MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237
SHA3-384 hash: 5a9cc98c17e14c831a4d2a2cd5119c0c0c88acbd3185a40a2d361d55c7b07c0039df81b248b96fe1423e1c2a4a253a08
SHA1 hash: fd3875cadae87a516b74e4b1ab21dbb77113f4e2
MD5 hash: a5512ddbc3144efabf33bf607625c977
humanhash: violet-kilo-nineteen-lima
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:942 bytes
First seen:2025-08-15 21:27:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:c0R0GYz0HNI740vKI02+Ic0zjN0tTV0yl007tp0U00Vz09n:LKGYomfvKLILzSpGEkUTm9
TLSH T1141198DDBB7068A5C949CF21A063840C80249DE175544F5E5DED0CFAEDEAF11727AE2C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://138.201.154.194/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraielf geofenced mirai opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/689fa682abfbaec31823bdda/reports/7aef4f06-c2fc-4ba6-abdf-43435d2e6bb9/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/72c156a9-8f48-42af-a239-11848c78e7e4
Behavior Graph:
Download SVG
%3 guuid=4d9cd9e2-2300-0000-81a3-82426f0c0000 pid=3183 /usr/bin/sudo guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184 /tmp/sample.bin guuid=4d9cd9e2-2300-0000-81a3-82426f0c0000 pid=3183->guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184 execve guuid=871bade5-2300-0000-81a3-8242710c0000 pid=3185 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=871bade5-2300-0000-81a3-8242710c0000 pid=3185 execve guuid=fd6c13eb-2300-0000-81a3-8242720c0000 pid=3186 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=fd6c13eb-2300-0000-81a3-8242720c0000 pid=3186 execve guuid=8b88d8eb-2300-0000-81a3-8242730c0000 pid=3187 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=8b88d8eb-2300-0000-81a3-8242730c0000 pid=3187 clone guuid=c85dffed-2300-0000-81a3-8242750c0000 pid=3189 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=c85dffed-2300-0000-81a3-8242750c0000 pid=3189 execve guuid=d2438ff2-2300-0000-81a3-8242770c0000 pid=3191 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=d2438ff2-2300-0000-81a3-8242770c0000 pid=3191 execve guuid=79a6dff2-2300-0000-81a3-8242780c0000 pid=3192 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=79a6dff2-2300-0000-81a3-8242780c0000 pid=3192 clone guuid=6c66c8f3-2300-0000-81a3-82427a0c0000 pid=3194 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=6c66c8f3-2300-0000-81a3-82427a0c0000 pid=3194 execve guuid=6a4052f8-2300-0000-81a3-8242840c0000 pid=3204 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=6a4052f8-2300-0000-81a3-8242840c0000 pid=3204 execve guuid=38fcc6f8-2300-0000-81a3-8242850c0000 pid=3205 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=38fcc6f8-2300-0000-81a3-8242850c0000 pid=3205 clone guuid=5089d0f9-2300-0000-81a3-82428b0c0000 pid=3211 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=5089d0f9-2300-0000-81a3-82428b0c0000 pid=3211 execve guuid=df8d92ff-2300-0000-81a3-8242970c0000 pid=3223 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=df8d92ff-2300-0000-81a3-8242970c0000 pid=3223 execve guuid=4b89cfff-2300-0000-81a3-8242980c0000 pid=3224 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=4b89cfff-2300-0000-81a3-8242980c0000 pid=3224 clone guuid=d01b9e00-2400-0000-81a3-82429a0c0000 pid=3226 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=d01b9e00-2400-0000-81a3-82429a0c0000 pid=3226 execve guuid=0da16106-2400-0000-81a3-8242a60c0000 pid=3238 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=0da16106-2400-0000-81a3-8242a60c0000 pid=3238 execve guuid=3c2cb306-2400-0000-81a3-8242a70c0000 pid=3239 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=3c2cb306-2400-0000-81a3-8242a70c0000 pid=3239 clone guuid=84579007-2400-0000-81a3-8242a90c0000 pid=3241 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=84579007-2400-0000-81a3-8242a90c0000 pid=3241 execve guuid=ec92160c-2400-0000-81a3-8242aa0c0000 pid=3242 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=ec92160c-2400-0000-81a3-8242aa0c0000 pid=3242 execve guuid=91968f0c-2400-0000-81a3-8242ab0c0000 pid=3243 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=91968f0c-2400-0000-81a3-8242ab0c0000 pid=3243 clone guuid=2b02eb0d-2400-0000-81a3-8242ad0c0000 pid=3245 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=2b02eb0d-2400-0000-81a3-8242ad0c0000 pid=3245 execve guuid=0ca0f413-2400-0000-81a3-8242ae0c0000 pid=3246 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=0ca0f413-2400-0000-81a3-8242ae0c0000 pid=3246 execve guuid=43998214-2400-0000-81a3-8242af0c0000 pid=3247 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=43998214-2400-0000-81a3-8242af0c0000 pid=3247 clone guuid=b0316915-2400-0000-81a3-8242b10c0000 pid=3249 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=b0316915-2400-0000-81a3-8242b10c0000 pid=3249 execve guuid=8b962d1a-2400-0000-81a3-8242b30c0000 pid=3251 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=8b962d1a-2400-0000-81a3-8242b30c0000 pid=3251 execve