MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9e91a2fcffaeae978fa7abf8bdcb7ee79270f97385e22d70e7182a969af1fac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: f9e91a2fcffaeae978fa7abf8bdcb7ee79270f97385e22d70e7182a969af1fac
SHA3-384 hash: 049e9800c51aeb0c2d32d86b458778efd079a3125202b3a1bd1b40ee8b28c7a039706bc9a5a82308476b4d9998437a16
SHA1 hash: 8fb80d087a8c9e32c81f840c6ddc2e9534696a60
MD5 hash: 19ced1d7327f0765143624b000a507fd
humanhash: beer-floor-golf-carolina
File name:Ciabins.sh
Download: download sample
Signature Mirai
File size:1'790 bytes
First seen:2026-07-03 08:14:48 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vtgtRutQtnYtMrt/dratX/st0totcttutctAtb:vmbuOuyr1laRU6uiuy2J
TLSH T11531A6C721924DB03EE1E96B36AD494135C5F5C751DBEF996CED38E950CED08B804A83
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.183.232.247/MIPSa3e695c3a15b52b59c86875a9a5c47c0f932186b8433bb70ab4aa6c72ba58e3b Miraielf gafgyt mips opendir ua-wget
http://94.183.232.247/MIPSELa34d7aa860ddd60d571be3eb9b0c0a75a00d76a7285892ae66eaf3d25a00f5df Miraielf mips mirai opendir ua-wget
http://94.183.232.247/SH45b4faea96a95e9d448af8710a08e959eb6c0e01af9af630f50ec8417f6440eab Miraielf gafgyt mirai opendir SuperH ua-wget
http://94.183.232.247/X86_64ab46c8b82f74508dc98679d5fed21e8a8c0b4ada2c43b061d0e9cc0c43f6f873 Miraielf gafgyt mirai opendir ua-wget x86
http://94.183.232.247/I686c1af9c6d656ba5b94c4a5a4f3e0bf58fa507df0a92772fa2242c67e5ba543277 Miraielf gafgyt mirai opendir ua-wget x86
http://94.183.232.247/POWERPCd4a49f70b86d27a9b2f29d1874bc1407d38d98ef93267a52775948079fb96f13 Miraielf gafgyt mirai opendir PowerPC ua-wget
http://94.183.232.247/I58603fb4001144fb24d6a64758f6ab009920437b136a83c9be4d843b4b472adea65 Miraielf gafgyt mirai opendir ua-wget x86
http://94.183.232.247/M68K0def7dd8ebcc861d03142a1ef526d92eda15719f2c16733e4282fabdfbd22e14 Miraielf m68k mirai opendir ua-wget
http://94.183.232.247/SPARC496e34b70c8099e6af1332ab836a1a6eb70755dbe4e36b4417095f1fbc3be900 Miraielf gafgyt mirai opendir sparc ua-wget
http://94.183.232.247/ARMV4L8395641e48805249d1146bb87ea1ac3af90de2edd74f6604b37a10e2bdc01fe2 Miraiarm elf gafgyt mirai opendir ua-wget
http://94.183.232.247/ARMV5L334e740f01b9db15c709c92ca07b32d8a9ad1d68468d8c2796c93eb4da51a8b8 Miraiarm elf gafgyt mirai opendir ua-wget
http://94.183.232.247/ARMV6La1e468b77bab8faa8f6e42c37dd0c8f6556e5c529273118f67c6150fbd96c921 Miraiarm elf mirai opendir ua-wget
http://94.183.232.247/ARMV7L057616d19a4b1aee1ae505a4c7ed0ba7974db4bd3fab3589982fa31fd9877820 Miraibotnet mirai
http://94.183.232.247/ARCn/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
58
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
Script
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=be22e99e-1e00-0000-c223-56d15b140000 pid=5211 /usr/bin/sudo guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212 /tmp/sample.bin guuid=be22e99e-1e00-0000-c223-56d15b140000 pid=5211->guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212 execve guuid=e9cf1ba1-1e00-0000-c223-56d15d140000 pid=5213 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=e9cf1ba1-1e00-0000-c223-56d15d140000 pid=5213 execve guuid=61c673cb-1e00-0000-c223-56d15e140000 pid=5214 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=61c673cb-1e00-0000-c223-56d15e140000 pid=5214 execve guuid=8761f3cb-1e00-0000-c223-56d15f140000 pid=5215 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=8761f3cb-1e00-0000-c223-56d15f140000 pid=5215 clone guuid=e258dacc-1e00-0000-c223-56d161140000 pid=5217 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=e258dacc-1e00-0000-c223-56d161140000 pid=5217 execve guuid=7da752cd-1e00-0000-c223-56d162140000 pid=5218 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=7da752cd-1e00-0000-c223-56d162140000 pid=5218 execve guuid=b32d9af7-1e00-0000-c223-56d163140000 pid=5219 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=b32d9af7-1e00-0000-c223-56d163140000 pid=5219 execve guuid=c372eff7-1e00-0000-c223-56d164140000 pid=5220 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=c372eff7-1e00-0000-c223-56d164140000 pid=5220 clone guuid=f8cb8ff8-1e00-0000-c223-56d166140000 pid=5222 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=f8cb8ff8-1e00-0000-c223-56d166140000 pid=5222 execve guuid=56e3e1f8-1e00-0000-c223-56d167140000 pid=5223 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=56e3e1f8-1e00-0000-c223-56d167140000 pid=5223 execve guuid=30bdbe1d-1f00-0000-c223-56d168140000 pid=5224 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=30bdbe1d-1f00-0000-c223-56d168140000 pid=5224 execve guuid=4014051e-1f00-0000-c223-56d169140000 pid=5225 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=4014051e-1f00-0000-c223-56d169140000 pid=5225 clone guuid=1d49991e-1f00-0000-c223-56d16b140000 pid=5227 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=1d49991e-1f00-0000-c223-56d16b140000 pid=5227 execve guuid=36b2e41e-1f00-0000-c223-56d16c140000 pid=5228 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=36b2e41e-1f00-0000-c223-56d16c140000 pid=5228 execve guuid=314c1143-1f00-0000-c223-56d16d140000 pid=5229 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=314c1143-1f00-0000-c223-56d16d140000 pid=5229 execve guuid=9751ae43-1f00-0000-c223-56d16e140000 pid=5230 /tmp/X86_64 net guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=9751ae43-1f00-0000-c223-56d16e140000 pid=5230 execve guuid=4e5a1e44-1f00-0000-c223-56d173140000 pid=5235 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=4e5a1e44-1f00-0000-c223-56d173140000 pid=5235 execve guuid=2275a744-1f00-0000-c223-56d175140000 pid=5237 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=2275a744-1f00-0000-c223-56d175140000 pid=5237 execve guuid=828ebe67-1f00-0000-c223-56d176140000 pid=5238 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=828ebe67-1f00-0000-c223-56d176140000 pid=5238 execve guuid=e3542268-1f00-0000-c223-56d177140000 pid=5239 /tmp/I686 net guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=e3542268-1f00-0000-c223-56d177140000 pid=5239 execve guuid=1609ea6b-1f00-0000-c223-56d17d140000 pid=5245 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=1609ea6b-1f00-0000-c223-56d17d140000 pid=5245 execve guuid=9286d46e-1f00-0000-c223-56d17e140000 pid=5246 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=9286d46e-1f00-0000-c223-56d17e140000 pid=5246 execve guuid=f73f1b94-1f00-0000-c223-56d17f140000 pid=5247 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=f73f1b94-1f00-0000-c223-56d17f140000 pid=5247 execve guuid=72666494-1f00-0000-c223-56d180140000 pid=5248 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=72666494-1f00-0000-c223-56d180140000 pid=5248 clone guuid=687fff94-1f00-0000-c223-56d182140000 pid=5250 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=687fff94-1f00-0000-c223-56d182140000 pid=5250 execve guuid=808dad95-1f00-0000-c223-56d183140000 pid=5251 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=808dad95-1f00-0000-c223-56d183140000 pid=5251 execve guuid=8a4d8cb8-1f00-0000-c223-56d184140000 pid=5252 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=8a4d8cb8-1f00-0000-c223-56d184140000 pid=5252 execve guuid=8d0bf8b8-1f00-0000-c223-56d185140000 pid=5253 /tmp/I586 net guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=8d0bf8b8-1f00-0000-c223-56d185140000 pid=5253 execve guuid=9f971abd-1f00-0000-c223-56d18d140000 pid=5261 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=9f971abd-1f00-0000-c223-56d18d140000 pid=5261 execve guuid=bc386abd-1f00-0000-c223-56d18e140000 pid=5262 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=bc386abd-1f00-0000-c223-56d18e140000 pid=5262 execve guuid=ccad4ee3-1f00-0000-c223-56d191140000 pid=5265 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=ccad4ee3-1f00-0000-c223-56d191140000 pid=5265 execve guuid=ef8698e3-1f00-0000-c223-56d192140000 pid=5266 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=ef8698e3-1f00-0000-c223-56d192140000 pid=5266 clone guuid=58c54fe4-1f00-0000-c223-56d194140000 pid=5268 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=58c54fe4-1f00-0000-c223-56d194140000 pid=5268 execve guuid=b4c2ade4-1f00-0000-c223-56d195140000 pid=5269 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=b4c2ade4-1f00-0000-c223-56d195140000 pid=5269 execve guuid=a1cc6b0b-2000-0000-c223-56d196140000 pid=5270 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=a1cc6b0b-2000-0000-c223-56d196140000 pid=5270 execve guuid=7b31e00b-2000-0000-c223-56d197140000 pid=5271 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=7b31e00b-2000-0000-c223-56d197140000 pid=5271 clone guuid=aada7f0c-2000-0000-c223-56d199140000 pid=5273 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=aada7f0c-2000-0000-c223-56d199140000 pid=5273 execve guuid=ce65ce0c-2000-0000-c223-56d19a140000 pid=5274 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=ce65ce0c-2000-0000-c223-56d19a140000 pid=5274 execve guuid=c7dec632-2000-0000-c223-56d19d140000 pid=5277 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=c7dec632-2000-0000-c223-56d19d140000 pid=5277 execve guuid=e26c1033-2000-0000-c223-56d19e140000 pid=5278 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=e26c1033-2000-0000-c223-56d19e140000 pid=5278 clone guuid=b36cf933-2000-0000-c223-56d1a0140000 pid=5280 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=b36cf933-2000-0000-c223-56d1a0140000 pid=5280 execve