MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f
SHA3-384 hash: fed46373c511cb188bdcdec2e79b3d7c5e52f2893e0ecd68a05420232eb9dfd4fbc5e97d32bb4f2c25c9f6a6772478cf
SHA1 hash: 5a03c2c69ee77d0919f9a6b1f4eab2e707110128
MD5 hash: 6eff23a1a4a478f22cda9957348a6a8f
humanhash: maine-mississippi-vegan-batman
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'180 bytes
First seen:2025-07-02 05:07:27 UTC
Last seen:2025-07-03 04:10:39 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3/pbnD6xQ/pbnDucArEQ/pbnDoNI+3BEAQ/pbnDxTKRiHQ/pbnDGNZIqQ/pbn6:3J3B/G4NI6qNKhWN+X5aO4luRlY3MSHR
TLSH T1B1217FFF03558027D51DCFD170698108E10580CBB8AC4BB1B7EE8EB56E84AC5AC41E76
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.87.245/00101010101001/morte.arm0e1c862fb7b3927bbf3f71b5c83949151be2dfedd584eb482c173ce2e851dd3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm5a67885abc3a05d82c9083e3df77c227e91f38aa242bc9988caf35b3a447ca596 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm661dfc5c73839259cb55254701e29c43307b89acaecf4c14b51be5d209ce80d5b Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm795d5407a92ac4b36ed3d0f10b3fb494fed6ae21491b9f5fce152b85b78fb2e12 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.m68k7c5e6035418ce9f52bdb00eaff5e23d3d7a41f7a75554249c6cf6e44ce34ae3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mipsa81cd95a99e545fa8df1f913d95d4609dcae0c7933e1b5012a728b9ea9f4e46c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mpslf4d2edf5cb22fd836842fb0c277395557f3a1329cc90c280cc12839c3e6fd72c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.ppc437732d5bde3a06c54a001342f0ad3735088bc10d3aaeb69d038520c3a00a9db Miraimirai opendir
http://196.251.87.245/00101010101001/morte.sh4e0fadfca7d4f0704722720c739c817d05fa639fdbb6edbd961d0083f73342c80 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.spcb98844c282ecfff203dabee396106d9726de54c4821bd35208239f7621d774b9 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.x864fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.x86_645f40e73a84e77e83a454da3ee487429836e3bdec4ceffc19d0d26c4901a911dd Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
12
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6864bec8900df8e7f8654f12linux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/6864becb7423ff017c3b317f/reports/21dca21b-b83f-4747-8aca-3de84e531da9/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/246cf935-3b8a-4fb1-93e0-a783b664533e
Behavior Graph:
Download SVG
%3 guuid=efc85ea2-1900-0000-a85b-2d595c090000 pid=2396 /usr/bin/sudo guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397 /tmp/sample.bin guuid=efc85ea2-1900-0000-a85b-2d595c090000 pid=2396->guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397 execve guuid=291f9ca5-1900-0000-a85b-2d595f090000 pid=2399 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=291f9ca5-1900-0000-a85b-2d595f090000 pid=2399 execve guuid=d75915ad-1900-0000-a85b-2d5969090000 pid=2409 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=d75915ad-1900-0000-a85b-2d5969090000 pid=2409 execve guuid=da2c5dad-1900-0000-a85b-2d596a090000 pid=2410 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=da2c5dad-1900-0000-a85b-2d596a090000 pid=2410 clone guuid=a46263ad-1900-0000-a85b-2d596b090000 pid=2411 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=a46263ad-1900-0000-a85b-2d596b090000 pid=2411 execve guuid=e1366cb1-1900-0000-a85b-2d5976090000 pid=2422 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=e1366cb1-1900-0000-a85b-2d5976090000 pid=2422 execve guuid=4b8bb5b1-1900-0000-a85b-2d5978090000 pid=2424 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=4b8bb5b1-1900-0000-a85b-2d5978090000 