a0130000 pid=5024 execve guuid=8ed6df80-1b00-0000-10d3-a980a1130000 pid=5025 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=8ed6df80-1b00-0000-10d3-a980a1130000 pid=5025 clone guuid=d32d0b82-1b00-0000-10d3-a980a6130000 pid=5030 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=d32d0b82-1b00-0000-10d3-a980a6130000 pid=5030 execve guuid=13625cb7-1b00-0000-10d3-a9800c140000 pid=5132 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=13625cb7-1b00-0000-10d3-a9800c140000 pid=5132 execve guuid=86b7c1b7-1b00-0000-10d3-a9800d140000 pid=5133 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=86b7c1b7-1b00-0000-10d3-a9800d140000 pid=5133 clone guuid=36eabeb8-1b00-0000-10d3-a9800f140000 pid=5135 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=36eabeb8-1b00-0000-10d3-a9800f140000 pid=5135 execve guuid=651c69de-1b00-0000-10d3-a9807a140000 pid=5242 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=651c69de-1b00-0000-10d3-a9807a140000 pid=5242 execve guuid=9b509ade-1b00-0000-10d3-a9807b140000 pid=5243 /home/sandbox/x86 net guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=9b509ade-1b00-0000-10d3-a9807b140000 pid=5243 execve guuid=fb126cf2-1b00-0000-10d3-a98093140000 pid=5267 /usr/bin/busybox net send-data write-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=fb126cf2-1b00-0000-10d3-a98093140000 pid=5267 execve guuid=6b479136-1c00-0000-10d3-a9809f140000 pid=5279 /usr/bin/chmod guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=6b479136-1c00-0000-10d3-a9809f140000 pid=5279 execve guuid=ea113e37-1c00-0000-10d3-a980a0140000 pid=5280 /usr/bin/dash guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=ea113e37-1c00-0000-10d3-a980a0140000 pid=5280 clone guuid=b59ceb38-1c00-0000-10d3-a980a2140000 pid=5282 /usr/bin/rm delete-file guuid=913586c8-1900-0000-10d3-a980bb0f0000 pid=4027->guuid=b59ceb38-1c00-0000-10d3-a980a2140000 pid=5282 execve 2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b 31.97.24.65:80 guuid=c20cc8c8-1900-0000-10d3-a980bc0f0000 pid=4028->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 86B guuid=1b00bff3-1900-0000-10d3-a98035100000 pid=4149->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=4b8dd61e-1a00-0000-10d3-a9809c100000 pid=4252->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=258ff847-1a00-0000-10d3-a9800a110000 pid=4362->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=6b08367f-1a00-0000-10d3-a980a0110000 pid=4512->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=d6e1dab6-1a00-0000-10d3-a98022120000 pid=4642->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=8f47ecf0-1a00-0000-10d3-a9807c120000 pid=4732->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 87B guuid=2f25d523-1b00-0000-10d3-a980d9120000 pid=4825->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 86B guuid=31d4174d-1b00-0000-10d3-a98031130000 pid=4913->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 86B guuid=d32d0b82-1b00-0000-10d3-a980a6130000 pid=5030->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 86B guuid=36eabeb8-1b00-0000-10d3-a9800f140000 pid=5135->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 86B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9b509ade-1b00-0000-10d3-a9807b140000 pid=5243->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=25fe4bf2-1b00-0000-10d3-a98091140000 pid=5265 /home/sandbox/x86 guuid=9b509ade-1b00-0000-10d3-a9807b140000 pid=5243->guuid=25fe4bf2-1b00-0000-10d3-a98091140000 pid=5265 clone guuid=a25254f2-1b00-0000-10d3-a98092140000 pid=5266 /home/sandbox/x86 net send-data zombie guuid=9b509ade-1b00-0000-10d3-a9807b140000 pid=5243->guuid=a25254f2-1b00-0000-10d3-a98092140000 pid=5266 clone guuid=a25254f2-1b00-0000-10d3-a98092140000 pid=5266->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b 87.121.84.220:61459 guuid=a25254f2-1b00-0000-10d3-a98092140000 pid=5266->dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b send: 43B guuid=fb126cf2-1b00-0000-10d3-a98093140000 pid=5267->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-08-19 18:04:34 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xc4gsdb64k7dmz63g7vy5feuckelrc4gl3ptyzwqgb4j7mv6ffa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250819-wnvzsswnw2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d5c5c34861f715f1b33ed9bf5c74a4a09445c45c32f6f9e3368183c4fd95f14a

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3606905/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3606908/
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments