MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01
SHA3-384 hash: 8a8920f848bd6fcaacc241c47df82ef2c58acf75fab32de36d58b59fffeac09bd0298d6d74dc76cb0de42a561a053524
SHA1 hash: 6e8607d6862eb9d66a80371f5a7b007b5e227d6c
MD5 hash: b96e0f579bebefe0f79eb8fe8947d21e
humanhash: alaska-arkansas-september-september
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'614 bytes
First seen:2025-07-21 05:37:55 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:U/AxikFyv2iehA9nj3EnxHxDIGax2vj0lCbfhKB3:U/AxYvzehmnjGxH6nQL2CbfhO
TLSH T14F5150EB73614976BDEF9AF233F604457290E05315CA9F2DE998B8EB844CC047089A5F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.187.246.23/huhu/morte.i586212efefd1ad1868ce3d8fd58286ca0793b922bcb4000c3fe643e3585463c504e Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.mips947875757e1d66095937c978e656aed364eeef79756cf30374dc6cb1207ce5eb Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.arce934f43267f51675ef0229d452a22fac925dd3f6024b823ae341aaf260c2c465 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.i68684514080ea2aeffbf6f0ba6b479886d74487c0d1aada085451185ee3cc8a1aa9 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.x86_64163e5bd214fdc693c390c04866a70e50a0e91eb6cc0394c67832b26dac4f3753 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.mipsel13384006585121fa1dde6619ff8efbfafcd80364c3e10ab79d679acf46135c8f Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.armv4l217ccaa1a74cc4c3230ee4a132354c5518cedb01f7de032313c4a9d0363a5a40 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.armv5la9d8f8e4ee27496242ce152dc6f02deccd2f8aa461331bbc7b1a2ca41dde094f Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.armv6lf69a6d75340bf713806d7642e8dbc406817198b12ff7c9bb42c106c316d7bd87 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.armv7leff18956ff64522a9b9404707d2032727ed7bac7b2614c2d0e5e5ce39fa578a7 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.powerpc156da68b14bb3783a3caefc03b8eb44aed92a8073c5a96b61fefdd889a93a7a3 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.powerpc-440fpf3172efd4e3ddb70dcfe5dbafb14a4101639076732920bb4cea026d4a1a542fe Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.m68k78bf663be5502ff042257fa4fe1049f6c4bbab50f72c9d4be1b5288e7d6a10f6 Miraielf mirai opendir ua-wget
http://160.187.246.23/huhu/morte.sh44da818fbc855dc395c105bd4cb141aabd50b5367e79d5916b08fa06c2d6f65da Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/311f896a-2813-4f4f-ba75-881db0761e57
Behavior Graph:
Download SVG
%3 guuid=f4f25325-1b00-0000-9959-83a51a0c0000 pid=3098 /usr/bin/sudo guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103 /tmp/sample.bin guuid=f4f25325-1b00-0000-9959-83a51a0c0000 pid=3098->guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103 execve guuid=e3bb2c27-1b00-0000-9959-83a5200c0000 pid=3104 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=e3bb2c27-1b00-0000-9959-83a5200c0000 pid=3104 execve guuid=55ad9744-1b00-0000-9959-83a55f0c0000 pid=3167 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=55ad9744-1b00-0000-9959-83a55f0c0000 pid=3167 execve guuid=0adfeb62-1b00-0000-9959-83a57a0c0000 pid=3194 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=0adfeb62-1b00-0000-9959-83a57a0c0000 pid=3194 execve guuid=655d5563-1b00-0000-9959-83a57c0c0000 pid=3196 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=655d5563-1b00-0000-9959-83a57c0c0000 pid=3196 execve guuid=69efb963-1b00-0000-9959-83a57e0c0000 pid=3198 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=69efb963-1b00-0000-9959-83a57e0c0000 