MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b
SHA3-384 hash: 2f0469babcbfd8270f229a701cd8363e195dba424bd6e23f2f47755f6ebfbfd81bda74cc1229138738e139a2ee50ca3e
SHA1 hash: b510b02e7fbfb6c953b63de921e8d7a318529992
MD5 hash: ab64edac67338f758b22f4c476faa38e
humanhash: virginia-nuts-william-carbon
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:835 bytes
First seen:2025-10-18 05:53:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3YzFYOyNI7NKKdH+XyQjMYT1CFlJYtY9JGry6R:SzFYOrNKgeXyQ4s0xx9J0y6
TLSH T16B01D6CEA6F1727356D48F78F0A7C65C946693C0359CCE16D8580879C4D9160622D6BD
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.60.218.192/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf geofenced m68k mirai ua-wget USA
http://72.60.218.192/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf geofenced mirai PowerPC ua-wget USA
http://72.60.218.192/systemcl/sh4n/an/an/a
http://72.60.218.192/systemcl/spcn/an/an/a
http://72.60.218.192/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86
http://72.60.218.192/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68f32c193a79800405e9b46b/reports/299694ab-35ba-4266-adbb-38343597e36a/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-18T03:09:00Z UTC
Last seen:
2025-10-18T05:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/91d59cc4-0c19-4948-b200-a3cf812f0069
Behavior Graph:
Download SVG
%3 guuid=8be29c9a-1b00-0000-3a13-286f90090000 pid=2448 /usr/bin/sudo guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454 /tmp/sample.bin guuid=8be29c9a-1b00-0000-3a13-286f90090000 pid=2448->guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454 execve guuid=6848f19c-1b00-0000-3a13-286f98090000 pid=2456 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=6848f19c-1b00-0000-3a13-286f98090000 pid=2456 execve guuid=809400be-1b00-0000-3a13-286fd2090000 pid=2514 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=809400be-1b00-0000-3a13-286fd2090000 pid=2514 execve guuid=786572be-1b00-0000-3a13-286fd4090000 pid=2516 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=786572be-1b00-0000-3a13-286fd4090000 pid=2516 clone guuid=afd079be-1b00-0000-3a13-286fd5090000 pid=2517 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=afd079be-1b00-0000-3a13-286fd5090000 pid=2517 execve guuid=944e05df-1b00-0000-3a13-286f000a0000 pid=2560 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=944e05df-1b00-0000-3a13-286f000a0000 pid=2560 execve guuid=d3c55bdf-1b00-0000-3a13-286f030a0000 pid=2563 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=d3c55bdf-1b00-0000-3a13-286f030a0000 pid=2563 clone guuid=ee586bdf-1b00-0000-3a13-286f040a0000 pid=2564 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=ee586bdf-1b00-0000-3a13-286f040a0000 pid=2564 execve guuid=56e04c02-1c00-0000-3a13-286f4d0a0000 pid=2637 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=56e04c02-1c00-0000-3a13-286f4d0a0000 pid=2637 execve guuid=a132cd02-1c00-0000-3a13-286f4f0a0000 pid=2639 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=a132cd02-1c00-0000-3a13-286f4f0a0000 pid=2639 clone guuid=d8efdf02-1c00-0000-3a13-286f500a0000 pid=2640 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=d8efdf02-1c00-0000-3a13-286f500a0000 pid=2640 execve guuid=8de98725-1c00-0000-3a13-286faf0a0000 pid=2735 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=8de98725-1c00-0000-3a13-286faf0a0000 pid=2735 execve guuid=2f8bc525-1c00-0000-3a13-286fb00a0000 pid=2736 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=2f8bc525-1c00-0000-3a13-286fb00a0000 pid=2736 clone guuid=1c72cf25-1c00-0000-3a13-286fb10a0000 pid=2737 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=1c72cf25-1c00-0000-3a13-286fb10a0000 pid=2737 execve guuid=3a531a47-1c00-0000-3a13-286f000b0000 pid=2816 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=3a531a47-1c00-0000-3a13-286f000b0000 pid=2816 execve guuid=4a4c7147-1c00-0000-3a13-286f020b0000 pid=2818 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=4a4c7147-1c00-0000-3a13-286f020b0000 pid=2818 clone guuid=09687a47-1c00-0000-3a13-286f030b0000 pid=2819 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=09687a47-1c00-0000-3a13-286f030b0000 pid=2819 execve guuid=f7a17668-1c00-0000-3a13-286f460b0000 pid=2886 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=f7a17668-1c00-0000-3a13-286f460b0000 pid=2886 execve guuid=e849c468-1c00-0000-3a13-286f480b0000 pid=2888 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=e849c468-1c00-0000-3a13-286f480b0000 pid=2888 clone guuid=adddd168-1c00-0000-3a13-286f490b0000 pid=2889 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=adddd168-1c00-0000-3a13-286f490b0000 pid=2889 execve guuid=7ac5228a-1c00-0000-3a13-286f9b0b0000 pid=2971 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=7ac5228a-1c00-0000-3a13-286f9b0b0000 pid=2971 execve guuid=7ced758a-1c00-0000-3a13-286f9d0b0000 pid=2973 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=7ced758a-1c00-0000-3a13-286f9d0b0000 pid=2973 clone guuid=76e47a8a-1c00-0000-3a13-286f9e0b0000 pid=2974 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=76e47a8a-1c00-0000-3a13-286f9e0b0000 pid=2974 execve guuid=34ea5ea4-1c00-0000-3a13-286fe30b0000 pid=3043 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=34ea5ea4-1c00-0000-3a13-286fe30b0000 pid=3043 execve guuid=6be5a5a4-1c00-0000-3a13-286fe50b0000 pid=3045 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=6be5a5a4-1c00-0000-3a13-286fe50b0000 pid=3045 clone guuid=153fb0a4-1c00-0000-3a13-286fe60b0000 pid=3046 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=153fb0a4-1c00-0000-3a13-286fe60b0000 pid=3046 execve guuid=9003f7b8-1c00-0000-3a13-286f210c0000 pid=3105 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=9003f7b8-1c00-0000-3a13-286f210c0000 pid=3105 execve guuid=acf03cb9-1c00-0000-3a13-286f220c0000 pid=3106 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=acf03cb9-1c00-0000-3a13-286f220c0000 pid=3106 clone guuid=127342b9-1c00-0000-3a13-286f240c0000 pid=3108 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=127342b9-1c00-0000-3a13-286f240c0000 pid=3108 execve guuid=6eb967ca-1c00-0000-3a13-286f530c0000 pid=3155 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=6eb967ca-1c00-0000-3a13-286f530c0000 pid=3155 execve guuid=4d68cdca-1c00-0000-3a13-286f550c0000 pid=3157 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=4d68cdca-1c00-0000-3a13-286f550c0000 pid=3157 clone guuid=ccc4dbca-1c00-0000-3a13-286f560c0000 pid=3158 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=ccc4dbca-1c00-0000-3a13-286f560c0000 pid=3158 execve guuid=f359abe4-1c00-0000-3a13-286f850c0000 pid=3205 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=f359abe4-1c00-0000-3a13-286f850c0000 pid=3205 execve guuid=9b5d48e5-1c00-0000-3a13-286f860c0000 pid=3206 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=9b5d48e5-1c00-0000-3a13-286f860c0000 pid=3206 clone guuid=90b45de5-1c00-0000-3a13-286f870c0000 pid=3207 /usr/bin/curl net send-data guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=90b45de5-1c00-0000-3a13-286f870c0000 pid=3207 execve guuid=55f76500-1d00-0000-3a13-286fac0c0000 pid=3244 /usr/bin/chmod guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=55f76500-1d00-0000-3a13-286fac0c0000 pid=3244 execve guuid=d468b600-1d00-0000-3a13-286fad0c0000 pid=3245 /usr/bin/dash guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=d468b600-1d00-0000-3a13-286fad0c0000 pid=3245 clone guuid=0544cc00-1d00-0000-3a13-286fae0c0000 pid=3246 /usr/bin/rm delete-file guuid=5d68a99c-1b00-0000-3a13-286f96090000 pid=2454->guuid=0544cc00-1d00-0000-3a13-286fae0c0000 pid=3246 execve 54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 72.60.218.192:80 guuid=6848f19c-1b00-0000-3a13-286f98090000 pid=2456->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=afd079be-1b00-0000-3a13-286fd5090000 pid=2517->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=ee586bdf-1b00-0000-3a13-286f040a0000 pid=2564->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=d8efdf02-1c00-0000-3a13-286f500a0000 pid=2640->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=1c72cf25-1c00-0000-3a13-286fb10a0000 pid=2737->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=09687a47-1c00-0000-3a13-286f030b0000 pid=2819->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=adddd168-1c00-0000-3a13-286f490b0000 pid=2889->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 90B guuid=76e47a8a-1c00-0000-3a13-286f9e0b0000 pid=2974->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=153fb0a4-1c00-0000-3a13-286fe60b0000 pid=3046->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=127342b9-1c00-0000-3a13-286f240c0000 pid=3108->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=ccc4dbca-1c00-0000-3a13-286f560c0000 pid=3158->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=90b45de5-1c00-0000-3a13-286f870c0000 pid=3207->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-18 05:59:30 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=22ab6ye4sr6k3vi55umgtbpdsjz6wesub3t4wclp7hjatl4rm4fq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-gm7jwadj3w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d6801f609c947cadd51ded186985e39273eb12540ee7cb096ff9d209af91670b

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3680664/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments