MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771
SHA3-384 hash: a8442bd4803fa693b70845ad1ae1052307e22ed2e67ed3d13cded396100f5d32cc2a741b06c8d3d9fd754c53c3e30d8b
SHA1 hash: 9247f1e4cbd676a2f02049201204eb06e1068a74
MD5 hash: a4bc9e249113a53fa47dac34384933ae
humanhash: hot-solar-maine-victor
File name:c.sh
Download: download sample
File size:1'248 bytes
First seen:2026-01-17 21:10:33 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3iv5U02Ov5h8NINMbv53LKev5Uv5vv50Qev5VW7Mv5HQTjuv5fzwhv5n+v56Cm:3J3jbNIWKs7QTgzwDGCyA
TLSH T1F2212C9D03E1718AEA130DD86810C04EB3FEB3E3B790C650AEDF5864E0AD2487639A75
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://82.221.139.173:3712/bins/systemx64.armn/an/aarm elf geofenced mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.arm5d0a046b222fe4ae0ff4072031286b635d3c5792c6e7f3d729ad3fde5f2610111 Miraiarm elf geofenced mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.arm69551d007f16feaa1415db8c9d985c4cd5d2a541eaf6d6c28bac9ef61f2cc961a Miraiarm elf geofenced mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.arm7c827699ba7634075d1ea4653d1c23fb82474593ae3fe9425ff027ac15788ef6f Miraiarm elf geofenced mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.m68k4131732816118512336fd9c5724099454d6ca9414e6ceb7b8f0d73fb45117277 Miraielf geofenced m68k mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.mips11494a98fb150512d9bfe4961040bf5218816d6ef8ab3aee48fabf37e1f7c460 Miraielf geofenced mips mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.mpsl87e12a203756cd8102da0a2a44c8508dcee94986377e91eba9494825d73a5901 Miraielf geofenced mips mirai opendir ua-wget USA
http://82.221.139.173:3712/bins/systemx64.ppc87414ba748a9a31cd3ba69d4dd662c09295906a554373c80a5e540adf938c562 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://82.221.139.173:3712/bins/systemx64.sh41b5244ed477766385e2feb71fa9c99821a220cdbb7ab774173002d9b4baf73bd Miraielf geofenced mirai opendir SuperH ua-wget USA
http://82.221.139.173:3712/bins/systemx64.spcd714978225984dba91184dae9e885da2275c28f7c2e49898f18d74d041202b8d Miraielf geofenced mirai opendir sparc ua-wget USA
http://82.221.139.173:3712/bins/systemx64.x868c9a145421a24e42f8e493fd3b29d804a50f4e5fcada419dd23bcb4ffa9cf451 Miraielf geofenced mirai opendir ua-wget USA x86
http://82.221.139.173:3712/bins/systemx64.x86_64f1e6640dd2e7a1700e87b180a8afb8d0b26758d3a4b06786b330353a80e7e49d Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/696bfad83dd9d20950586c07/reports/101b95a0-9c3f-41fa-b8e9-ca0dee68301c/overview
Result
Gathering data
Verdict:
Malicious
File Type:
ps1
First seen:
2026-01-17T18:14:00Z UTC
Last seen:
2026-01-18T14:38:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.h HEUR:Backdoor.Linux.Mirai.cw HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/5cc06e90-608d-40e4-b483-acd0a2957d10
Behavior Graph:
Download SVG
%3 guuid=fcc294a3-1700-0000-d7c8-5d5ab20b0000 pid=2994 /usr/bin/sudo guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002 /tmp/sample.bin guuid=fcc294a3-1700-0000-d7c8-5d5ab20b0000 pid=2994->guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002 execve guuid=9b6587a6-1700-0000-d7c8-5d5abc0b0000 pid=3004 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=9b6587a6-1700-0000-d7c8-5d5abc0b0000 pid=3004 execve guuid=da7452bc-1700-0000-d7c8-5d5a030c0000 pid=3075 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=da7452bc-1700-0000-d7c8-5d5a030c0000 pid=3075 execve guuid=84508abc-1700-0000-d7c8-5d5a050c0000 pid=3077 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=84508abc-1700-0000-d7c8-5d5a050c0000 pid=3077 clone guuid=66de9bbc-1700-0000-d7c8-5d5a060c0000 pid=3078 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=66de9bbc-1700-0000-d7c8-5d5a060c0000 pid=3078 execve