MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4
SHA3-384 hash: a8e3106ea2e4a50f627e92ec6f73eaa174e5438ef66eddd1a98b4b628632dc3d62aa911078701bd52ff14c8c933b9d48
SHA1 hash: 2ef9af224859834b7afd77e70234d10c9fbdecf3
MD5 hash: ee01212ea80a062d6b2bf84d8d2efc56
humanhash: don-romeo-uncle-skylark
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'150 bytes
First seen:2026-01-04 13:27:43 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3nEE5OVEczLNIZEtcDEVKTNCEHq/EOB9METKP3E3eMEbEKP3eEzMgE19IdEkrx:dontQNQ/p2EedPX6Arx
TLSH T1192108CF10A8F9A6654CCF4470AA908979F4C6E5F5704913A964B8F394C820327B8FFB
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.28/Fantazy/Fantazy.armn/an/aelf ua-wget
http://130.12.180.28/Fantazy/Fantazy.arm59df7c2bebdee16b4907509ea8cdfc4128a8c2c0fb21156ed8105db2cf8f4ecf2 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.arm69c6625a0a04aee9ac1fe10d55edc2f0aa77f66593916a10cb8314ad29457edeb Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.arm748b94eff6e2031ce3fd8f0c605917b5a55b26a2d9e1800b9612758189e794631 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.m68k4b6f0caf42dc42e3f8f4e7adc9a93435cb27d604df131e19503be23fbc955826 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.mips9997ba3aad89be8f8371620b5b841eaa71da6f32368d84363bab6dd57303929c Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.mpsleeb8b37ab92777cbe5c49834cc044393207e0b745a0e2d0806b7da4e6292000b Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.ppc1f0a93ffbe48da5f9d8188060be1d5ce128fdc1545c2077a22bff830b19302cf Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.sh469a6fc590d0f527d1c6e04a9cf1c84eb52ca88de7867e8e8cf31b0b67d94eb70 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.spcd1d3129a68b9da3ed82981110c4d48721d47a176134b004e4e34544d1e2b1cd9 Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.x86ad613cf0f480c1c00f15379fc0df01af6d6c14309c9d0e452bd5e71ec6342c0f Miraielf mirai
http://130.12.180.28/Fantazy/Fantazy.x86_645443d764e399f0cd44ef17ea0940db73fc635045faa26f0ce8a4d8b3453b5988 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/695a6aee2fb7bb52ca86a1f1/reports/b155b6d8-f08a-4c7a-9b58-1677d2f8fb57/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-01-04T10:35:00Z UTC
Last seen:
2026-01-04T20:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e60ff5ab-1204-4888-bc5d-85b7a9700c63
Behavior Graph:
Download SVG
%3 guuid=de8ce36a-1900-0000-247c-770e6b140000 pid=5227 /usr/bin/sudo guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228 /tmp/sample.bin guuid=de8ce36a-1900-0000-247c-770e6b140000 pid=5227->guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228 execve guuid=0f13dd6c-1900-0000-247c-770e6d140000 pid=5229 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=0f13dd6c-1900-0000-247c-770e6d140000 pid=5229 execve guuid=0291fe73-1900-0000-247c-770e6e140000 pid=5230 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=0291fe73-1900-0000-247c-770e6e140000 pid=5230 execve guuid=f7ed4474-1900-0000-247c-770e6f140000 pid=5231 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=f7ed4474-1900-0000-247c-770e6f140000 pid=5231 clone guuid=bb255274-1900-0000-247c-770e70140000 pid=5232 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=bb255274-1900-0000-247c-770e70140000 pid=5232 execve guuid=3d4e8f79-1900-0000-247c-770e71140000 pid=5233 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=3d4e8f79-1900-0000-247c-770e71140000 pid=5233 execve guuid=2742cd79-1900-0000-247c-770e72140000 pid=5234 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=2742cd79-1900-0000-247c-770e72140000 pid=5234 clone guuid=fca1dc79-1900-0000-247c-770e73140000 pid=5235 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=fca1dc79-1900-0000-247c-770e73140000 pid=5235 execve guuid=0405657f-1900-0000-247c-770e74140000 pid=5236 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=0405657f-1900-0000-247c-770e74140000 pid=5236 execve guuid=33b8ae7f-1900-0000-247c-770e75140000 pid=5237 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=33b8ae7f-1900-0000-247c-770e75140000 pid=5237 clone guuid=804db97f-1900-0000-247c-770e76140000 pid=5238 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=804db97f-1900-0000-247c-770e76140000 pid=5238 execve guuid=94003886-1900-0000-247c-770e77140000 pid=5239 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=94003886-1900-0000-247c-770e77140000 pid=5239 execve guuid=5cced686-1900-0000-247c-770e78140000 pid=5240 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=5cced686-1900-0000-247c-770e78140000 pid=5240 clone guuid=a4d1eb86-1900-0000-247c-770e79140000 pid=5241 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=a4d1eb86-1900-0000-247c-770e79140000 pid=5241 execve guuid=33dbcf8d-1900-0000-247c-770e7b140000 pid=5243 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=33dbcf8d-1900-0000-247c-770e7b140000 pid=5243 execve guuid=c362458e-1900-0000-247c-770e7c140000 pid=5244 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=c362458e-1900-0000-247c-770e7c140000 pid=5244 clone guuid=c1875c8e-1900-0000-247c-770e7d140000 pid=5245 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=c1875c8e-1900-0000-247c-770e7d140000 pid=5245 execve guuid=4b8c7c94-1900-0000-247c-770e80140000 pid=5248 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=4b8c7c94-1900-0000-247c-770e80140000 