MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f91e0130c1e55dfd84d38b9865d7ff122e5060c93f33b8063165402c4d9116e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash: f91e0130c1e55dfd84d38b9865d7ff122e5060c93f33b8063165402c4d9116e4
SHA3-384 hash: e6105c7a6010330fc55bcf970b1dbca4f3903ef02bcfb976d05af9c6c1b1d92a0133ec22c5282b1d61e41a92d1d815e0
SHA1 hash: 12ad4b1f67a604fd0470d21c36665869cbb4d29b
MD5 hash: 471150356fa95fee7371f34a15fd6a80
humanhash: gee-bulldog-ink-black
File name:1.sh
Download: download sample
Signature Mirai
File size:3'314 bytes
First seen:2026-07-02 23:02:03 UTC
Last seen:2026-07-03 13:13:04 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 96:i2Jk2q62rw26q2YH22QG2HE2VU2YEL2x82GK2qi2GaGwo2zI2+J7:RJDqpr365YHdQNHjVTY9x7GZqRnXzP+V
TLSH T1F06172C6204A83F66FB95DD322BFC8193082E49E10CE5E4D98E974B5F98CF49353C6A1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://167.99.95.139/pelerberjembud/peler.x86d48778d84bbbcf966a3f265aee449f5c011211a119de831bd030c6b990662f9a Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.mips658b94e551e0fe40717a08ca625ed49ae9cf5aa1f0be052b00bd3911169cfc58 Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.arc6fc10755963ee12d3be026ca4829d5a0fe6c92b7236cf5b836a0e81d3e56fa73 Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.i468n/an/acensys elf ua-wget
http://167.99.95.139/pelerberjembud/peler.i686139228accc9803603d54a34cf75e9251dee52dc7bd5a91d871e76d092f9c68b6 Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.x86_645331001f9e39019ebf6d7004a8dfc3aeef4c7ff753cf3ee4e47fc273bb5d842c Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.mpsl85f219d3cde670a8a58d12bca0565a0f02d8f7184da32e4515572198582c05cd Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.arm91e1d93bcd43bda9e44da5038567aff744afd2a9cec546aea9de16d5d1dcf8bb Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.arm5cd6413b80635379dc01476aafa4a8ccf68c603effe50e94df647bdb55568f90d Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.arm6c49cea6913d1bef8fcd6ad12e05e2d9a99e099ac3c6c96e32573c527579d210b Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.arm7e90bf77107275cf9e998b408da2634b6f3267aa4d04be7e48c4be9bf4b276ece Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.ppc86a17bc49df6dd76226a6b0666982ab05767f2efcea5b0d65f86bb59711e5b06 Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.spcb849d71d6ea3348cfb905a2c1212e44ad2aaae4694c106e1e1f1da188992c66a Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.m68kedc05ae1f7041b97885f6ef49c9aca60e93047dd49729d8896d64093da7f09b7 Miraicensys elf mirai ua-wget
http://167.99.95.139/pelerberjembud/peler.sh4b3551a25bd8dda176ce69119b6512959f7210634f6ffa3e029604b09811c9bb5 Miraicensys elf mirai ua-wget

Intelligence


File Origin
# of uploads :
3
# of downloads :
60
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-07-02T20:08:00Z UTC
Last seen:
2026-07-03T12:58:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=53dbae56-1f00-0000-a3a7-f1c682120000 pid=4738 /usr/bin/sudo guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747 /tmp/sample.bin guuid=53dbae56-1f00-0000-a3a7-f1c682120000 pid=4738->guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747 execve guuid=23c85359-1f00-0000-a3a7-f1c68e120000 pid=4750 /usr/bin/cp guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=23c85359-1f00-0000-a3a7-f1c68e120000 pid=4750 execve guuid=22fe135f-1f00-0000-a3a7-f1c69d120000 pid=4765 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=22fe135f-1f00-0000-a3a7-f1c69d120000 pid=4765 execve guuid=e934d765-1f00-0000-a3a7-f1c6b3120000 pid=4787 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=e934d765-1f00-0000-a3a7-f1c6b3120000 pid=4787 execve guuid=0eb88575-1f00-0000-a3a7-f1c6d9120000 pid=4825 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=0eb88575-1f00-0000-a3a7-f1c6d9120000 pid=4825 execve guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827 /tmp/peler.x86 net guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827 execve guuid=3878d7a3-2000-0000-a3a7-f1c64c140000 pid=5196 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=3878d7a3-2000-0000-a3a7-f1c64c140000 pid=5196 execve guuid=7f604ca4-2000-0000-a3a7-f1c64d140000 pid=5197 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=7f604ca4-2000-0000-a3a7-f1c64d140000 pid=5197 execve guuid=9258ceab-2000-0000-a3a7-f1c64e140000 pid=5198 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=9258ceab-2000-0000-a3a7-f1c64e140000 pid=5198 execve guuid=966f0cb7-2000-0000-a3a7-f1c64f140000 pid=5199 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=966f0cb7-2000-0000-a3a7-f1c64f140000 pid=5199 execve guuid=88828db7-2000-0000-a3a7-f1c650140000 pid=5200 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=88828db7-2000-0000-a3a7-f1c650140000 pid=5200 clone guuid=b7f7f9b8-2000-0000-a3a7-f1c652140000 pid=5202 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=b7f7f9b8-2000-0000-a3a7-f1c652140000 pid=5202 execve guuid=bb5cadbc-2000-0000-a3a7-f1c653140000 pid=5203 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=bb5cadbc-2000-0000-a3a7-f1c653140000 pid=5203 execve guuid=40f865c4-2000-0000-a3a7-f1c654140000 pid=5204 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=40f865c4-2000-0000-a3a7-f1c654140000 pid=5204 execve guuid=60a6a2cd-2000-0000-a3a7-f1c655140000 pid=5205 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=60a6a2cd-2000-0000-a3a7-f1c655140000 pid=5205 execve guuid=40a405ce-2000-0000-a3a7-f1c656140000 pid=5206 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=40a405ce-2000-0000-a3a7-f1c656140000 pid=5206 clone guuid=32810dcf-2000-0000-a3a7-f1c658140000 pid=5208 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=32810dcf-2000-0000-a3a7-f1c658140000 pid=5208 execve guuid=666982cf-2000-0000-a3a7-f1c659140000 pid=5209 /usr/bin/wget net send-data guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=666982cf-2000-0000-a3a7-f1c659140000 pid=5209 execve guuid=8869bdd3-2000-0000-a3a7-f1c65a140000 pid=5210 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=8869bdd3-2000-0000-a3a7-f1c65a140000 pid=5210 execve guuid=cc395bda-2000-0000-a3a7-f1c65b140000 pid=5211 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=cc395bda-2000-0000-a3a7-f1c65b140000 pid=5211 execve guuid=bdb826db-2000-0000-a3a7-f1c65c140000 pid=5212 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=bdb826db-2000-0000-a3a7-f1c65c140000 pid=5212 clone guuid=236d62db-2000-0000-a3a7-f1c65d140000 pid=5213 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=236d62db-2000-0000-a3a7-f1c65d140000 pid=5213 execve guuid=dfe402dd-2000-0000-a3a7-f1c65e140000 pid=5214 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=dfe402dd-2000-0000-a3a7-f1c65e140000 pid=5214 execve guuid=86e663e3-2000-0000-a3a7-f1c65f140000 pid=5215 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=86e663e3-2000-0000-a3a7-f1c65f140000 pid=5215 execve guuid=24b089e9-2000-0000-a3a7-f1c660140000 pid=5216 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=24b089e9-2000-0000-a3a7-f1c660140000 pid=5216 execve guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217 /tmp/peler.i686 net guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217 execve guuid=edfd4a17-2200-0000-a3a7-f1c66e140000 pid=5230 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=edfd4a17-2200-0000-a3a7-f1c66e140000 pid=5230 execve guuid=10609018-2200-0000-a3a7-f1c66f140000 pid=5231 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=10609018-2200-0000-a3a7-f1c66f140000 pid=5231 execve guuid=f5a08933-2200-0000-a3a7-f1c670140000 pid=5232 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=f5a08933-2200-0000-a3a7-f1c670140000 pid=5232 execve guuid=5c3bff3f-2200-0000-a3a7-f1c671140000 pid=5233 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=5c3bff3f-2200-0000-a3a7-f1c671140000 pid=5233 execve guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234 /tmp/peler.x86_64 mprotect-exec net guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234 execve guuid=b34e786d-2300-0000-a3a7-f1c698140000 pid=5272 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=b34e786d-2300-0000-a3a7-f1c698140000 pid=5272 execve guuid=87a5226e-2300-0000-a3a7-f1c699140000 pid=5273 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=87a5226e-2300-0000-a3a7-f1c699140000 pid=5273 execve guuid=b185bead-2300-0000-a3a7-f1c69a140000 pid=5274 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=b185bead-2300-0000-a3a7-f1c69a140000 pid=5274 execve guuid=7cc47ad0-2300-0000-a3a7-f1c69b140000 pid=5275 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=7cc47ad0-2300-0000-a3a7-f1c69b140000 pid=5275 execve guuid=8f5adad0-2300-0000-a3a7-f1c69c140000 pid=5276 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=8f5adad0-2300-0000-a3a7-f1c69c140000 pid=5276 clone guuid=45a8c1d1-2300-0000-a3a7-f1c69e140000 pid=5278 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=45a8c1d1-2300-0000-a3a7-f1c69e140000 pid=5278 execve guuid=d70a1bd2-2300-0000-a3a7-f1c69f140000 pid=5279 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=d70a1bd2-2300-0000-a3a7-f1c69f140000 pid=5279 execve guuid=ae3da9f0-2300-0000-a3a7-f1c6a0140000 pid=5280 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=ae3da9f0-2300-0000-a3a7-f1c6a0140000 pid=5280 execve guuid=5ad2800b-2400-0000-a3a7-f1c6a1140000 pid=5281 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=5ad2800b-2400-0000-a3a7-f1c6a1140000 pid=5281 execve guuid=7331460c-2400-0000-a3a7-f1c6a2140000 pid=5282 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=7331460c-2400-0000-a3a7-f1c6a2140000 pid=5282 clone guuid=cdfb910d-2400-0000-a3a7-f1c6a4140000 pid=5284 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=cdfb910d-2400-0000-a3a7-f1c6a4140000 pid=5284 execve guuid=e1842e0e-2400-0000-a3a7-f1c6a5140000 pid=5285 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=e1842e0e-2400-0000-a3a7-f1c6a5140000 pid=5285 execve guuid=07a1441e-2400-0000-a3a7-f1c6a6140000 pid=5286 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=07a1441e-2400-0000-a3a7-f1c6a6140000 pid=5286 execve guuid=16212f29-2400-0000-a3a7-f1c6a7140000 pid=5287 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=16212f29-2400-0000-a3a7-f1c6a7140000 pid=5287 execve guuid=516bee29-2400-0000-a3a7-f1c6a8140000 pid=5288 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=516bee29-2400-0000-a3a7-f1c6a8140000 pid=5288 clone guuid=896d222b-2400-0000-a3a7-f1c6aa140000 pid=5290 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=896d222b-2400-0000-a3a7-f1c6aa140000 pid=5290 execve guuid=cadad82b-2400-0000-a3a7-f1c6ab140000 pid=5291 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=cadad82b-2400-0000-a3a7-f1c6ab140000 pid=5291 execve guuid=9e243d3a-2400-0000-a3a7-f1c6ac140000 pid=5292 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=9e243d3a-2400-0000-a3a7-f1c6ac140000 pid=5292 execve guuid=90722f49-2400-0000-a3a7-f1c6ad140000 pid=5293 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=90722f49-2400-0000-a3a7-f1c6ad140000 pid=5293 execve guuid=6e84d749-2400-0000-a3a7-f1c6ae140000 pid=5294 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=6e84d749-2400-0000-a3a7-f1c6ae140000 pid=5294 clone guuid=489c194b-2400-0000-a3a7-f1c6b0140000 pid=5296 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=489c194b-2400-0000-a3a7-f1c6b0140000 pid=5296 execve guuid=96cd504d-2400-0000-a3a7-f1c6b1140000 pid=5297 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=96cd504d-2400-0000-a3a7-f1c6b1140000 pid=5297 execve guuid=71864355-2400-0000-a3a7-f1c6b2140000 pid=5298 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=71864355-2400-0000-a3a7-f1c6b2140000 pid=5298 execve guuid=d5076f5d-2400-0000-a3a7-f1c6b3140000 pid=5299 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=d5076f5d-2400-0000-a3a7-f1c6b3140000 pid=5299 execve guuid=360a0d5e-2400-0000-a3a7-f1c6b4140000 pid=5300 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=360a0d5e-2400-0000-a3a7-f1c6b4140000 pid=5300 clone guuid=ec0e525f-2400-0000-a3a7-f1c6b6140000 pid=5302 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=ec0e525f-2400-0000-a3a7-f1c6b6140000 pid=5302 execve guuid=4afff15f-2400-0000-a3a7-f1c6b7140000 pid=5303 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=4afff15f-2400-0000-a3a7-f1c6b7140000 pid=5303 execve guuid=f7ecfc66-2400-0000-a3a7-f1c6b8140000 pid=5304 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=f7ecfc66-2400-0000-a3a7-f1c6b8140000 pid=5304 execve guuid=ffbfc16e-2400-0000-a3a7-f1c6b9140000 pid=5305 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=ffbfc16e-2400-0000-a3a7-f1c6b9140000 pid=5305 execve guuid=eb61316f-2400-0000-a3a7-f1c6ba140000 pid=5306 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=eb61316f-2400-0000-a3a7-f1c6ba140000 pid=5306 clone guuid=20bb7370-2400-0000-a3a7-f1c6bc140000 pid=5308 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=20bb7370-2400-0000-a3a7-f1c6bc140000 pid=5308 execve guuid=ec820b71-2400-0000-a3a7-f1c6bd140000 pid=5309 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=ec820b71-2400-0000-a3a7-f1c6bd140000 pid=5309 execve guuid=aff81d79-2400-0000-a3a7-f1c6be140000 pid=5310 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=aff81d79-2400-0000-a3a7-f1c6be140000 pid=5310 execve guuid=53391882-2400-0000-a3a7-f1c6bf140000 pid=5311 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=53391882-2400-0000-a3a7-f1c6bf140000 