guuid=4177a21a-2400-0000-81a3-8242b40c0000 pid=3252 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=4177a21a-2400-0000-81a3-8242b40c0000 pid=3252 clone guuid=06a4a71b-2400-0000-81a3-8242b90c0000 pid=3257 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=06a4a71b-2400-0000-81a3-8242b90c0000 pid=3257 execve guuid=384d5c21-2400-0000-81a3-8242c50c0000 pid=3269 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=384d5c21-2400-0000-81a3-8242c50c0000 pid=3269 execve guuid=982cd921-2400-0000-81a3-8242c60c0000 pid=3270 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=982cd921-2400-0000-81a3-8242c60c0000 pid=3270 clone guuid=ce6f8923-2400-0000-81a3-8242cb0c0000 pid=3275 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=ce6f8923-2400-0000-81a3-8242cb0c0000 pid=3275 execve guuid=dab56729-2400-0000-81a3-8242cf0c0000 pid=3279 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=dab56729-2400-0000-81a3-8242cf0c0000 pid=3279 execve guuid=4bc0cf29-2400-0000-81a3-8242d00c0000 pid=3280 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=4bc0cf29-2400-0000-81a3-8242d00c0000 pid=3280 clone guuid=fb0ea12a-2400-0000-81a3-8242d20c0000 pid=3282 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=fb0ea12a-2400-0000-81a3-8242d20c0000 pid=3282 execve guuid=0e48222f-2400-0000-81a3-8242da0c0000 pid=3290 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=0e48222f-2400-0000-81a3-8242da0c0000 pid=3290 execve guuid=bd515c2f-2400-0000-81a3-8242dc0c0000 pid=3292 /home/sandbox/x86 net guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=bd515c2f-2400-0000-81a3-8242dc0c0000 pid=3292 execve guuid=10975240-2400-0000-81a3-8242f00c0000 pid=3312 /usr/bin/busybox net send-data write-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=10975240-2400-0000-81a3-8242f00c0000 pid=3312 execve guuid=fc8cfc47-2400-0000-81a3-8242010d0000 pid=3329 /usr/bin/chmod guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=fc8cfc47-2400-0000-81a3-8242010d0000 pid=3329 execve guuid=a7e63748-2400-0000-81a3-8242030d0000 pid=3331 /usr/bin/dash guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=a7e63748-2400-0000-81a3-8242030d0000 pid=3331 clone guuid=16edf348-2400-0000-81a3-8242070d0000 pid=3335 /usr/bin/rm delete-file guuid=521263e5-2300-0000-81a3-8242700c0000 pid=3184->guuid=16edf348-2400-0000-81a3-8242070d0000 pid=3335 execve 0d8bcf72-e418-554e-aa94-b31d69d8ccca 138.201.154.194:80 guuid=871bade5-2300-0000-81a3-8242710c0000 pid=3185->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 90B guuid=c85dffed-2300-0000-81a3-8242750c0000 pid=3189->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=6c66c8f3-2300-0000-81a3-82427a0c0000 pid=3194->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=5089d0f9-2300-0000-81a3-82428b0c0000 pid=3211->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=d01b9e00-2400-0000-81a3-82429a0c0000 pid=3226->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=84579007-2400-0000-81a3-8242a90c0000 pid=3241->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=2b02eb0d-2400-0000-81a3-8242ad0c0000 pid=3245->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 91B guuid=b0316915-2400-0000-81a3-8242b10c0000 pid=3249->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 90B guuid=06a4a71b-2400-0000-81a3-8242b90c0000 pid=3257->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 90B guuid=ce6f8923-2400-0000-81a3-8242cb0c0000 pid=3275->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 90B guuid=fb0ea12a-2400-0000-81a3-8242d20c0000 pid=3282->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 90B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=bd515c2f-2400-0000-81a3-8242dc0c0000 pid=3292->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=58374640-2400-0000-81a3-8242ee0c0000 pid=3310 /home/sandbox/x86 guuid=bd515c2f-2400-0000-81a3-8242dc0c0000 pid=3292->guuid=58374640-2400-0000-81a3-8242ee0c0000 pid=3310 clone guuid=15384b40-2400-0000-81a3-8242ef0c0000 pid=3311 /home/sandbox/x86 net send-data zombie guuid=bd515c2f-2400-0000-81a3-8242dc0c0000 pid=3292->guuid=15384b40-2400-0000-81a3-8242ef0c0000 pid=3311 clone guuid=15384b40-2400-0000-81a3-8242ef0c0000 pid=3311->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b 87.121.84.220:61459 guuid=15384b40-2400-0000-81a3-8242ef0c0000 pid=3311->dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b send: 43B guuid=10975240-2400-0000-81a3-8242f00c0000 pid=3312->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 93B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-08-15 21:23:10 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qj4dpvimgndyikbq7qfxmgziq5vlt5w6bbei7m7pq23gwysmi3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250815-1bjhfs1thx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ec13c1bea8619a3c214187e05bb0d9443b55cfb6f042447d9f7c35b35b126237

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3604315/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments