MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9
SHA3-384 hash: 1e725360b1607f78bf8b116c25fe1b034ea11b2371164c027b75562d1b7c49c83161d5aaa673cb7a7488686bb46fb511
SHA1 hash: 5c6ee0e46e2e2b30230fc2412f6c35420593094c
MD5 hash: c7b748fb18bce665ba072138a0a1a05a
humanhash: lactose-video-sink-lion
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:706 bytes
First seen:2025-06-26 09:01:39 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3FuI5FbL4eC5FxNIl5K5Fif0LKcC5FSgOy5FV9C5Foa95FkSK5FFtM5FUM5FHN:3J30IbLlCxNI7KBKBSgzVEoa9kVFtMU8
TLSH T13D01F4DCA4B597E31608CE08F16F826C7406C8C0A2E08EF9EDD81939A8DCF00303576A
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.20.102.84/arm2a1784fe8e62a215af8edbf16a1be72eb97436e5b314014fc67c69e063f82628 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm5718c9d1905c62a6fed982fb0d52366417cc88c50482d924d8521c62c0cf01eba Miraicensys elf mirai ua-wget
http://103.20.102.84/arm6b78a40c5cfe60dac573574bc6d166596fe6053f24646bbf65468d8272bf82f90 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm7ed3f02939036caf9222d47af47e32a1cab1d8fb3e8614f0281f3e2bc768f444b Miraicensys DEU elf geofenced mirai ua-wget
http://103.20.102.84/m68ka1b3a375a2a86d3ca87efb0ad6821d48958b020ca2240440f091a67441d6ae0b Miraicensys elf mirai ua-wget
http://103.20.102.84/mips1696726d9e61fdb92483cd792fe78121f10e6f46489fce7e78f975cc132d10cf Miraicensys elf mirai ua-wget
http://103.20.102.84/mpsl04d9d3b365ade8ea025dc8e7bb3dc5624ea89185435263b00cb96d238cf76ba2 Miraicensys elf mirai ua-wget
http://103.20.102.84/ppc00d5063c4ed84d4fd055d039da489c07e0cd10f9f7c52332cd2b5695145ffe3b Miraicensys elf mirai ua-wget
http://103.20.102.84/sh480f711fa14fe135a23c1d31064d83545f41f3df1e0c8c88ec0442ec7b8eb9d34 Miraicensys elf mirai ua-wget
http://103.20.102.84/spcae7f4dd7ff7cc7f64216b92e26366797247a61e47e0524433284613304b14e78 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86ce6595654dcd1cf8e6802e0538b82d06a3c44ec488bcf9e3331bc74bad6ad017 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86_649e892c7701dabb3f4f898ecf9b49c764fa217d0510776a1c79f73034445905f6 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685d0ca832ed47a3a8d76967linux22vpnfull_triage
Tags:
trojan agent hype
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ec44bbd3-78ad-492b-9307-899d0682b7a6
Behavior Graph:
Download SVG
%3 guuid=69008147-1900-0000-b183-85f2c2110000 pid=4546 /usr/bin/sudo guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555 /tmp/sample.bin guuid=69008147-1900-0000-b183-85f2c2110000 pid=4546->guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555 execve guuid=399c5649-1900-0000-b183-85f2cf110000 pid=4559 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=399c5649-1900-0000-b183-85f2cf110000 pid=4559 execve guuid=7e7bfa90-1900-0000-b183-85f285120000 pid=4741 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=7e7bfa90-1900-0000-b183-85f285120000 pid=4741 execve guuid=0f9d4691-1900-0000-b183-85f287120000 pid=4743 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=0f9d4691-1900-0000-b183-85f287120000 pid=4743 clone guuid=c3784b91-1900-0000-b183-85f288120000 pid=4744 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=c3784b91-1900-0000-b183-85f288120000 pid=4744 execve guuid=d2b65cc1-1900-0000-b183-85f202130000 pid=4866 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=d2b65cc1-1900-0000-b183-85f202130000 pid=4866 execve guuid=cdac3fc2-1900-0000-b183-85f205130000 pid=4869 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=cdac3fc2-1900-0000-b183-85f205130000 pid=4869 clone guuid=cfe354c2-1900-0000-b183-85f206130000 pid=4870 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=cfe354c2-1900-0000-b183-85f206130000 pid=4870 execve guuid=06793808-1a00-0000-b183-85f2af130000 pid=5039 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=06793808-1a00-0000-b183-85f2af130000 pid=5039 execve guuid=03c99808-1a00-0000-b183-85f2b3130000 pid=5043 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=03c99808-1a00-0000-b183-85f2b3130000 pid=5043 clone guuid=7a02a308-1a00-0000-b183-85f2b4130000 pid=5044 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=7a02a308-1a00-0000-b183-85f2b4130000 pid=5044 execve guuid=a4580651-1a00-0000-b183-85f23c140000 pid=5180 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=a4580651-1a00-0000-b183-85f23c140000 pid=5180 execve guuid=23698d51-1a00-0000-b183-85f23e140000 pid=5182 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=23698d51-1a00-0000-b183-85f23e140000 pid=5182 clone guuid=8fb9a651-1a00-0000-b183-85f240140000 pid=5184 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=8fb9a651-1a00-0000-b183-85f240140000 pid=5184 execve guuid=40b6469a-1a00-0000-b183-85f275140000 pid=5237 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=40b6469a-1a00-0000-b183-85f275140000 pid=5237 execve guuid=3da28d9a-1a00-0000-b183-85f276140000 pid=5238 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=3da28d9a-1a00-0000-b183-85f276140000 pid=5238 clone guuid=f70e979a-1a00-0000-b183-85f277140000 pid=5239 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=f70e979a-1a00-0000-b183-85f277140000 pid=5239 execve guuid=4e7269df-1a00-0000-b183-85f278140000 pid=5240 