pid=3198 execve guuid=b9920464-1b00-0000-9959-83a5800c0000 pid=3200 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=b9920464-1b00-0000-9959-83a5800c0000 pid=3200 execve guuid=5d493d7e-1b00-0000-9959-83a59d0c0000 pid=3229 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=5d493d7e-1b00-0000-9959-83a59d0c0000 pid=3229 execve guuid=5b6c5f9c-1b00-0000-9959-83a5c00c0000 pid=3264 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=5b6c5f9c-1b00-0000-9959-83a5c00c0000 pid=3264 execve guuid=c5679a9c-1b00-0000-9959-83a5c20c0000 pid=3266 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=c5679a9c-1b00-0000-9959-83a5c20c0000 pid=3266 execve guuid=ce8fec9c-1b00-0000-9959-83a5c30c0000 pid=3267 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=ce8fec9c-1b00-0000-9959-83a5c30c0000 pid=3267 execve guuid=f20e3b9d-1b00-0000-9959-83a5c50c0000 pid=3269 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=f20e3b9d-1b00-0000-9959-83a5c50c0000 pid=3269 execve guuid=d0f321b9-1b00-0000-9959-83a5fa0c0000 pid=3322 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=d0f321b9-1b00-0000-9959-83a5fa0c0000 pid=3322 execve guuid=9bf351d6-1b00-0000-9959-83a5200d0000 pid=3360 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=9bf351d6-1b00-0000-9959-83a5200d0000 pid=3360 execve guuid=4580c5d6-1b00-0000-9959-83a5210d0000 pid=3361 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=4580c5d6-1b00-0000-9959-83a5210d0000 pid=3361 execve guuid=203d86d7-1b00-0000-9959-83a5240d0000 pid=3364 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=203d86d7-1b00-0000-9959-83a5240d0000 pid=3364 execve guuid=255411d8-1b00-0000-9959-83a5270d0000 pid=3367 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=255411d8-1b00-0000-9959-83a5270d0000 pid=3367 execve guuid=0c40dcf2-1b00-0000-9959-83a56d0d0000 pid=3437 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=0c40dcf2-1b00-0000-9959-83a56d0d0000 pid=3437 execve guuid=8297c80e-1c00-0000-9959-83a5ac0d0000 pid=3500 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=8297c80e-1c00-0000-9959-83a5ac0d0000 pid=3500 execve guuid=8a7e790f-1c00-0000-9959-83a5af0d0000 pid=3503 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=8a7e790f-1c00-0000-9959-83a5af0d0000 pid=3503 execve guuid=a41a3410-1c00-0000-9959-83a5b20d0000 pid=3506 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=a41a3410-1c00-0000-9959-83a5b20d0000 pid=3506 execve guuid=74dc9210-1c00-0000-9959-83a5b30d0000 pid=3507 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=74dc9210-1c00-0000-9959-83a5b30d0000 pid=3507 execve guuid=df93be2c-1c00-0000-9959-83a5ea0d0000 pid=3562 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=df93be2c-1c00-0000-9959-83a5ea0d0000 pid=3562 execve guuid=750dc248-1c00-0000-9959-83a5230e0000 pid=3619 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=750dc248-1c00-0000-9959-83a5230e0000 pid=3619 execve guuid=872c0d49-1c00-0000-9959-83a5250e0000 pid=3621 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=872c0d49-1c00-0000-9959-83a5250e0000 pid=3621 execve guuid=689c9749-1c00-0000-9959-83a5270e0000 pid=3623 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=689c9749-1c00-0000-9959-83a5270e0000 pid=3623 execve guuid=55a6174a-1c00-0000-9959-83a5290e0000 pid=3625 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=55a6174a-1c00-0000-9959-83a5290e0000 pid=3625 execve guuid=d3584164-1c00-0000-9959-83a5340e0000 pid=3636 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=d3584164-1c00-0000-9959-83a5340e0000 pid=3636 execve