MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813
SHA3-384 hash: 9458c4131583e6e2b50cb84bd655a1294a4a86e62dc8971923d6187d693b70cb49ccf127e8b8fee1b04f113b208ac1fc
SHA1 hash: 4e3d42ebf01b72b62b5a8ea81258e863b83d9ed4
MD5 hash: c0f6231b3f8f2c6dbbde7f9bfc9b4c0e
humanhash: glucose-stream-muppet-single
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:415 bytes
First seen:2025-12-19 11:38:33 UTC
Last seen:2025-12-20 00:52:56 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hMfav+iFnT7vZsdqaIuOA9yDB2/vXUgoDu/oz+Q7ZYLdyr:uivDvZ6Iuz9yd2nXeDuin
TLSH T1BCE068D8205B48D5408C5C6F73B7A00859CA8B8ECE062FF8BCAC70B7A728F04E0C6080
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2243.6471.24907.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69453962e126b9ff4388a377/reports/283f9dd4-5bd4-47a5-95c4-949dffe1e5a1/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-19T08:45:00Z UTC
Last seen:
2025-12-20T01:40:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8ae526f1-200f-4028-91fe-1a7cbae7a892
Behavior Graph:
Download SVG
%3 guuid=ec08b949-1900-0000-d092-ee09480c0000 pid=3144 /usr/bin/sudo guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153 /tmp/sample.bin guuid=ec08b949-1900-0000-d092-ee09480c0000 pid=3144->guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153 execve guuid=6870c34d-1900-0000-d092-ee09540c0000 pid=3156 /usr/bin/rm guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=6870c34d-1900-0000-d092-ee09540c0000 pid=3156 execve guuid=8901124e-1900-0000-d092-ee09550c0000 pid=3157 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=8901124e-1900-0000-d092-ee09550c0000 pid=3157 execve guuid=076c226e-1900-0000-d092-ee09750c0000 pid=3189 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=076c226e-1900-0000-d092-ee09750c0000 pid=3189 execve guuid=d34f5e6e-1900-0000-d092-ee09760c0000 pid=3190 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=d34f5e6e-1900-0000-d092-ee09760c0000 pid=3190 clone guuid=3b2fe56e-1900-0000-d092-ee097a0c0000 pid=3194 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=3b2fe56e-1900-0000-d092-ee097a0c0000 pid=3194 execve guuid=36743d81-1900-0000-d092-ee09930c0000 pid=3219 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=36743d81-1900-0000-d092-ee09930c0000 pid=3219 execve guuid=f6f60082-1900-0000-d092-ee09940c0000 pid=3220 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=f6f60082-1900-0000-d092-ee09940c0000 pid=3220 clone guuid=062fbb82-1900-0000-d092-ee09960c0000 pid=3222 /usr/bin/wget net send-data guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=062fbb82-1900-0000-d092-ee09960c0000 pid=3222 execve guuid=2fba7b8f-1900-0000-d092-ee09a50c0000 pid=3237 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=2fba7b8f-1900-0000-d092-ee09a50c0000 pid=3237 execve guuid=4d43c38f-1900-0000-d092-ee09a60c0000 pid=3238 /mnt/xddf guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=4d43c38f-1900-0000-d092-ee09a60c0000 pid=3238 execve guuid=f8cc6790-1900-0000-d092-ee09aa0c0000 pid=3242 /usr/bin/wget net send-data guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=f8cc6790-1900-0000-d092-ee09aa0c0000 pid=3242 execve guuid=8311709e-1900-0000-d092-ee09be0c0000 pid=3262 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=8311709e-1900-0000-d092-ee09be0c0000 pid=3262 execve guuid=bbb5d39e-1900-0000-d092-ee09bf0c0000 pid=3263 /mnt/xddf guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=bbb5d39e-1900-0000-d092-ee09bf0c0000 pid=3263 execve