MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44
SHA3-384 hash: c6a8ab25b659b41721d236023dbd1bec4cb5151f6cec8cb51fc8ae03781a123e39cd3cbf06189659e94ada77cfc35a8b
SHA1 hash: b642a5258d0cf348ac09cfe6c90af1b185f27136
MD5 hash: a68958efdcb5bf17744f25f65bd25303
humanhash: kitten-kansas-neptune-queen
File name:2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'022 bytes
First seen:2025-09-25 18:13:47 UTC
Last seen:2025-09-26 06:09:21 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:GB1LvW2UR5KIMKwCmCQ3qvH4Je/uSEOsNe3meW:G+RQ38wn
TLSH T17041DBF7A34BCA03D27D47C97E510506B015C367B49FC735DCE9EAC90450E9C7255A45
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://157.20.32.209/bins/morte.arc4704e07f48738bd7b4cd44cec97a7c5526a4419fa665fd425ba217425916024a Miraimirai opendir
http://157.20.32.209/bins/morte.armf6d0afe358d658d05afad447734fee5a590e953c6c0f98cbd217a867521f8754 Miraimirai opendir
http://157.20.32.209/bins/morte.arm517bb63761f5c8c1601c331cf193c55c09d4619053f9572b3648ef69e49fd1a89 Miraimirai opendir
http://157.20.32.209/bins/morte.arm6b3cd17f0afa885b377f8b04679e75f7f0827189f0b3f025a3814d156b4db1c38 Miraimirai opendir
http://157.20.32.209/bins/morte.arm709d4f358af13014b924279b5b4318a7da185db5a95b1175fac33a87e93f00b35 Miraimirai opendir
http://157.20.32.209/bins/morte.i686a1617a2f4c04b81e7d8fa32fd63a09ed977cd7607b24b76055b36fdea3112c89 Miraimirai opendir
http://157.20.32.209/bins/morte.m68kcdab74aed8c37c66f1370e839cd48ae264c4bda7f1aae193b516e1c9a52a93ea Miraimirai opendir
http://157.20.32.209/bins/morte.mips1cb41b9c1a9e8123336054934a6ade938b976b5dbb87e852c742ef3f1fa9cdbb Miraimirai opendir
http://157.20.32.209/bins/morte.mpsl9f142d179fbde485e13d3364d65180ee6d62449aff02e35d87447ca0f9417210 Miraimirai opendir
http://157.20.32.209/bins/morte.ppc1dc7e464cdaabeaa49a759a198d6a69d7cfc69014337f7fe1881dc9f3efdb8dd Miraimirai opendir
http://157.20.32.209/bins/morte.sh4bb8425e14a2cc5ce0d44da49e2b28d19e081b6352f48c376c7b0f9b0c92e3054 Miraimirai opendir
http://157.20.32.209/bins/morte.spce43b10988feae69a629b29ad0826d88d485372dabbed9421f2e1094147da7c01 Miraimirai opendir
http://157.20.32.209/bins/morte.x8620eec1f49d7ab9223b5d47b6f464aed12e418942570966eae401968088463f1a Miraimirai opendir
http://157.20.32.209/bins/morte.x86_6416ba16bf6f0d4de4341bf38820777755012f008554f5e482b88cd4a85e97eb8b Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3632025.UNOFFICIAL
Create hunting rule