guuid=5aa93f34-2000-0000-c223-56d1a1140000 pid=5281 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=5aa93f34-2000-0000-c223-56d1a1140000 pid=5281 execve guuid=6780365a-2000-0000-c223-56d1a2140000 pid=5282 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=6780365a-2000-0000-c223-56d1a2140000 pid=5282 execve guuid=c37cb45a-2000-0000-c223-56d1a3140000 pid=5283 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=c37cb45a-2000-0000-c223-56d1a3140000 pid=5283 clone guuid=10aaac5b-2000-0000-c223-56d1a5140000 pid=5285 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=10aaac5b-2000-0000-c223-56d1a5140000 pid=5285 execve guuid=d9d42d5c-2000-0000-c223-56d1a6140000 pid=5286 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=d9d42d5c-2000-0000-c223-56d1a6140000 pid=5286 execve guuid=5e825783-2000-0000-c223-56d1a7140000 pid=5287 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=5e825783-2000-0000-c223-56d1a7140000 pid=5287 execve guuid=057de283-2000-0000-c223-56d1a8140000 pid=5288 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=057de283-2000-0000-c223-56d1a8140000 pid=5288 clone guuid=ef570985-2000-0000-c223-56d1aa140000 pid=5290 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=ef570985-2000-0000-c223-56d1aa140000 pid=5290 execve guuid=a9368f85-2000-0000-c223-56d1ab140000 pid=5291 /usr/bin/wget net send-data write-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=a9368f85-2000-0000-c223-56d1ab140000 pid=5291 execve guuid=0ead7fad-2000-0000-c223-56d1ac140000 pid=5292 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=0ead7fad-2000-0000-c223-56d1ac140000 pid=5292 execve guuid=267306ae-2000-0000-c223-56d1ad140000 pid=5293 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=267306ae-2000-0000-c223-56d1ad140000 pid=5293 clone guuid=a8ed27af-2000-0000-c223-56d1af140000 pid=5295 /usr/bin/rm delete-file guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=a8ed27af-2000-0000-c223-56d1af140000 pid=5295 execve guuid=264193af-2000-0000-c223-56d1b0140000 pid=5296 /usr/bin/wget net send-data guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=264193af-2000-0000-c223-56d1b0140000 pid=5296 execve guuid=fc54a2be-2000-0000-c223-56d1b1140000 pid=5297 /usr/bin/chmod guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=fc54a2be-2000-0000-c223-56d1b1140000 pid=5297 execve guuid=265836bf-2000-0000-c223-56d1b2140000 pid=5298 /usr/bin/bash guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=265836bf-2000-0000-c223-56d1b2140000 pid=5298 clone guuid=18cd65bf-2000-0000-c223-56d1b3140000 pid=5299 /usr/bin/rm guuid=4a60c0a0-1e00-0000-c223-56d15c140000 pid=5212->guuid=18cd65bf-2000-0000-c223-56d1b3140000 pid=5299 execve 3c08363b-4c05-5247-9298-7388a6812181 94.183.232.247:80 guuid=e9cf1ba1-1e00-0000-c223-56d15d140000 pid=5213->3c08363b-4c05-5247-9298-7388a6812181 send: 133B guuid=7da752cd-1e00-0000-c223-56d162140000 pid=5218->3c08363b-4c05-5247-9298-7388a6812181 send: 135B guuid=56e3e1f8-1e00-0000-c223-56d167140000 pid=5223->3c08363b-4c05-5247-9298-7388a6812181 send: 132B guuid=36b2e41e-1f00-0000-c223-56d16c140000 pid=5228->3c08363b-4c05-5247-9298-7388a6812181 send: 135B 