pid=5311 execve guuid=7c41a482-2400-0000-a3a7-f1c6c0140000 pid=5312 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=7c41a482-2400-0000-a3a7-f1c6c0140000 pid=5312 clone guuid=88eef983-2400-0000-a3a7-f1c6c2140000 pid=5314 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=88eef983-2400-0000-a3a7-f1c6c2140000 pid=5314 execve guuid=8fbca984-2400-0000-a3a7-f1c6c3140000 pid=5315 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=8fbca984-2400-0000-a3a7-f1c6c3140000 pid=5315 execve guuid=a99c178d-2400-0000-a3a7-f1c6c4140000 pid=5316 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=a99c178d-2400-0000-a3a7-f1c6c4140000 pid=5316 execve guuid=530ab395-2400-0000-a3a7-f1c6c5140000 pid=5317 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=530ab395-2400-0000-a3a7-f1c6c5140000 pid=5317 execve guuid=13df2296-2400-0000-a3a7-f1c6c6140000 pid=5318 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=13df2296-2400-0000-a3a7-f1c6c6140000 pid=5318 clone guuid=1d20de96-2400-0000-a3a7-f1c6c8140000 pid=5320 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=1d20de96-2400-0000-a3a7-f1c6c8140000 pid=5320 execve guuid=7ad03697-2400-0000-a3a7-f1c6c9140000 pid=5321 /usr/bin/wget net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=7ad03697-2400-0000-a3a7-f1c6c9140000 pid=5321 execve guuid=c88f399d-2400-0000-a3a7-f1c6ca140000 pid=5322 /usr/bin/curl net send-data write-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=c88f399d-2400-0000-a3a7-f1c6ca140000 pid=5322 execve guuid=2e95eea3-2400-0000-a3a7-f1c6cb140000 pid=5323 /usr/bin/chmod guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=2e95eea3-2400-0000-a3a7-f1c6cb140000 pid=5323 execve guuid=c0223ba4-2400-0000-a3a7-f1c6cc140000 pid=5324 /usr/bin/bash guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=c0223ba4-2400-0000-a3a7-f1c6cc140000 pid=5324 clone guuid=e804e8a4-2400-0000-a3a7-f1c6ce140000 pid=5326 /usr/bin/rm delete-file guuid=dc02df58-1f00-0000-a3a7-f1c68b120000 pid=4747->guuid=e804e8a4-2400-0000-a3a7-f1c6ce140000 pid=5326 execve e08edbe4-7b76-5e07-aecc-d17598894964 167.99.95.139:80 guuid=22fe135f-1f00-0000-a3a7-f1c69d120000 pid=4765->e08edbe4-7b76-5e07-aecc-d17598894964 send: 152B guuid=e934d765-1f00-0000-a3a7-f1c6b3120000 pid=4787->e08edbe4-7b76-5e07-aecc-d17598894964 send: 101B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=48ec7776-1f00-0000-a3a7-f1c6de120000 pid=4830 /tmp/peler.x86 guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827->guuid=48ec7776-1f00-0000-a3a7-f1c6de120000 pid=4830 clone guuid=d34db6a3-2000-0000-a3a7-f1c64a140000 pid=5194 /tmp/peler.x86 guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827->guuid=d34db6a3-2000-0000-a3a7-f1c64a140000 pid=5194 clone guuid=d6cfbfa3-2000-0000-a3a7-f1c64b140000 pid=5195 /tmp/peler.x86 net send-data zombie guuid=e6e1f975-1f00-0000-a3a7-f1c6db120000 pid=4827->guuid=d6cfbfa3-2000-0000-a3a7-f1c64b140000 pid=5195 clone guuid=73468976-1f00-0000-a3a7-f1c6df120000 pid=4831 /tmp/peler.x86 guuid=48ec7776-1f00-0000-a3a7-f1c6de120000 pid=4830->guuid=73468976-1f00-0000-a3a7-f1c6df120000 pid=4831 clone guuid=41a88f76-1f00-0000-a3a7-f1c6e0120000 pid=4832 /tmp/peler.x86 dns net send-data zombie guuid=48ec7776-1f00-0000-a3a7-f1c6de120000 pid=4830->guuid=41a88f76-1f00-0000-a3a7-f1c6e0120000 pid=4832 clone guuid=41a88f76-1f00-0000-a3a7-f1c6e0120000 