pid=5248 execve guuid=ca7db994-1900-0000-247c-770e81140000 pid=5249 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=ca7db994-1900-0000-247c-770e81140000 pid=5249 clone guuid=bef5c594-1900-0000-247c-770e82140000 pid=5250 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=bef5c594-1900-0000-247c-770e82140000 pid=5250 execve guuid=a194a49a-1900-0000-247c-770e86140000 pid=5254 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=a194a49a-1900-0000-247c-770e86140000 pid=5254 execve guuid=ea05e29a-1900-0000-247c-770e87140000 pid=5255 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=ea05e29a-1900-0000-247c-770e87140000 pid=5255 clone guuid=e881f09a-1900-0000-247c-770e88140000 pid=5256 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=e881f09a-1900-0000-247c-770e88140000 pid=5256 execve guuid=f897f99f-1900-0000-247c-770e89140000 pid=5257 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=f897f99f-1900-0000-247c-770e89140000 pid=5257 execve guuid=6fec42a0-1900-0000-247c-770e8a140000 pid=5258 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=6fec42a0-1900-0000-247c-770e8a140000 pid=5258 clone guuid=4b1150a0-1900-0000-247c-770e8b140000 pid=5259 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=4b1150a0-1900-0000-247c-770e8b140000 pid=5259 execve guuid=52fd44a5-1900-0000-247c-770e8c140000 pid=5260 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=52fd44a5-1900-0000-247c-770e8c140000 pid=5260 execve guuid=448588a5-1900-0000-247c-770e8d140000 pid=5261 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=448588a5-1900-0000-247c-770e8d140000 pid=5261 clone guuid=10b497a5-1900-0000-247c-770e8e140000 pid=5262 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=10b497a5-1900-0000-247c-770e8e140000 pid=5262 execve guuid=d626b7aa-1900-0000-247c-770e8f140000 pid=5263 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=d626b7aa-1900-0000-247c-770e8f140000 pid=5263 execve guuid=bf0924ab-1900-0000-247c-770e90140000 pid=5264 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=bf0924ab-1900-0000-247c-770e90140000 pid=5264 clone guuid=b6c139ab-1900-0000-247c-770e91140000 pid=5265 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=b6c139ab-1900-0000-247c-770e91140000 pid=5265 execve guuid=99a96db0-1900-0000-247c-770e92140000 pid=5266 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=99a96db0-1900-0000-247c-770e92140000 pid=5266 execve guuid=c051dfb0-1900-0000-247c-770e93140000 pid=5267 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=c051dfb0-1900-0000-247c-770e93140000 pid=5267 clone guuid=b3c8efb0-1900-0000-247c-770e94140000 pid=5268 /usr/bin/curl net send-data guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=b3c8efb0-1900-0000-247c-770e94140000 pid=5268 execve guuid=7563f5b5-1900-0000-247c-770e95140000 pid=5269 /usr/bin/chmod guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=7563f5b5-1900-0000-247c-770e95140000 pid=5269 execve guuid=f1be37b6-1900-0000-247c-770e97140000 pid=5271 /usr/bin/dash guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=f1be37b6-1900-0000-247c-770e97140000 pid=5271 clone guuid=172845b6-1900-0000-247c-770e98140000 pid=5272 /usr/bin/rm delete-file guuid=a2b99b6c-1900-0000-247c-770e6c140000 pid=5228->guuid=172845b6-1900-0000-247c-770e98140000 pid=5272 execve b6a64ba0-71d1-5d3d-a9f9-c19471e8250a 130.12.180.28:80 guuid=0f13dd6c-1900-0000-247c-770e6d140000 pid=5229->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 96B guuid=bb255274-1900-0000-247c-770e70140000 pid=5232->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=fca1dc79-1900-0000-247c-770e73140000 pid=5235->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=804db97f-1900-0000-247c-770e76140000 pid=5238->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=a4d1eb86-1900-0000-247c-770e79140000 pid=5241->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=c1875c8e-1900-0000-247c-770e7d140000 pid=5245->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=bef5c594-1900-0000-247c-770e82140000 pid=5250->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 97B guuid=e881f09a-1900-0000-247c-770e88140000 pid=5256->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 96B guuid=4b1150a0-1900-0000-247c-770e8b140000 pid=5259->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 96B guuid=10b497a5-1900-0000-247c-770e8e140000 pid=5262->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 96B guuid=b6c139ab-1900-0000-247c-770e91140000 pid=5265->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 96B guuid=b3c8efb0-1900-0000-247c-770e94140000 pid=5268->b6a64ba0-71d1-5d3d-a9f9-c19471e8250a send: 99B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2026-01-04 13:28:16 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4iv6iaq7wi6iv3e364rikwmgis2a3xv5vrst5senpxqwazlkkdsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260106-jdhv9sev5h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e22be4021fb23c8aec9bf72285598644b40ddebdac653ec88d7de160656a50e4

(this sample)

Mirai

elf 65f3fa56f6f5ae96f2367fe09c904019d58f72a23cfb5409322e544765da18ff

  
URLhaus
https://urlhaus.abuse.ch/url/3746072/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a25a245896cc9c365e0f4db5473aa6e7
  
Dropping
SHA256 65f3fa56f6f5ae96f2367fe09c904019d58f72a23cfb5409322e544765da18ff

Comments