61c25445-1602-58b4-8117-b4a5aee9541d 94.183.232.247:53 guuid=9751ae43-1f00-0000-c223-56d16e140000 pid=5230->61c25445-1602-58b4-8117-b4a5aee9541d con guuid=ccc2d743-1f00-0000-c223-56d16f140000 pid=5231 /tmp/X86_64 guuid=9751ae43-1f00-0000-c223-56d16e140000 pid=5230->guuid=ccc2d743-1f00-0000-c223-56d16f140000 pid=5231 clone guuid=3f01e343-1f00-0000-c223-56d170140000 pid=5232 /tmp/X86_64 net send-data write-file zombie guuid=9751ae43-1f00-0000-c223-56d16e140000 pid=5230->guuid=3f01e343-1f00-0000-c223-56d170140000 pid=5232 clone 4bfa41a0-2a30-55ff-a0b0-75d1da6c055c 94.183.232.247:6772 guuid=3f01e343-1f00-0000-c223-56d170140000 pid=5232->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4302B guuid=a56af143-1f00-0000-c223-56d171140000 pid=5233 /tmp/X86_64 net send-data write-file guuid=3f01e343-1f00-0000-c223-56d170140000 pid=5232->guuid=a56af143-1f00-0000-c223-56d171140000 pid=5233 clone guuid=f47c3bbb-1f00-0000-c223-56d18b140000 pid=5259 /tmp/X86_64 guuid=3f01e343-1f00-0000-c223-56d170140000 pid=5232->guuid=f47c3bbb-1f00-0000-c223-56d18b140000 pid=5259 clone guuid=a56af143-1f00-0000-c223-56d171140000 pid=5233->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4464B guuid=5e5b0044-1f00-0000-c223-56d172140000 pid=5234 /tmp/X86_64 guuid=a56af143-1f00-0000-c223-56d171140000 pid=5233->guuid=5e5b0044-1f00-0000-c223-56d172140000 pid=5234 clone guuid=d8e13a44-1f00-0000-c223-56d174140000 pid=5236 /tmp/X86_64 guuid=5e5b0044-1f00-0000-c223-56d172140000 pid=5234->guuid=d8e13a44-1f00-0000-c223-56d174140000 pid=5236 clone guuid=2275a744-1f00-0000-c223-56d175140000 pid=5237->3c08363b-4c05-5247-9298-7388a6812181 send: 133B guuid=e3542268-1f00-0000-c223-56d177140000 pid=5239->61c25445-1602-58b4-8117-b4a5aee9541d con guuid=23375068-1f00-0000-c223-56d178140000 pid=5240 /tmp/I686 guuid=e3542268-1f00-0000-c223-56d177140000 pid=5239->guuid=23375068-1f00-0000-c223-56d178140000 pid=5240 clone guuid=0b2b6068-1f00-0000-c223-56d179140000 pid=5241 /tmp/I686 net send-data write-file zombie guuid=e3542268-1f00-0000-c223-56d177140000 pid=5239->guuid=0b2b6068-1f00-0000-c223-56d179140000 pid=5241 clone guuid=0b2b6068-1f00-0000-c223-56d179140000 pid=5241->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4140B guuid=2c0d6968-1f00-0000-c223-56d17a140000 pid=5242 /tmp/I686 net send-data write-file guuid=0b2b6068-1f00-0000-c223-56d179140000 pid=5241->guuid=2c0d6968-1f00-0000-c223-56d17a140000 pid=5242 clone guuid=9bc7badf-1f00-0000-c223-56d18f140000 pid=5263 /tmp/I686 guuid=0b2b6068-1f00-0000-c223-56d179140000 pid=5241->guuid=9bc7badf-1f00-0000-c223-56d18f140000 pid=5263 clone guuid=2c0d6968-1f00-0000-c223-56d17a140000 pid=5242->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4392B guuid=32d27668-1f00-0000-c223-56d17b140000 pid=5243 /tmp/I686 guuid=2c0d6968-1f00-0000-c223-56d17a140000 pid=5242->guuid=32d27668-1f00-0000-c223-56d17b140000 pid=5243 clone guuid=ca828968-1f00-0000-c223-56d17c140000 pid=5244 /tmp/I686 guuid=32d27668-1f00-0000-c223-56d17b140000 pid=5243->guuid=ca828968-1f00-0000-c223-56d17c140000 pid=5244 clone guuid=9286d46e-1f00-0000-c223-56d17e140000 pid=5246->3c08363b-4c05-5247-9298-7388a6812181 send: 