pid=4832->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 39B 81e05ca1-d62a-544e-9d02-e06c70d94818 anakkontolmemek.my.id:69 guuid=41a88f76-1f00-0000-a3a7-f1c6e0120000 pid=4832->81e05ca1-d62a-544e-9d02-e06c70d94818 send: 19B guuid=d6cfbfa3-2000-0000-a3a7-f1c64b140000 pid=5195->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 975B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=d6cfbfa3-2000-0000-a3a7-f1c64b140000 pid=5195->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 4B 2004513b-0af5-5123-b167-c683a1269c49 anakkontolmemek.my.id:80 guuid=7f604ca4-2000-0000-a3a7-f1c64d140000 pid=5197->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=9258ceab-2000-0000-a3a7-f1c64e140000 pid=5198->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=bb5cadbc-2000-0000-a3a7-f1c653140000 pid=5203->2004513b-0af5-5123-b167-c683a1269c49 send: 152B guuid=40f865c4-2000-0000-a3a7-f1c654140000 pid=5204->2004513b-0af5-5123-b167-c683a1269c49 send: 101B guuid=666982cf-2000-0000-a3a7-f1c659140000 pid=5209->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=8869bdd3-2000-0000-a3a7-f1c65a140000 pid=5210->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=dfe402dd-2000-0000-a3a7-f1c65e140000 pid=5214->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=86e663e3-2000-0000-a3a7-f1c65f140000 pid=5215->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9cc82eea-2000-0000-a3a7-f1c662140000 pid=5218 /tmp/peler.i686 guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217->guuid=9cc82eea-2000-0000-a3a7-f1c662140000 pid=5218 clone guuid=75db1f17-2200-0000-a3a7-f1c66c140000 pid=5228 /tmp/peler.i686 guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217->guuid=75db1f17-2200-0000-a3a7-f1c66c140000 pid=5228 clone guuid=23493117-2200-0000-a3a7-f1c66d140000 pid=5229 /tmp/peler.i686 net send-data zombie guuid=ed72d6e9-2000-0000-a3a7-f1c661140000 pid=5217->guuid=23493117-2200-0000-a3a7-f1c66d140000 pid=5229 clone guuid=e8563aea-2000-0000-a3a7-f1c663140000 pid=5219 /tmp/peler.i686 guuid=9cc82eea-2000-0000-a3a7-f1c662140000 pid=5218->guuid=e8563aea-2000-0000-a3a7-f1c663140000 pid=5219 clone guuid=2ddf41ea-2000-0000-a3a7-f1c664140000 pid=5220 /tmp/peler.i686 dns net send-data zombie guuid=9cc82eea-2000-0000-a3a7-f1c662140000 pid=5218->guuid=2ddf41ea-2000-0000-a3a7-f1c664140000 pid=5220 clone guuid=2ddf41ea-2000-0000-a3a7-f1c664140000 pid=5220->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 39B guuid=2ddf41ea-2000-0000-a3a7-f1c664140000 pid=5220->81e05ca1-d62a-544e-9d02-e06c70d94818 send: 20B guuid=23493117-2200-0000-a3a7-f1c66d140000 pid=5229->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 975B guuid=23493117-2200-0000-a3a7-f1c66d140000 pid=5229->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=10609018-2200-0000-a3a7-f1c66f140000 pid=5231->2004513b-0af5-5123-b167-c683a1269c49 send: 155B guuid=f5a08933-2200-0000-a3a7-f1c670140000 pid=5232->2004513b-0af5-5123-b167-c683a1269c49 send: 104B guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1eb5b241-2200-0000-a3a7-f1c673140000 pid=5235 /tmp/peler.x86_64 guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234->guuid=1eb5b241-2200-0000-a3a7-f1c673140000 pid=5235 clone guuid=5f524e6d-2300-0000-a3a7-f1c696140000 pid=5270 /tmp/peler.x86_64 guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234->guuid=5f524e6d-2300-0000-a3a7-f1c696140000 