pid=2424 clone guuid=1149c6b1-1900-0000-a85b-2d5979090000 pid=2425 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=1149c6b1-1900-0000-a85b-2d5979090000 pid=2425 execve guuid=3af145b6-1900-0000-a85b-2d5982090000 pid=2434 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=3af145b6-1900-0000-a85b-2d5982090000 pid=2434 execve guuid=9aa195b6-1900-0000-a85b-2d5983090000 pid=2435 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=9aa195b6-1900-0000-a85b-2d5983090000 pid=2435 clone guuid=8952a6b6-1900-0000-a85b-2d5984090000 pid=2436 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=8952a6b6-1900-0000-a85b-2d5984090000 pid=2436 execve guuid=4b621dbd-1900-0000-a85b-2d5995090000 pid=2453 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=4b621dbd-1900-0000-a85b-2d5995090000 pid=2453 execve guuid=8fd966bd-1900-0000-a85b-2d5996090000 pid=2454 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=8fd966bd-1900-0000-a85b-2d5996090000 pid=2454 clone guuid=b4d875bd-1900-0000-a85b-2d5997090000 pid=2455 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=b4d875bd-1900-0000-a85b-2d5997090000 pid=2455 execve guuid=24dedac1-1900-0000-a85b-2d59a4090000 pid=2468 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=24dedac1-1900-0000-a85b-2d59a4090000 pid=2468 execve guuid=453c27c2-1900-0000-a85b-2d59a5090000 pid=2469 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=453c27c2-1900-0000-a85b-2d59a5090000 pid=2469 clone guuid=59993ec2-1900-0000-a85b-2d59a6090000 pid=2470 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=59993ec2-1900-0000-a85b-2d59a6090000 pid=2470 execve guuid=d523aac6-1900-0000-a85b-2d59b4090000 pid=2484 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=d523aac6-1900-0000-a85b-2d59b4090000 pid=2484 execve guuid=8453dfc6-1900-0000-a85b-2d59b6090000 pid=2486 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=8453dfc6-1900-0000-a85b-2d59b6090000 pid=2486 clone guuid=f635e4c6-1900-0000-a85b-2d59b7090000 pid=2487 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=f635e4c6-1900-0000-a85b-2d59b7090000 pid=2487 execve guuid=ec8b8dcb-1900-0000-a85b-2d59c4090000 pid=2500 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=ec8b8dcb-1900-0000-a85b-2d59c4090000 pid=2500 execve guuid=3c472fcc-1900-0000-a85b-2d59c5090000 pid=2501 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=3c472fcc-1900-0000-a85b-2d59c5090000 pid=2501 clone guuid=0c2e48cc-1900-0000-a85b-2d59c6090000 pid=2502 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=0c2e48cc-1900-0000-a85b-2d59c6090000 pid=2502 execve guuid=d3df71d0-1900-0000-a85b-2d59d3090000 pid=2515 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=d3df71d0-1900-0000-a85b-2d59d3090000 pid=2515 execve guuid=e194cfd0-1900-0000-a85b-2d59d4090000 pid=2516 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=e194cfd0-1900-0000-a85b-2d59d4090000 pid=2516 clone guuid=81a7e3d0-1900-0000-a85b-2d59d5090000 pid=2517 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=81a7e3d0-1900-0000-a85b-2d59d5090000 pid=2517 execve guuid=36e6d2d9-1900-0000-a85b-2d59e8090000 pid=2536 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=36e6d2d9-1900-0000-a85b-2d59e8090000 pid=2536 execve guuid=42f03eda-1900-0000-a85b-2d59ea090000 pid=2538 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=42f03eda-1900-0000-a85b-2d59ea090000 pid=2538 clone guuid=7a154ada-1900-0000-a85b-2d59eb090000 pid=2539 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=7a154ada-1900-0000-a85b-2d59eb090000 pid=2539 execve guuid=86b812df-1900-0000-a85b-2d59f9090000 pid=2553 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=86b812df-1900-0000-a85b-2d59f9090000 pid=2553 execve