URLhaus.3632062.UNOFFICIAL
Create hunting rule

URLhaus.3632052.UNOFFICIAL
Create hunting rule

URLhaus.3632007.UNOFFICIAL
Create hunting rule

URLhaus.3631994.UNOFFICIAL
Create hunting rule

URLhaus.3632053.UNOFFICIAL
Create hunting rule

URLhaus.3631995.UNOFFICIAL
Create hunting rule

URLhaus.3632056.UNOFFICIAL
Create hunting rule

URLhaus.3632027.UNOFFICIAL
Create hunting rule

URLhaus.3632043.UNOFFICIAL
Create hunting rule

URLhaus.3632003.UNOFFICIAL
Create hunting rule

URLhaus.3632008.UNOFFICIAL
Create hunting rule

URLhaus.3632024.UNOFFICIAL
Create hunting rule

URLhaus.3632006.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68d58798674d5fd6aa0cbe7d/reports/26bcba3d-c4ef-46b8-ba48-602418c2cd7d/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-09-25T15:29:00Z UTC
Last seen:
2025-09-25T15:29:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7dbf50ed-acd2-4d5a-875d-8db2fa54255e
Behavior Graph:
Download SVG
%3 guuid=98fb7c82-1a00-0000-bd3f-1e18330b0000 pid=2867 /usr/bin/sudo guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873 /tmp/sample.bin guuid=98fb7c82-1a00-0000-bd3f-1e18330b0000 pid=2867->guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873 execve guuid=a562c485-1a00-0000-bd3f-1e183d0b0000 pid=2877 /usr/bin/cp guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=a562c485-1a00-0000-bd3f-1e183d0b0000 pid=2877 execve guuid=d590d08f-1a00-0000-bd3f-1e18550b0000 pid=2901 /usr/bin/mkdir guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d590d08f-1a00-0000-bd3f-1e18550b0000 pid=2901 execve guuid=d3895790-1a00-0000-bd3f-1e18570b0000 pid=2903 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d3895790-1a00-0000-bd3f-1e18570b0000 pid=2903 execve guuid=d7db3fc6-1a00-0000-bd3f-1e18ae0b0000 pid=2990 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d7db3fc6-1a00-0000-bd3f-1e18ae0b0000 pid=2990 execve guuid=c2fc68fe-1a00-0000-bd3f-1e18260c0000 pid=3110 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=c2fc68fe-1a00-0000-bd3f-1e18260c0000 pid=3110 execve guuid=aea8c7fe-1a00-0000-bd3f-1e18270c0000 pid=3111 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=aea8c7fe-1a00-0000-bd3f-1e18270c0000 pid=3111 clone guuid=db33abff-1a00-0000-bd3f-1e182b0c0000 pid=3115 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=db33abff-1a00-0000-bd3f-1e182b0c0000 pid=3115 execve guuid=7b650f00-1b00-0000-bd3f-1e182d0c0000 pid=3117 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=7b650f00-1b00-0000-bd3f-1e182d0c0000 pid=3117 execve guuid=4fafd51f-1b00-0000-bd3f-1e18710c0000 pid=3185 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=4fafd51f-1b00-0000-bd3f-1e18710c0000 pid=3185 execve guuid=fc412844-1b00-0000-bd3f-1e18960c0000 pid=3222 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=fc412844-1b00-0000-bd3f-1e18960c0000 pid=3222 execve guuid=8d858c44-1b00-0000-bd3f-1e18970c0000 pid=3223 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=8d858c44-1b00-0000-bd3f-1e18970c0000 pid=3223 clone guuid=6bad4a46-1b00-0000-bd3f-1e18990c0000 pid=3225 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6bad4a46-1b00-0000-bd3f-1e18990c0000 pid=3225 execve guuid=6d8abc46-1b00-0000-bd3f-1e189a0c0000 pid=3226 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6d8abc46-1b00-0000-bd3f-1e189a0c0000 pid=3226 execve guuid=a9e8fc67-1b00-0000-bd3f-1e18b50c0000 pid=3253 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=a9e8fc67-1b00-0000-bd3f-1e18b50c0000 pid=3253 execve guuid=d667a588-1b00-0000-bd3f-1e18e70c0000 pid=3303 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d667a588-1b00-0000-bd3f-1e18e70c0000 pid=3303 execve guuid=f95d0a89-1b00-0000-bd3f-1e18e90c0000 pid=3305 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=f95d0a89-1b00-0000-bd3f-1e18e90c0000 pid=3305 clone guuid=96c62e8b-1b00-0000-bd3f-1e18ef0c0000 pid=3311 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=96c62e8b-1b00-0000-bd3f-1e18ef0c0000 pid=3311 execve guuid=9875a38b-1b00-0000-bd3f-1e18f10c0000 pid=3313 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=9875a38b-1b00-0000-bd3f-1e18f10c0000 pid=3313 execve guuid=6e9f2ebb-1b00-0000-bd3f-1e18360d0000 pid=3382 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6e9f2ebb-1b00-0000-bd3f-1e18360d0000 pid=3382 execve guuid=12d7a8e5-1b00-0000-bd3f-1e18950d0000 pid=3477 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=12d7a8e5-1b00-0000-bd3f-1e18950d0000 pid=3477 execve guuid=6f410ae6-1b00-0000-bd3f-1e18970d0000 pid=3479 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6f410ae6-1b00-0000-bd3f-1e18970d0000 pid=3479 clone guuid=4f5822e7-1b00-0000-bd3f-1e189b0d0000 pid=3483 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=4f5822e7-1b00-0000-bd3f-1e189b0d0000 pid=3483 execve guuid=f790d0e9-1b00-0000-bd3f-1e18a10d0000 pid=3489 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=f790d0e9-1b00-0000-bd3f-1e18a10d0000 pid=3489 execve guuid=ff5c8a13-1c00-0000-bd3f-1e18f30d0000 pid=3571 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=ff5c8a13-1c00-0000-bd3f-1e18f30d0000 pid=3571 execve guuid=17cf043e-1c00-0000-bd3f-1e18670e0000 pid=3687 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=17cf043e-1c00-0000-bd3f-1e18670e0000 pid=3687 execve guuid=182a5f3e-1c00-0000-bd3f-1e18680e0000 pid=3688 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=182a5f3e-1c00-0000-bd3f-1e18680e0000 pid=3688 clone guuid=348bfd3e-1c00-0000-bd3f-1e186d0e0000 pid=3693 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=348bfd3e-1c00-0000-bd3f-1e186d0e0000 pid=3693 execve guuid=404e433f-1c00-0000-bd3f-1e18710e0000 pid=3697 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=404e433f-1c00-0000-bd3f-1e18710e0000 pid=3697 execve guuid=e8b15a5f-1c00-0000-bd3f-1e18de0e0000 pid=3806 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=e8b15a5f-1c00-0000-bd3f-1e18de0e0000 pid=3806 execve guuid=cc772883-1c00-0000-bd3f-1e183a0f0000 pid=3898 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=cc772883-1c00-0000-bd3f-1e183a0f0000 pid=3898 execve guuid=2d5a7a83-1c00-0000-bd3f-1e183e0f0000 pid=3902 /bins/morte.i686 net guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=2d5a7a83-1c00-0000-bd3f-1e183e0f0000 pid=3902 execve guuid=dadf3484-1c00-0000-bd3f-1e18430f0000 pid=3907 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=dadf3484-1c00-0000-bd3f-1e18430f0000 pid=3907 execve guuid=12647384-1c00-0000-bd3f-1e18460f0000 pid=3910 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=12647384-1c00-0000-bd3f-1e18460f0000 pid=3910 execve guuid=01fb7eaf-1c00-0000-bd3f-1e18e60f0000 pid=4070 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=01fb7eaf-1c00-0000-bd3f-1e18e60f0000 pid=4070 execve guuid=876344dc-1c00-0000-bd3f-1e1883100000 pid=4227 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=876344dc-1c00-0000-bd3f-1e1883100000 pid=4227 execve guuid=9c37aadc-1c00-0000-bd3f-1e1885100000 pid=4229 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=9c37aadc-1c00-0000-bd3f-1e1885100000 pid=4229 clone