pid=5270 clone guuid=a57d5b6d-2300-0000-a3a7-f1c697140000 pid=5271 /tmp/peler.x86_64 dns net send-data zombie guuid=18bbf540-2200-0000-a3a7-f1c672140000 pid=5234->guuid=a57d5b6d-2300-0000-a3a7-f1c697140000 pid=5271 clone guuid=7b49cd41-2200-0000-a3a7-f1c674140000 pid=5236 /tmp/peler.x86_64 guuid=1eb5b241-2200-0000-a3a7-f1c673140000 pid=5235->guuid=7b49cd41-2200-0000-a3a7-f1c674140000 pid=5236 clone guuid=5210e241-2200-0000-a3a7-f1c675140000 pid=5237 /tmp/peler.x86_64 dns net send-data zombie guuid=1eb5b241-2200-0000-a3a7-f1c673140000 pid=5235->guuid=5210e241-2200-0000-a3a7-f1c675140000 pid=5237 clone guuid=5210e241-2200-0000-a3a7-f1c675140000 pid=5237->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 39B guuid=5210e241-2200-0000-a3a7-f1c675140000 pid=5237->81e05ca1-d62a-544e-9d02-e06c70d94818 send: 20B guuid=a57d5b6d-2300-0000-a3a7-f1c697140000 pid=5271->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 39B guuid=a57d5b6d-2300-0000-a3a7-f1c697140000 pid=5271->81e05ca1-d62a-544e-9d02-e06c70d94818 send: 20B guuid=87a5226e-2300-0000-a3a7-f1c699140000 pid=5273->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=b185bead-2300-0000-a3a7-f1c69a140000 pid=5274->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=d70a1bd2-2300-0000-a3a7-f1c69f140000 pid=5279->2004513b-0af5-5123-b167-c683a1269c49 send: 152B guuid=ae3da9f0-2300-0000-a3a7-f1c6a0140000 pid=5280->2004513b-0af5-5123-b167-c683a1269c49 send: 101B guuid=e1842e0e-2400-0000-a3a7-f1c6a5140000 pid=5285->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=07a1441e-2400-0000-a3a7-f1c6a6140000 pid=5286->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=cadad82b-2400-0000-a3a7-f1c6ab140000 pid=5291->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=9e243d3a-2400-0000-a3a7-f1c6ac140000 pid=5292->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=96cd504d-2400-0000-a3a7-f1c6b1140000 pid=5297->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=71864355-2400-0000-a3a7-f1c6b2140000 pid=5298->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=4afff15f-2400-0000-a3a7-f1c6b7140000 pid=5303->2004513b-0af5-5123-b167-c683a1269c49 send: 152B guuid=f7ecfc66-2400-0000-a3a7-f1c6b8140000 pid=5304->2004513b-0af5-5123-b167-c683a1269c49 send: 101B guuid=ec820b71-2400-0000-a3a7-f1c6bd140000 pid=5309->2004513b-0af5-5123-b167-c683a1269c49 send: 152B guuid=aff81d79-2400-0000-a3a7-f1c6be140000 pid=5310->2004513b-0af5-5123-b167-c683a1269c49 send: 101B guuid=8fbca984-2400-0000-a3a7-f1c6c3140000 pid=5315->2004513b-0af5-5123-b167-c683a1269c49 send: 153B guuid=a99c178d-2400-0000-a3a7-f1c6c4140000 pid=5316->2004513b-0af5-5123-b167-c683a1269c49 send: 102B guuid=7ad03697-2400-0000-a3a7-f1c6c9140000 pid=5321->2004513b-0af5-5123-b167-c683a1269c49 send: 152B guuid=c88f399d-2400-0000-a3a7-f1c6ca140000 pid=5322->2004513b-0af5-5123-b167-c683a1269c49 send: 101B
Threat name:
Linux.Downloader.Medusa
Status:
Malicious
First seen:
2026-07-02 23:05:17 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Result
Malware family:
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Family: Mirai
Malware Config
C2 Extraction:
anakkontolmemek.my.id
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f91e0130c1e55dfd84d38b9865d7ff122e5060c93f33b8063165402c4d9116e4

(this sample)

  
Delivery method
Distributed via web download

Comments