guuid=f18ab07f-1c00-0000-9959-83a5710e0000 pid=3697 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=f18ab07f-1c00-0000-9959-83a5710e0000 pid=3697 execve guuid=468a3a80-1c00-0000-9959-83a5720e0000 pid=3698 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=468a3a80-1c00-0000-9959-83a5720e0000 pid=3698 execve guuid=f9eac880-1c00-0000-9959-83a5730e0000 pid=3699 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=f9eac880-1c00-0000-9959-83a5730e0000 pid=3699 execve guuid=f3ea2081-1c00-0000-9959-83a5740e0000 pid=3700 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=f3ea2081-1c00-0000-9959-83a5740e0000 pid=3700 execve guuid=742a709b-1c00-0000-9959-83a5c40e0000 pid=3780 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=742a709b-1c00-0000-9959-83a5c40e0000 pid=3780 execve guuid=ae6475b6-1c00-0000-9959-83a5150f0000 pid=3861 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=ae6475b6-1c00-0000-9959-83a5150f0000 pid=3861 execve guuid=8036adb6-1c00-0000-9959-83a5170f0000 pid=3863 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=8036adb6-1c00-0000-9959-83a5170f0000 pid=3863 execve guuid=007b0cb7-1c00-0000-9959-83a5190f0000 pid=3865 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=007b0cb7-1c00-0000-9959-83a5190f0000 pid=3865 execve guuid=ba4454b7-1c00-0000-9959-83a51b0f0000 pid=3867 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=ba4454b7-1c00-0000-9959-83a51b0f0000 pid=3867 execve guuid=a399fcd1-1c00-0000-9959-83a56b0f0000 pid=3947 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=a399fcd1-1c00-0000-9959-83a56b0f0000 pid=3947 execve guuid=650f6aef-1c00-0000-9959-83a5c70f0000 pid=4039 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=650f6aef-1c00-0000-9959-83a5c70f0000 pid=4039 execve guuid=1311bdef-1c00-0000-9959-83a5c90f0000 pid=4041 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=1311bdef-1c00-0000-9959-83a5c90f0000 pid=4041 execve guuid=5d46fdef-1c00-0000-9959-83a5cc0f0000 pid=4044 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=5d46fdef-1c00-0000-9959-83a5cc0f0000 pid=4044 execve guuid=bdbc4cf0-1c00-0000-9959-83a5ce0f0000 pid=4046 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=bdbc4cf0-1c00-0000-9959-83a5ce0f0000 pid=4046 execve guuid=e8eb200a-1d00-0000-9959-83a51f100000 pid=4127 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=e8eb200a-1d00-0000-9959-83a51f100000 pid=4127 execve guuid=91999c28-1d00-0000-9959-83a571100000 pid=4209 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=91999c28-1d00-0000-9959-83a571100000 pid=4209 execve guuid=387be128-1d00-0000-9959-83a572100000 pid=4210 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=387be128-1d00-0000-9959-83a572100000 pid=4210 execve guuid=231f8c29-1d00-0000-9959-83a573100000 pid=4211 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=231f8c29-1d00-0000-9959-83a573100000 pid=4211 execve guuid=2c872f2a-1d00-0000-9959-83a574100000 pid=4212 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=2c872f2a-1d00-0000-9959-83a574100000 pid=4212 execve guuid=b73bf844-1d00-0000-9959-83a5b8100000 pid=4280 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=b73bf844-1d00-0000-9959-83a5b8100000 pid=4280 execve guuid=466f6d62-1d00-0000-9959-83a51d110000 pid=4381 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=466f6d62-1d00-0000-9959-83a51d110000 pid=4381 execve guuid=9862ba62-1d00-0000-9959-83a520110000 pid=4384 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=9862ba62-1d00-0000-9959-83a520110000 pid=4384 execve guuid=d2251563-1d00-0000-9959-83a521110000 