guuid=4125eaa0-1900-0000-d092-ee09c40c0000 pid=3268 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=4125eaa0-1900-0000-d092-ee09c40c0000 pid=3268 execve guuid=74242ede-1900-0000-d092-ee09220d0000 pid=3362 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=74242ede-1900-0000-d092-ee09220d0000 pid=3362 execve guuid=6d0ed3de-1900-0000-d092-ee09240d0000 pid=3364 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=6d0ed3de-1900-0000-d092-ee09240d0000 pid=3364 clone guuid=0eb2a4e0-1900-0000-d092-ee09270d0000 pid=3367 /usr/bin/wget net send-data guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=0eb2a4e0-1900-0000-d092-ee09270d0000 pid=3367 execve guuid=721fbbee-1900-0000-d092-ee093f0d0000 pid=3391 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=721fbbee-1900-0000-d092-ee093f0d0000 pid=3391 execve guuid=6208f8ee-1900-0000-d092-ee09410d0000 pid=3393 /mnt/xddf guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=6208f8ee-1900-0000-d092-ee09410d0000 pid=3393 execve guuid=a1f01bf0-1900-0000-d092-ee09450d0000 pid=3397 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=a1f01bf0-1900-0000-d092-ee09450d0000 pid=3397 execve guuid=27b2a314-1a00-0000-d092-ee09bb0d0000 pid=3515 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=27b2a314-1a00-0000-d092-ee09bb0d0000 pid=3515 execve guuid=9422ef14-1a00-0000-d092-ee09bc0d0000 pid=3516 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=9422ef14-1a00-0000-d092-ee09bc0d0000 pid=3516 clone guuid=52ea8915-1a00-0000-d092-ee09be0d0000 pid=3518 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=52ea8915-1a00-0000-d092-ee09be0d0000 pid=3518 execve guuid=c8947445-1a00-0000-d092-ee091b0e0000 pid=3611 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=c8947445-1a00-0000-d092-ee091b0e0000 pid=3611 execve guuid=da28e245-1a00-0000-d092-ee091d0e0000 pid=3613 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=da28e245-1a00-0000-d092-ee091d0e0000 pid=3613 clone guuid=d6325847-1a00-0000-d092-ee09220e0000 pid=3618 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=d6325847-1a00-0000-d092-ee09220e0000 pid=3618 execve guuid=f64a85a7-1a00-0000-d092-ee09350f0000 pid=3893 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=f64a85a7-1a00-0000-d092-ee09350f0000 pid=3893 execve guuid=8476cba7-1a00-0000-d092-ee09370f0000 pid=3895 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=8476cba7-1a00-0000-d092-ee09370f0000 pid=3895 clone guuid=0c133daa-1a00-0000-d092-ee093e0f0000 pid=3902 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=0c133daa-1a00-0000-d092-ee093e0f0000 pid=3902 execve guuid=6b542ebd-1a00-0000-d092-ee09760f0000 pid=3958 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=6b542ebd-1a00-0000-d092-ee09760f0000 pid=3958 execve guuid=c04985bd-1a00-0000-d092-ee09790f0000 pid=3961 /usr/bin/dash guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=c04985bd-1a00-0000-d092-ee09790f0000 pid=3961 clone guuid=1da6f1be-1a00-0000-d092-ee09830f0000 pid=3971 /usr/bin/wget net send-data write-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=1da6f1be-1a00-0000-d092-ee09830f0000 pid=3971 execve guuid=27bcbfd8-1a00-0000-d092-ee09eb0f0000 pid=4075 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=27bcbfd8-1a00-0000-d092-ee09eb0f0000 pid=4075 execve guuid=3fa605d9-1a00-0000-d092-ee09ed0f0000 pid=4077 /mnt/xddf delete-file net guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=3fa605d9-1a00-0000-d092-ee09ed0f0000 pid=4077 execve guuid=a4ff2ed9-1a00-0000-d092-ee09f00f0000 