guuid=44638bdf-1c00-0000-bd3f-1e188c100000 pid=4236 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=44638bdf-1c00-0000-bd3f-1e188c100000 pid=4236 execve guuid=3b5125e0-1c00-0000-bd3f-1e188e100000 pid=4238 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=3b5125e0-1c00-0000-bd3f-1e188e100000 pid=4238 execve guuid=4eb9350d-1d00-0000-bd3f-1e1828110000 pid=4392 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=4eb9350d-1d00-0000-bd3f-1e1828110000 pid=4392 execve guuid=3482d738-1d00-0000-bd3f-1e18d3110000 pid=4563 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=3482d738-1d00-0000-bd3f-1e18d3110000 pid=4563 execve guuid=e6f42239-1d00-0000-bd3f-1e18d7110000 pid=4567 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=e6f42239-1d00-0000-bd3f-1e18d7110000 pid=4567 clone guuid=e5e6033a-1d00-0000-bd3f-1e18de110000 pid=4574 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=e5e6033a-1d00-0000-bd3f-1e18de110000 pid=4574 execve guuid=a9aeb742-1d00-0000-bd3f-1e180e120000 pid=4622 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=a9aeb742-1d00-0000-bd3f-1e180e120000 pid=4622 execve guuid=962b096c-1d00-0000-bd3f-1e18a8120000 pid=4776 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=962b096c-1d00-0000-bd3f-1e18a8120000 pid=4776 execve guuid=77baf396-1d00-0000-bd3f-1e1825130000 pid=4901 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=77baf396-1d00-0000-bd3f-1e1825130000 pid=4901 execve guuid=aa926997-1d00-0000-bd3f-1e1828130000 pid=4904 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=aa926997-1d00-0000-bd3f-1e1828130000 pid=4904 clone guuid=d42d6198-1d00-0000-bd3f-1e182c130000 pid=4908 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d42d6198-1d00-0000-bd3f-1e182c130000 pid=4908 execve guuid=83858cb2-1d00-0000-bd3f-1e1883130000 pid=4995 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=83858cb2-1d00-0000-bd3f-1e1883130000 pid=4995 execve guuid=ef104cd3-1d00-0000-bd3f-1e18cd130000 pid=5069 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=ef104cd3-1d00-0000-bd3f-1e18cd130000 pid=5069 execve guuid=ec0361f5-1d00-0000-bd3f-1e1823140000 pid=5155 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=ec0361f5-1d00-0000-bd3f-1e1823140000 pid=5155 execve guuid=d594e8f5-1d00-0000-bd3f-1e1825140000 pid=5157 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d594e8f5-1d00-0000-bd3f-1e1825140000 pid=5157 clone guuid=174a19f7-1d00-0000-bd3f-1e182a140000 pid=5162 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=174a19f7-1d00-0000-bd3f-1e182a140000 pid=5162 execve guuid=6a6d93f7-1d00-0000-bd3f-1e182c140000 pid=5164 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6a6d93f7-1d00-0000-bd3f-1e182c140000 pid=5164 execve guuid=6ed72a28-1e00-0000-bd3f-1e1856140000 pid=5206 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6ed72a28-1e00-0000-bd3f-1e1856140000 pid=5206 execve guuid=616a3f54-1e00-0000-bd3f-1e18a1140000 pid=5281 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=616a3f54-1e00-0000-bd3f-1e18a1140000 pid=5281 execve guuid=21b34055-1e00-0000-bd3f-1e18a3140000 pid=5283 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=21b34055-1e00-0000-bd3f-1e18a3140000 pid=5283 clone guuid=c7eb7356-1e00-0000-bd3f-1e18a6140000 pid=5286 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=c7eb7356-1e00-0000-bd3f-1e18a6140000 pid=5286 execve guuid=d67ae156-1e00-0000-bd3f-1e18a8140000 pid=5288 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=d67ae156-1e00-0000-bd3f-1e18a8140000 pid=5288 execve