guuid=adf44edf-1900-0000-a85b-2d59fa090000 pid=2554 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=adf44edf-1900-0000-a85b-2d59fa090000 pid=2554 clone guuid=daa05bdf-1900-0000-a85b-2d59fc090000 pid=2556 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=daa05bdf-1900-0000-a85b-2d59fc090000 pid=2556 execve guuid=30f572e3-1900-0000-a85b-2d59080a0000 pid=2568 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=30f572e3-1900-0000-a85b-2d59080a0000 pid=2568 execve guuid=6da4d6e3-1900-0000-a85b-2d590a0a0000 pid=2570 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=6da4d6e3-1900-0000-a85b-2d590a0a0000 pid=2570 clone guuid=5171efe3-1900-0000-a85b-2d590b0a0000 pid=2571 /usr/bin/curl net send-data guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=5171efe3-1900-0000-a85b-2d590b0a0000 pid=2571 execve guuid=0592edea-1900-0000-a85b-2d591d0a0000 pid=2589 /usr/bin/chmod guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=0592edea-1900-0000-a85b-2d591d0a0000 pid=2589 execve guuid=499f46eb-1900-0000-a85b-2d591f0a0000 pid=2591 /usr/bin/dash guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=499f46eb-1900-0000-a85b-2d591f0a0000 pid=2591 clone guuid=1c4553eb-1900-0000-a85b-2d59200a0000 pid=2592 /usr/bin/rm delete-file guuid=f96b55a5-1900-0000-a85b-2d595d090000 pid=2397->guuid=1c4553eb-1900-0000-a85b-2d59200a0000 pid=2592 execve d047be9e-0261-5db6-bcf1-f98b662bc156 196.251.87.245:80 guuid=291f9ca5-1900-0000-a85b-2d595f090000 pid=2399->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B guuid=a46263ad-1900-0000-a85b-2d596b090000 pid=2411->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=1149c6b1-1900-0000-a85b-2d5979090000 pid=2425->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=8952a6b6-1900-0000-a85b-2d5984090000 pid=2436->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=b4d875bd-1900-0000-a85b-2d5997090000 pid=2455->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=59993ec2-1900-0000-a85b-2d59a6090000 pid=2470->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=f635e4c6-1900-0000-a85b-2d59b7090000 pid=2487->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 103B guuid=0c2e48cc-1900-0000-a85b-2d59c6090000 pid=2502->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B guuid=81a7e3d0-1900-0000-a85b-2d59d5090000 pid=2517->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B guuid=7a154ada-1900-0000-a85b-2d59eb090000 pid=2539->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B guuid=daa05bdf-1900-0000-a85b-2d59fc090000 pid=2556->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 102B guuid=5171efe3-1900-0000-a85b-2d590b0a0000 pid=2571->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 105B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-02 05:08:24 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=45wr4drdegnyead5m33u5icczxmicux7dupo34gnmn7x2inbif7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250702-fsp2casvcz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e76d1e0e23219b82007d66f74ea042cdd88152ff1d1eedf0cd637f7d21a1417f

(this sample)

Mirai

elf 7819f29ddb9555bd58cbc40c139d1e2432b078d9ca147cf753e785d42287fefb

Mirai

elf e283b3319bdd755a22c892ae2ab04fa5fa44c5fe5bf3d37c7a3ebd52e7533aa9

  
URLhaus
https://urlhaus.abuse.ch/url/3572943/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3572989/
  
Dropping
MD5 c20f573973a8a629057b42d64868a53b
  
Dropping
SHA256 e283b3319bdd755a22c892ae2ab04fa5fa44c5fe5bf3d37c7a3ebd52e7533aa9
  
URLhaus
https://urlhaus.abuse.ch/url/3571682/
  
URLhaus
https://urlhaus.abuse.ch/url/3571673/
  
URLhaus
https://urlhaus.abuse.ch/url/3572968/
  
URLhaus
https://urlhaus.abuse.ch/url/3571570/

Comments