136B guuid=808dad95-1f00-0000-c223-56d183140000 pid=5251->3c08363b-4c05-5247-9298-7388a6812181 send: 133B guuid=8d0bf8b8-1f00-0000-c223-56d185140000 pid=5253->61c25445-1602-58b4-8117-b4a5aee9541d con guuid=2db724b9-1f00-0000-c223-56d186140000 pid=5254 /tmp/I586 guuid=8d0bf8b8-1f00-0000-c223-56d185140000 pid=5253->guuid=2db724b9-1f00-0000-c223-56d186140000 pid=5254 clone guuid=a8d637b9-1f00-0000-c223-56d187140000 pid=5255 /tmp/I586 net send-data write-file zombie guuid=8d0bf8b8-1f00-0000-c223-56d185140000 pid=5253->guuid=a8d637b9-1f00-0000-c223-56d187140000 pid=5255 clone guuid=a8d637b9-1f00-0000-c223-56d187140000 pid=5255->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4122B guuid=4b2947b9-1f00-0000-c223-56d188140000 pid=5256 /tmp/I586 net send-data write-file guuid=a8d637b9-1f00-0000-c223-56d187140000 pid=5255->guuid=4b2947b9-1f00-0000-c223-56d188140000 pid=5256 clone guuid=134d9130-2000-0000-c223-56d19b140000 pid=5275 /tmp/I586 guuid=a8d637b9-1f00-0000-c223-56d187140000 pid=5255->guuid=134d9130-2000-0000-c223-56d19b140000 pid=5275 clone guuid=4b2947b9-1f00-0000-c223-56d188140000 pid=5256->4bfa41a0-2a30-55ff-a0b0-75d1da6c055c send: 4266B guuid=7ebf58b9-1f00-0000-c223-56d189140000 pid=5257 /tmp/I586 guuid=4b2947b9-1f00-0000-c223-56d188140000 pid=5256->guuid=7ebf58b9-1f00-0000-c223-56d189140000 pid=5257 clone guuid=67a670b9-1f00-0000-c223-56d18a140000 pid=5258 /tmp/I586 guuid=7ebf58b9-1f00-0000-c223-56d189140000 pid=5257->guuid=67a670b9-1f00-0000-c223-56d18a140000 pid=5258 clone guuid=366e86bb-1f00-0000-c223-56d18c140000 pid=5260 /tmp/X86_64 guuid=f47c3bbb-1f00-0000-c223-56d18b140000 pid=5259->guuid=366e86bb-1f00-0000-c223-56d18c140000 pid=5260 clone guuid=bc386abd-1f00-0000-c223-56d18e140000 pid=5262->3c08363b-4c05-5247-9298-7388a6812181 send: 133B guuid=d42be9df-1f00-0000-c223-56d190140000 pid=5264 /tmp/I686 guuid=9bc7badf-1f00-0000-c223-56d18f140000 pid=5263->guuid=d42be9df-1f00-0000-c223-56d190140000 pid=5264 clone guuid=b4c2ade4-1f00-0000-c223-56d195140000 pid=5269->3c08363b-4c05-5247-9298-7388a6812181 send: 134B guuid=ce65ce0c-2000-0000-c223-56d19a140000 pid=5274->3c08363b-4c05-5247-9298-7388a6812181 send: 135B guuid=003e9d30-2000-0000-c223-56d19c140000 pid=5276 /tmp/I586 guuid=134d9130-2000-0000-c223-56d19b140000 pid=5275->guuid=003e9d30-2000-0000-c223-56d19c140000 pid=5276 clone guuid=5aa93f34-2000-0000-c223-56d1a1140000 pid=5281->3c08363b-4c05-5247-9298-7388a6812181 send: 135B guuid=d9d42d5c-2000-0000-c223-56d1a6140000 pid=5286->3c08363b-4c05-5247-9298-7388a6812181 send: 135B guuid=a9368f85-2000-0000-c223-56d1ab140000 pid=5291->3c08363b-4c05-5247-9298-7388a6812181 send: 135B guuid=264193af-2000-0000-c223-56d1b0140000 pid=5296->3c08363b-4c05-5247-9298-7388a6812181 send: 132B
Threat name:
Linux.Downloader.Morila
Status:
Malicious
First seen:
2026-07-03 08:16:15 UTC
File Type:
Text (Shell)
AV detection:
24 of 36 (66.67%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Behaviour
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f9e91a2fcffaeae978fa7abf8bdcb7ee79270f97385e22d70e7182a969af1fac

(this sample)

  
Delivery method
Distributed via web download

Comments