guuid=02e65880-1e00-0000-bd3f-1e18b1140000 pid=5297 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=02e65880-1e00-0000-bd3f-1e18b1140000 pid=5297 execve guuid=de9824ab-1e00-0000-bd3f-1e18b2140000 pid=5298 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=de9824ab-1e00-0000-bd3f-1e18b2140000 pid=5298 execve guuid=e39f86ab-1e00-0000-bd3f-1e18b3140000 pid=5299 /usr/bin/bash guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=e39f86ab-1e00-0000-bd3f-1e18b3140000 pid=5299 clone guuid=a0c448ad-1e00-0000-bd3f-1e18b5140000 pid=5301 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=a0c448ad-1e00-0000-bd3f-1e18b5140000 pid=5301 execve guuid=9dfb8fad-1e00-0000-bd3f-1e18b6140000 pid=5302 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=9dfb8fad-1e00-0000-bd3f-1e18b6140000 pid=5302 execve guuid=715269cc-1e00-0000-bd3f-1e18b7140000 pid=5303 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=715269cc-1e00-0000-bd3f-1e18b7140000 pid=5303 execve guuid=4cf7b8ed-1e00-0000-bd3f-1e18b8140000 pid=5304 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=4cf7b8ed-1e00-0000-bd3f-1e18b8140000 pid=5304 execve guuid=64affded-1e00-0000-bd3f-1e18b9140000 pid=5305 /bins/morte.x86 net guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=64affded-1e00-0000-bd3f-1e18b9140000 pid=5305 execve guuid=6ea9aaee-1e00-0000-bd3f-1e18bc140000 pid=5308 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=6ea9aaee-1e00-0000-bd3f-1e18bc140000 pid=5308 execve guuid=a04d34ef-1e00-0000-bd3f-1e18bd140000 pid=5309 /usr/bin/wget net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=a04d34ef-1e00-0000-bd3f-1e18bd140000 pid=5309 execve guuid=0c820f0f-1f00-0000-bd3f-1e18c1140000 pid=5313 /usr/bin/curl net send-data write-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=0c820f0f-1f00-0000-bd3f-1e18c1140000 pid=5313 execve guuid=ebd0f032-1f00-0000-bd3f-1e18c5140000 pid=5317 /usr/bin/chmod guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=ebd0f032-1f00-0000-bd3f-1e18c5140000 pid=5317 execve guuid=65ed6c33-1f00-0000-bd3f-1e18c6140000 pid=5318 /bins/morte.x86_64 mprotect-exec net guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=65ed6c33-1f00-0000-bd3f-1e18c6140000 pid=5318 execve guuid=c8bd1434-1f00-0000-bd3f-1e18c8140000 pid=5320 /usr/bin/rm delete-file guuid=633f9a84-1a00-0000-bd3f-1e18390b0000 pid=2873->guuid=c8bd1434-1f00-0000-bd3f-1e18c8140000 pid=5320 execve 3ec9d820-2553-5143-b726-8f9a2d649b55 157.20.32.209:80 guuid=d3895790-1a00-0000-bd3f-1e18570b0000 pid=2903->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=d7db3fc6-1a00-0000-bd3f-1e18ae0b0000 pid=2990->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=7b650f00-1b00-0000-bd3f-1e182d0c0000 pid=3117->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 142B guuid=4fafd51f-1b00-0000-bd3f-1e18710c0000 pid=3185->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 91B guuid=6d8abc46-1b00-0000-bd3f-1e189a0c0000 pid=3226->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=a9e8fc67-1b00-0000-bd3f-1e18b50c0000 pid=3253->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=9875a38b-1b00-0000-bd3f-1e18f10c0000 pid=3313->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=6e9f2ebb-1b00-0000-bd3f-1e18360d0000 pid=3382->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=f790d0e9-1b00-0000-bd3f-1e18a10d0000 pid=3489->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=ff5c8a13-1c00-0000-bd3f-1e18f30d0000 pid=3571->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B