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=4e7269df-1a00-0000-b183-85f278140000 pid=5240 execve guuid=1081cbdf-1a00-0000-b183-85f279140000 pid=5241 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=1081cbdf-1a00-0000-b183-85f279140000 pid=5241 clone guuid=d461dcdf-1a00-0000-b183-85f27a140000 pid=5242 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=d461dcdf-1a00-0000-b183-85f27a140000 pid=5242 execve guuid=1602512b-1b00-0000-b183-85f27b140000 pid=5243 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=1602512b-1b00-0000-b183-85f27b140000 pid=5243 execve guuid=12cba62b-1b00-0000-b183-85f27c140000 pid=5244 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=12cba62b-1b00-0000-b183-85f27c140000 pid=5244 clone guuid=b867c72b-1b00-0000-b183-85f27d140000 pid=5245 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=b867c72b-1b00-0000-b183-85f27d140000 pid=5245 execve guuid=da36a875-1b00-0000-b183-85f285140000 pid=5253 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=da36a875-1b00-0000-b183-85f285140000 pid=5253 execve guuid=c2ce2776-1b00-0000-b183-85f286140000 pid=5254 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=c2ce2776-1b00-0000-b183-85f286140000 pid=5254 clone guuid=36755476-1b00-0000-b183-85f287140000 pid=5255 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=36755476-1b00-0000-b183-85f287140000 pid=5255 execve guuid=aeddc2c8-1b00-0000-b183-85f288140000 pid=5256 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=aeddc2c8-1b00-0000-b183-85f288140000 pid=5256 execve guuid=dd8a0dcd-1b00-0000-b183-85f289140000 pid=5257 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=dd8a0dcd-1b00-0000-b183-85f289140000 pid=5257 clone guuid=18b730cd-1b00-0000-b183-85f28a140000 pid=5258 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=18b730cd-1b00-0000-b183-85f28a140000 pid=5258 execve guuid=ad7c1821-1c00-0000-b183-85f28b140000 pid=5259 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=ad7c1821-1c00-0000-b183-85f28b140000 pid=5259 execve guuid=15a95a21-1c00-0000-b183-85f28c140000 pid=5260 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=15a95a21-1c00-0000-b183-85f28c140000 pid=5260 clone guuid=446d6a21-1c00-0000-b183-85f28d140000 pid=5261 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=446d6a21-1c00-0000-b183-85f28d140000 pid=5261 execve guuid=f37d0167-1c00-0000-b183-85f28f140000 pid=5263 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=f37d0167-1c00-0000-b183-85f28f140000 pid=5263 execve guuid=cd4f7d67-1c00-0000-b183-85f290140000 pid=5264 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=cd4f7d67-1c00-0000-b183-85f290140000 pid=5264 clone guuid=382c9667-1c00-0000-b183-85f291140000 pid=5265 /usr/bin/curl net send-data guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=382c9667-1c00-0000-b183-85f291140000 pid=5265 execve guuid=32b313b2-1c00-0000-b183-85f29f140000 pid=5279 /usr/bin/chmod guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=32b313b2-1c00-0000-b183-85f29f140000 pid=5279 execve guuid=a63e6bb2-1c00-0000-b183-85f2a0140000 pid=5280 /usr/bin/dash guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=a63e6bb2-1c00-0000-b183-85f2a0140000 pid=5280 clone guuid=3d957eb2-1c00-0000-b183-85f2a1140000 pid=5281 /usr/bin/rm delete-file guuid=8dff2049-1900-0000-b183-85f2cb110000 pid=4555->guuid=3d957eb2-1c00-0000-b183-85f2a1140000 pid=5281 execve 3facbf0f-3b96-584f-8c0a-db279242f5a0 103.20.102.84:80 guuid=399c5649-1900-0000-b183-85f2cf110000 pid=4559->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=c3784b91-1900-0000-b183-85f288120000 pid=4744->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=cfe354c2-1900-0000-b183-85f206130000 pid=4870->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=7a02a308-1a00-0000-b183-85f2b4130000 pid=5044->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=8fb9a651-1a00-0000-b183-85f240140000 pid=5184->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=f70e979a-1a00-0000-b183-85f277140000 pid=5239->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=d461dcdf-1a00-0000-b183-85f27a140000 pid=5242->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=b867c72b-1b00-0000-b183-85f27d140000 pid=5245->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=36755476-1b00-0000-b183-85f287140000 pid=5255->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=18b730cd-1b00-0000-b183-85f28a140000 pid=5258->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=446d6a21-1c00-0000-b183-85f28d140000 pid=5261->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=382c9667-1c00-0000-b183-85f291140000 pid=5265->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 09:02:26 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4urjv6wtx2trtviimxkdvqh2qjuji35h3qdbippixdgen2vlhdmq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-kzm8jssqx8/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e5229afad3bea719d50865d43ac0fa8268946fa7dc06143de8b8cc46eaab38d9

(this sample)

Mirai

elf 93abb27fd30f1b19c4f9d64027b09ee3c5df52f9a189f3b628e9e70065ca863b

  
URLhaus
https://urlhaus.abuse.ch/url/3568987/
  
Delivery method
Distributed via web download
  
Dropping
MD5 0070331f92bd13796050fe3240c8028d
  
Dropping
SHA256 93abb27fd30f1b19c4f9d64027b09ee3c5df52f9a189f3b628e9e70065ca863b

Comments