pid=4080 /usr/bin/wget net send-data guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=a4ff2ed9-1a00-0000-d092-ee09f00f0000 pid=4080 execve guuid=1a6a90e6-1a00-0000-d092-ee091e100000 pid=4126 /usr/bin/chmod guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=1a6a90e6-1a00-0000-d092-ee091e100000 pid=4126 execve guuid=fe78d1e6-1a00-0000-d092-ee0922100000 pid=4130 /mnt/xddf guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=fe78d1e6-1a00-0000-d092-ee0922100000 pid=4130 execve guuid=3c3aede7-1a00-0000-d092-ee0927100000 pid=4135 /usr/bin/rm delete-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=3c3aede7-1a00-0000-d092-ee0927100000 pid=4135 execve guuid=3f2b45e8-1a00-0000-d092-ee0929100000 pid=4137 /usr/bin/rm delete-file guuid=9d9a624d-1900-0000-d092-ee09510c0000 pid=3153->guuid=3f2b45e8-1a00-0000-d092-ee0929100000 pid=4137 execve 2771000a-6d4c-58b4-8c71-c9e164212eab 45.194.92.12:80 guuid=8901124e-1900-0000-d092-ee09550c0000 pid=3157->2771000a-6d4c-58b4-8c71-c9e164212eab send: 130B guuid=3b2fe56e-1900-0000-d092-ee097a0c0000 pid=3194->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=062fbb82-1900-0000-d092-ee09960c0000 pid=3222->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=f8cc6790-1900-0000-d092-ee09aa0c0000 pid=3242->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=4125eaa0-1900-0000-d092-ee09c40c0000 pid=3268->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=0eb2a4e0-1900-0000-d092-ee09270d0000 pid=3367->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=a1f01bf0-1900-0000-d092-ee09450d0000 pid=3397->2771000a-6d4c-58b4-8c71-c9e164212eab send: 131B guuid=52ea8915-1a00-0000-d092-ee09be0d0000 pid=3518->2771000a-6d4c-58b4-8c71-c9e164212eab send: 133B guuid=d6325847-1a00-0000-d092-ee09220e0000 pid=3618->2771000a-6d4c-58b4-8c71-c9e164212eab send: 132B guuid=0c133daa-1a00-0000-d092-ee093e0f0000 pid=3902->2771000a-6d4c-58b4-8c71-c9e164212eab send: 130B guuid=1da6f1be-1a00-0000-d092-ee09830f0000 pid=3971->2771000a-6d4c-58b4-8c71-c9e164212eab send: 133B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=3fa605d9-1a00-0000-d092-ee09ed0f0000 pid=4077->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ba421ed9-1a00-0000-d092-ee09ef0f0000 pid=4079 /mnt/xddf net zombie guuid=3fa605d9-1a00-0000-d092-ee09ed0f0000 pid=4077->guuid=ba421ed9-1a00-0000-d092-ee09ef0f0000 pid=4079 clone cc15e4a2-7a33-559a-8c1e-35fa9b56e992 45.194.92.12:32122 guuid=ba421ed9-1a00-0000-d092-ee09ef0f0000 pid=4079->cc15e4a2-7a33-559a-8c1e-35fa9b56e992 con guuid=a4ff2ed9-1a00-0000-d092-ee09f00f0000 pid=4080->2771000a-6d4c-58b4-8c71-c9e164212eab send: 134B
Score:
54%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813/
Verdict:
Malicious
Threat:
Family.Mirai
Link:
https://tip.neiki.dev/file/f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813
Threat name:
Script-Shell.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2025-12-19 11:39:18 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6yyzqgrmzqkokj2a6wbai2rvtyf7o2wqcjofrrmhk4mteivuxajq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/251219-nsf3fatjaj/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Mirai
Mirai family
Malware Config
C2 Extraction:
park.cyberium.cc
hoon.cyberium.cc
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f631981a2ccc14e52740f582046a359e0bf76ad0125c58c58757193222b4b813

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3737106/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3737107/

Comments