guuid=404e433f-1c00-0000-bd3f-1e18710e0000 pid=3697->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=e8b15a5f-1c00-0000-bd3f-1e18de0e0000 pid=3806->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=2d5a7a83-1c00-0000-bd3f-1e183e0f0000 pid=3902->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5c801c84-1c00-0000-bd3f-1e18410f0000 pid=3905 /bins/morte.i686 guuid=2d5a7a83-1c00-0000-bd3f-1e183e0f0000 pid=3902->guuid=5c801c84-1c00-0000-bd3f-1e18410f0000 pid=3905 clone guuid=77582884-1c00-0000-bd3f-1e18420f0000 pid=3906 /bins/morte.i686 write-config zombie guuid=5c801c84-1c00-0000-bd3f-1e18410f0000 pid=3905->guuid=77582884-1c00-0000-bd3f-1e18420f0000 pid=3906 clone guuid=54d49c88-1c00-0000-bd3f-1e18570f0000 pid=3927 /usr/bin/dash guuid=77582884-1c00-0000-bd3f-1e18420f0000 pid=3906->guuid=54d49c88-1c00-0000-bd3f-1e18570f0000 pid=3927 execve guuid=842f768b-1c00-0000-bd3f-1e18640f0000 pid=3940 /bins/morte.i686 delete-file dns net send-data guuid=77582884-1c00-0000-bd3f-1e18420f0000 pid=3906->guuid=842f768b-1c00-0000-bd3f-1e18640f0000 pid=3940 clone guuid=38c80e32-2000-0000-bd3f-1e18d7140000 pid=5335 /bins/morte.i686 dns net send-data guuid=77582884-1c00-0000-bd3f-1e18420f0000 pid=3906->guuid=38c80e32-2000-0000-bd3f-1e18d7140000 pid=5335 clone guuid=12647384-1c00-0000-bd3f-1e18460f0000 pid=3910->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 143B guuid=9240d088-1c00-0000-bd3f-1e18580f0000 pid=3928 /usr/bin/cp guuid=54d49c88-1c00-0000-bd3f-1e18570f0000 pid=3927->guuid=9240d088-1c00-0000-bd3f-1e18580f0000 pid=3928 execve guuid=842f768b-1c00-0000-bd3f-1e18640f0000 pid=3940->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 84B b5fff71e-f613-58be-ba84-80cefb09aafc demoon.vip:12121 guuid=842f768b-1c00-0000-bd3f-1e18640f0000 pid=3940->b5fff71e-f613-58be-ba84-80cefb09aafc send: 45B guuid=01fb7eaf-1c00-0000-bd3f-1e18e60f0000 pid=4070->3ec9d820-2553-5143-b726-8f9a2d649b55 send: 92B 5254f68f-83a3-5768-b2d4-708fd1ae2ac3 demoon.vip:80 guuid=3b5125e0-1c00-0000-bd3f-1e188e100000 pid=4238->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 143B guuid=4eb9350d-1d00-0000-bd3f-1e1828110000 pid=4392->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 92B guuid=a9aeb742-1d00-0000-bd3f-1e180e120000 pid=4622->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 143B guuid=962b096c-1d00-0000-bd3f-1e18a8120000 pid=4776->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 92B guuid=83858cb2-1d00-0000-bd3f-1e1883130000 pid=4995->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 142B guuid=ef104cd3-1d00-0000-bd3f-1e18cd130000 pid=5069->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 91B guuid=6a6d93f7-1d00-0000-bd3f-1e182c140000 pid=5164->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 142B guuid=6ed72a28-1e00-0000-bd3f-1e1856140000 pid=5206->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 91B guuid=d67ae156-1e00-0000-bd3f-1e18a8140000 pid=5288->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 142B guuid=02e65880-1e00-0000-bd3f-1e18b1140000 pid=5297->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 91B guuid=9dfb8fad-1e00-0000-bd3f-1e18b6140000 pid=5302->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 142B guuid=715269cc-1e00-0000-bd3f-1e18b7140000 pid=5303->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 91B guuid=64affded-1e00-0000-bd3f-1e18b9140000 pid=5305->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=321685ee-1e00-0000-bd3f-1e18ba140000 pid=5306 /bins/morte.x86 