guuid=b951a2cc-1700-0000-d7c8-5d5a290c0000 pid=3113 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=b951a2cc-1700-0000-d7c8-5d5a290c0000 pid=3113 execve guuid=3ef10ccd-1700-0000-d7c8-5d5a2c0c0000 pid=3116 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=3ef10ccd-1700-0000-d7c8-5d5a2c0c0000 pid=3116 clone guuid=491914cd-1700-0000-d7c8-5d5a2d0c0000 pid=3117 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=491914cd-1700-0000-d7c8-5d5a2d0c0000 pid=3117 execve guuid=7c13cadc-1700-0000-d7c8-5d5a5d0c0000 pid=3165 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=7c13cadc-1700-0000-d7c8-5d5a5d0c0000 pid=3165 execve guuid=49fb0cdd-1700-0000-d7c8-5d5a5f0c0000 pid=3167 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=49fb0cdd-1700-0000-d7c8-5d5a5f0c0000 pid=3167 clone guuid=13f414dd-1700-0000-d7c8-5d5a600c0000 pid=3168 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=13f414dd-1700-0000-d7c8-5d5a600c0000 pid=3168 execve guuid=9dd6e0f2-1700-0000-d7c8-5d5a700c0000 pid=3184 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=9dd6e0f2-1700-0000-d7c8-5d5a700c0000 pid=3184 execve guuid=61ba3cf3-1700-0000-d7c8-5d5a710c0000 pid=3185 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=61ba3cf3-1700-0000-d7c8-5d5a710c0000 pid=3185 clone guuid=c2934bf3-1700-0000-d7c8-5d5a720c0000 pid=3186 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=c2934bf3-1700-0000-d7c8-5d5a720c0000 pid=3186 execve guuid=8a5d8b03-1800-0000-d7c8-5d5a8d0c0000 pid=3213 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=8a5d8b03-1800-0000-d7c8-5d5a8d0c0000 pid=3213 execve guuid=46c9c803-1800-0000-d7c8-5d5a8f0c0000 pid=3215 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=46c9c803-1800-0000-d7c8-5d5a8f0c0000 pid=3215 clone guuid=d57fd103-1800-0000-d7c8-5d5a900c0000 pid=3216 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=d57fd103-1800-0000-d7c8-5d5a900c0000 pid=3216 execve guuid=e6a90d14-1800-0000-d7c8-5d5a9a0c0000 pid=3226 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=e6a90d14-1800-0000-d7c8-5d5a9a0c0000 pid=3226 execve guuid=bd407414-1800-0000-d7c8-5d5a9b0c0000 pid=3227 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=bd407414-1800-0000-d7c8-5d5a9b0c0000 pid=3227 clone guuid=f8d18614-1800-0000-d7c8-5d5a9c0c0000 pid=3228 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=f8d18614-1800-0000-d7c8-5d5a9c0c0000 pid=3228 execve guuid=c3964425-1800-0000-d7c8-5d5ab20c0000 pid=3250 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=c3964425-1800-0000-d7c8-5d5ab20c0000 pid=3250 execve guuid=0ee4e125-1800-0000-d7c8-5d5ab30c0000 pid=3251 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=0ee4e125-1800-0000-d7c8-5d5ab30c0000 pid=3251 clone guuid=b24cfd25-1800-0000-d7c8-5d5ab40c0000 pid=3252 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=b24cfd25-1800-0000-d7c8-5d5ab40c0000 pid=3252 execve guuid=a677873a-1800-0000-d7c8-5d5acf0c0000 pid=3279 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=a677873a-1800-0000-d7c8-5d5acf0c0000 pid=3279 execve guuid=2a40c83a-1800-0000-d7c8-5d5ad10c0000 pid=3281 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=2a40c83a-1800-0000-d7c8-5d5ad10c0000 pid=3281 clone guuid=b674cf3a-1800-0000-d7c8-5d5ad20c0000 pid=3282 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=b674cf3a-1800-0000-d7c8-5d5ad20c0000 pid=3282 execve guuid=45877b4b-1800-0000-d7c8-5d5a000d0000 pid=3328 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=45877b4b-1800-0000-d7c8-5d5a000d0000 pid=3328 execve guuid=7ff0b84b-1800-0000-d7c8-5d5a020d0000 pid=3330 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=7ff0b84b-1800-0000-d7c8-5d5a020d0000 pid=3330 clone guuid=7cb5be4b-1800-0000-d7c8-5d5a030d0000 pid=3331 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=7cb5be4b-1800-0000-d7c8-5d5a030d0000 