pid=4385 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=d2251563-1d00-0000-9959-83a521110000 pid=4385 execve guuid=1b3e5463-1d00-0000-9959-83a523110000 pid=4387 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=1b3e5463-1d00-0000-9959-83a523110000 pid=4387 execve guuid=6028d87e-1d00-0000-9959-83a581110000 pid=4481 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=6028d87e-1d00-0000-9959-83a581110000 pid=4481 execve guuid=ab92c59a-1d00-0000-9959-83a5c7110000 pid=4551 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=ab92c59a-1d00-0000-9959-83a5c7110000 pid=4551 execve guuid=e03c7ebe-1d00-0000-9959-83a52c120000 pid=4652 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=e03c7ebe-1d00-0000-9959-83a52c120000 pid=4652 execve guuid=98a4c0be-1d00-0000-9959-83a52d120000 pid=4653 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=98a4c0be-1d00-0000-9959-83a52d120000 pid=4653 execve guuid=eddcf9be-1d00-0000-9959-83a52e120000 pid=4654 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=eddcf9be-1d00-0000-9959-83a52e120000 pid=4654 execve guuid=2b8f99d9-1d00-0000-9959-83a581120000 pid=4737 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=2b8f99d9-1d00-0000-9959-83a581120000 pid=4737 execve guuid=dcfa6bf6-1d00-0000-9959-83a5c9120000 pid=4809 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=dcfa6bf6-1d00-0000-9959-83a5c9120000 pid=4809 execve guuid=d7eaa7f6-1d00-0000-9959-83a5cb120000 pid=4811 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=d7eaa7f6-1d00-0000-9959-83a5cb120000 pid=4811 execve guuid=3436e5f6-1d00-0000-9959-83a5cd120000 pid=4813 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=3436e5f6-1d00-0000-9959-83a5cd120000 pid=4813 execve guuid=c58f11f7-1d00-0000-9959-83a5cf120000 pid=4815 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=c58f11f7-1d00-0000-9959-83a5cf120000 pid=4815 execve guuid=9e93e910-1e00-0000-9959-83a524130000 pid=4900 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=9e93e910-1e00-0000-9959-83a524130000 pid=4900 execve guuid=a437fb2b-1e00-0000-9959-83a576130000 pid=4982 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=a437fb2b-1e00-0000-9959-83a576130000 pid=4982 execve guuid=3ff7392c-1e00-0000-9959-83a578130000 pid=4984 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=3ff7392c-1e00-0000-9959-83a578130000 pid=4984 execve guuid=46a6792c-1e00-0000-9959-83a57a130000 pid=4986 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=46a6792c-1e00-0000-9959-83a57a130000 pid=4986 execve guuid=7d63a92c-1e00-0000-9959-83a57b130000 pid=4987 /usr/bin/wget net send-data guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=7d63a92c-1e00-0000-9959-83a57b130000 pid=4987 execve guuid=a2fee347-1e00-0000-9959-83a5b8130000 pid=5048 /usr/bin/curl net send-data write-file guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=a2fee347-1e00-0000-9959-83a5b8130000 pid=5048 execve guuid=e391d565-1e00-0000-9959-83a51f140000 pid=5151 /usr/bin/cat guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=e391d565-1e00-0000-9959-83a51f140000 pid=5151 execve guuid=341b3d66-1e00-0000-9959-83a521140000 pid=5153 /usr/bin/chmod guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=341b3d66-1e00-0000-9959-83a521140000 pid=5153 execve guuid=3cd6a766-1e00-0000-9959-83a523140000 pid=5155 /tmp/WTF guuid=e2f7f926-1b00-0000-9959-83a51f0c0000 pid=3103->guuid=3cd6a766-1e00-0000-9959-83a523140000 pid=5155 execve 52e4f383-e1cf-597c-813f-d95056dafc56 160.187.246.23:80 guuid=e3bb2c27-1b00-0000-9959-83a5200c0000 