guuid=64affded-1e00-0000-bd3f-1e18b9140000 pid=5305->guuid=321685ee-1e00-0000-bd3f-1e18ba140000 pid=5306 clone guuid=87948eee-1e00-0000-bd3f-1e18bb140000 pid=5307 /bins/morte.x86 write-config zombie guuid=321685ee-1e00-0000-bd3f-1e18ba140000 pid=5306->guuid=87948eee-1e00-0000-bd3f-1e18bb140000 pid=5307 clone guuid=32b334f2-1e00-0000-bd3f-1e18be140000 pid=5310 /usr/bin/dash guuid=87948eee-1e00-0000-bd3f-1e18bb140000 pid=5307->guuid=32b334f2-1e00-0000-bd3f-1e18be140000 pid=5310 execve guuid=7b32a4f4-1e00-0000-bd3f-1e18c0140000 pid=5312 /bins/morte.x86 dns net send-data zombie guuid=87948eee-1e00-0000-bd3f-1e18bb140000 pid=5307->guuid=7b32a4f4-1e00-0000-bd3f-1e18c0140000 pid=5312 clone guuid=a04d34ef-1e00-0000-bd3f-1e18bd140000 pid=5309->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 145B guuid=362b64f2-1e00-0000-bd3f-1e18bf140000 pid=5311 /usr/bin/cp guuid=32b334f2-1e00-0000-bd3f-1e18be140000 pid=5310->guuid=362b64f2-1e00-0000-bd3f-1e18bf140000 pid=5311 execve guuid=7b32a4f4-1e00-0000-bd3f-1e18c0140000 pid=5312->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 28B guuid=7b32a4f4-1e00-0000-bd3f-1e18c0140000 pid=5312->b5fff71e-f613-58be-ba84-80cefb09aafc send: 14B guuid=0c820f0f-1f00-0000-bd3f-1e18c1140000 pid=5313->5254f68f-83a3-5768-b2d4-708fd1ae2ac3 send: 94B guuid=65ed6c33-1f00-0000-bd3f-1e18c6140000 pid=5318->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a6490634-1f00-0000-bd3f-1e18c7140000 pid=5319 /bins/morte.x86_64 zombie guuid=65ed6c33-1f00-0000-bd3f-1e18c6140000 pid=5318->guuid=a6490634-1f00-0000-bd3f-1e18c7140000 pid=5319 clone guuid=0d221b34-1f00-0000-bd3f-1e18c9140000 pid=5321 /bins/morte.x86_64 write-config zombie guuid=a6490634-1f00-0000-bd3f-1e18c7140000 pid=5319->guuid=0d221b34-1f00-0000-bd3f-1e18c9140000 pid=5321 clone guuid=a6fcfc34-1f00-0000-bd3f-1e18ca140000 pid=5322 /usr/bin/dash guuid=0d221b34-1f00-0000-bd3f-1e18c9140000 pid=5321->guuid=a6fcfc34-1f00-0000-bd3f-1e18ca140000 pid=5322 execve guuid=a7b51636-1f00-0000-bd3f-1e18d0140000 pid=5328 /bins/morte.x86_64 net send-data zombie guuid=0d221b34-1f00-0000-bd3f-1e18c9140000 pid=5321->guuid=a7b51636-1f00-0000-bd3f-1e18d0140000 pid=5328 clone guuid=3aab3835-1f00-0000-bd3f-1e18cb140000 pid=5323 /usr/bin/cp guuid=a6fcfc34-1f00-0000-bd3f-1e18ca140000 pid=5322->guuid=3aab3835-1f00-0000-bd3f-1e18cb140000 pid=5323 execve guuid=a7b51636-1f00-0000-bd3f-1e18d0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 28B guuid=38c80e32-2000-0000-bd3f-1e18d7140000 pid=5335->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 364B guuid=38c80e32-2000-0000-bd3f-1e18d7140000 pid=5335->b5fff71e-f613-58be-ba84-80cefb09aafc send: 195B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-25 18:22:36 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6qvivil47yjbnir3lv2r4fk3r2k6dhfdzzlgwiah3ypfjufmdvca._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery execution linux persistence
Link:
https://tria.ge/reports/250925-wx25ga1mz7/
Behaviour
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Executes dropped EXE
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f42a8aa17cfe1216a23b5d751e155b8e95e19ca3ce566b2007de1e54d0ac1d44

(this sample)

Mirai

elf ed1981a2e68adeb508e0f1e88f8e0731910a9d3ccd0e5c76101fb0415d13cee5

  
URLhaus
https://urlhaus.abuse.ch/url/3631996/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3632018/
  
Dropping
MD5 ad4275e8a7c0ce2c24528564fc7c3a03
  
Dropping
SHA256 ed1981a2e68adeb508e0f1e88f8e0731910a9d3ccd0e5c76101fb0415d13cee5

Comments