pid=3331 execve guuid=c942405d-1800-0000-d7c8-5d5a190d0000 pid=3353 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=c942405d-1800-0000-d7c8-5d5a190d0000 pid=3353 execve guuid=de447d5d-1800-0000-d7c8-5d5a1b0d0000 pid=3355 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=de447d5d-1800-0000-d7c8-5d5a1b0d0000 pid=3355 clone guuid=29168d5d-1800-0000-d7c8-5d5a1c0d0000 pid=3356 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=29168d5d-1800-0000-d7c8-5d5a1c0d0000 pid=3356 execve guuid=cba2f96d-1800-0000-d7c8-5d5a430d0000 pid=3395 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=cba2f96d-1800-0000-d7c8-5d5a430d0000 pid=3395 execve guuid=8c9e556e-1800-0000-d7c8-5d5a450d0000 pid=3397 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=8c9e556e-1800-0000-d7c8-5d5a450d0000 pid=3397 clone guuid=b1a1606e-1800-0000-d7c8-5d5a470d0000 pid=3399 /usr/bin/curl net send-data guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=b1a1606e-1800-0000-d7c8-5d5a470d0000 pid=3399 execve guuid=9d62cd81-1800-0000-d7c8-5d5a840d0000 pid=3460 /usr/bin/chmod guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=9d62cd81-1800-0000-d7c8-5d5a840d0000 pid=3460 execve guuid=6bf50b82-1800-0000-d7c8-5d5a860d0000 pid=3462 /usr/bin/dash guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=6bf50b82-1800-0000-d7c8-5d5a860d0000 pid=3462 clone guuid=a49a1a82-1800-0000-d7c8-5d5a870d0000 pid=3463 /usr/bin/rm guuid=e0db47a6-1700-0000-d7c8-5d5aba0b0000 pid=3002->guuid=a49a1a82-1800-0000-d7c8-5d5a870d0000 pid=3463 execve dd1ffe3e-f994-56b1-9da7-b199910e72c2 82.221.139.173:3712 guuid=9b6587a6-1700-0000-d7c8-5d5abc0b0000 pid=3004->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 101B guuid=66de9bbc-1700-0000-d7c8-5d5a060c0000 pid=3078->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=491914cd-1700-0000-d7c8-5d5a2d0c0000 pid=3117->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=13f414dd-1700-0000-d7c8-5d5a600c0000 pid=3168->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=c2934bf3-1700-0000-d7c8-5d5a720c0000 pid=3186->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=d57fd103-1800-0000-d7c8-5d5a900c0000 pid=3216->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=f8d18614-1800-0000-d7c8-5d5a9c0c0000 pid=3228->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 102B guuid=b24cfd25-1800-0000-d7c8-5d5ab40c0000 pid=3252->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 101B guuid=b674cf3a-1800-0000-d7c8-5d5ad20c0000 pid=3282->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 101B guuid=7cb5be4b-1800-0000-d7c8-5d5a030d0000 pid=3331->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 101B guuid=29168d5d-1800-0000-d7c8-5d5a1c0d0000 pid=3356->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 101B guuid=b1a1606e-1800-0000-d7c8-5d5a470d0000 pid=3399->dd1ffe3e-f994-56b1-9da7-b199910e72c2 send: 104B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771/
Verdict:
Malicious
Threat:
Backdoor.Linux.Mirai
Link:
https://tip.neiki.dev/file/f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-17 20:53:21 UTC
AV detection:
9 of 36 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6swn2lzlin56phpvqun5sbz73hfhssi7semrz4asv22tz5fk65yq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260117-z1fx7ads2c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f4acdd2f2b437be79df5851bd9073fd9ca79491f91191cf012aeb53cf4aaf771

(this sample)

elf 01897d616562c8ff38ffd45cb5cfb8d36cd9df94babe736508f777c9e5b90ba7

  
URLhaus
https://urlhaus.abuse.ch/url/3759480/
  
Delivery method
Distributed via web download
  
Dropping
MD5 46d13d3d73db4ab102cf0f150ae150d0
  
Dropping
SHA256 01897d616562c8ff38ffd45cb5cfb8d36cd9df94babe736508f777c9e5b90ba7

Comments