pid=3104->52e4f383-e1cf-597c-813f-d95056dafc56 send: 144B guuid=55ad9744-1b00-0000-9959-83a55f0c0000 pid=3167->52e4f383-e1cf-597c-813f-d95056dafc56 send: 93B guuid=b9920464-1b00-0000-9959-83a5800c0000 pid=3200->52e4f383-e1cf-597c-813f-d95056dafc56 send: 144B guuid=5d493d7e-1b00-0000-9959-83a59d0c0000 pid=3229->52e4f383-e1cf-597c-813f-d95056dafc56 send: 93B guuid=f20e3b9d-1b00-0000-9959-83a5c50c0000 pid=3269->52e4f383-e1cf-597c-813f-d95056dafc56 send: 143B guuid=d0f321b9-1b00-0000-9959-83a5fa0c0000 pid=3322->52e4f383-e1cf-597c-813f-d95056dafc56 send: 92B guuid=255411d8-1b00-0000-9959-83a5270d0000 pid=3367->52e4f383-e1cf-597c-813f-d95056dafc56 send: 144B guuid=0c40dcf2-1b00-0000-9959-83a56d0d0000 pid=3437->52e4f383-e1cf-597c-813f-d95056dafc56 send: 93B guuid=74dc9210-1c00-0000-9959-83a5b30d0000 pid=3507->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=df93be2c-1c00-0000-9959-83a5ea0d0000 pid=3562->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=55a6174a-1c00-0000-9959-83a5290e0000 pid=3625->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=d3584164-1c00-0000-9959-83a5340e0000 pid=3636->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=f3ea2081-1c00-0000-9959-83a5740e0000 pid=3700->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=742a709b-1c00-0000-9959-83a5c40e0000 pid=3780->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=ba4454b7-1c00-0000-9959-83a51b0f0000 pid=3867->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=a399fcd1-1c00-0000-9959-83a56b0f0000 pid=3947->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=bdbc4cf0-1c00-0000-9959-83a5ce0f0000 pid=4046->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=e8eb200a-1d00-0000-9959-83a51f100000 pid=4127->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=2c872f2a-1d00-0000-9959-83a574100000 pid=4212->52e4f383-e1cf-597c-813f-d95056dafc56 send: 146B guuid=b73bf844-1d00-0000-9959-83a5b8100000 pid=4280->52e4f383-e1cf-597c-813f-d95056dafc56 send: 95B guuid=1b3e5463-1d00-0000-9959-83a523110000 pid=4387->52e4f383-e1cf-597c-813f-d95056dafc56 send: 147B guuid=6028d87e-1d00-0000-9959-83a581110000 pid=4481->52e4f383-e1cf-597c-813f-d95056dafc56 send: 96B guuid=eddcf9be-1d00-0000-9959-83a52e120000 pid=4654->52e4f383-e1cf-597c-813f-d95056dafc56 send: 153B guuid=2b8f99d9-1d00-0000-9959-83a581120000 pid=4737->52e4f383-e1cf-597c-813f-d95056dafc56 send: 102B guuid=c58f11f7-1d00-0000-9959-83a5cf120000 pid=4815->52e4f383-e1cf-597c-813f-d95056dafc56 send: 144B guuid=9e93e910-1e00-0000-9959-83a524130000 pid=4900->52e4f383-e1cf-597c-813f-d95056dafc56 send: 93B guuid=7d63a92c-1e00-0000-9959-83a57b130000 pid=4987->52e4f383-e1cf-597c-813f-d95056dafc56 send: 143B guuid=a2fee347-1e00-0000-9959-83a5b8130000 pid=5048->52e4f383-e1cf-597c-813f-d95056dafc56 send: 92B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-21 05:38:25 UTC
File Type:
Text (Shell)
AV detection:
12 of 22 (54.55%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=54ofozx3awl2q2lkxeidvrtchwbrnv6jfkcbp46qtvgxhcjgdqaq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250721-gbwy1aek81/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ef1c5766fb0597a8696ab9103ac6623d8316d7c92a8417f3d09d4d7389261c01

(this sample)

Mirai

elf 212efefd1ad1868ce3d8fd58286ca0793b922bcb4000c3fe643e3585463c504e

  
URLhaus
https://urlhaus.abuse.ch/url/3543233/
  
Delivery method
Distributed via web download
  
Dropping
MD5 42bc3ed8ca7b25e4cd9d9ee96eda8ee4
  
Dropping
SHA256 212efefd1ad1868ce3d8fd58286ca0793b922bcb4000c3fe643e3585463c504e

Comments