MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede
SHA3-384 hash: d8394d4762cb177c44b6a29da90ea78664c22d09cc4584f08841507b38c25e9904520de75dee70979143d3f8336ab2dc
SHA1 hash: 9829fd4223e266ee0869a681d34a91e0b9f1ef4e
MD5 hash: 8f5dcaf5c98fa349d8c6f093f404ff87
humanhash: nevada-snake-dakota-neptune
File name:newreaxe.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'183 bytes
First seen:2026-02-14 13:06:39 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:i+/RC2Qa8tnAm+ukOo2VYhA9djRgkLthJmrAuUqTrGTV/36cdpo1:ilVF9h5F1LZmsmK13dq
TLSH T1AA6196F693D246305EA55733A378A904BD89E1F3B0862E209CFB25BEF84CE047005E97
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.x869d4303eab069f7f9052f482f94a2cf36d007bc8273348f007e2fb31659fcc255 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.mipsf037b103394bc2621207bfc87a644c2d3921db5f0bc8830e22758038b9af6296 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arc31e871bf22741430a6da836e773480da675d3094e573cc0776645ba206578293 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.i686e77b92e6a48b0db91fa71a25942b9944cd9e954413c87ef00b65a4e48e4d0757 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.x86_64c032550cc344c3f14b7c564ea58a3c5159ed4e8edb4266f59bfc3e7e8a13ea9e Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.mpsld91b528a22124afd79cdc73a5ed158f43b6c07bf90fa854aab581ce151abfec6 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm4b7d3b3cb2b1399e9f86a5e84691c33d3a4f806a65eec0c2e113cce4a9324182 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm5c83eeb7ecd43733b6531c7c91ae8fbc7e964b33542a0187461006a039b869daf Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm6a60936c68f3e00253a0befa778d9517e15e8c8352f728c22b4a64378c6bca8a5 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.arm7888a0bbfc855fdd57b1ffc7959b837e1f75fb344b6a871eb3a96865ebf4938d8 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.ppc61ea6093dea9f115fc84463f00f4466a9904156cad729b88701a8d89a8866383 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.spc2f94a82d6fa107ca045c7f6bc371d42d4900c4e2548502c23c47b490a8784aa1 Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.m68kc73c4346f62573bc8eea16c12e3b3dd57d7f5d08d9f61bea278c08fe819709fa Miraielf mirai ua-wget
http://192.3.154.52/x7k2m9v8b/m9x7k2v8b3.sh417e065d59586f2fc634de3340309c609b8ed11c7606df41e6583cba42571169f Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/6990738a930564ff3ca0edd5/reports/08d09eab-8514-4805-be3f-2f3e1924a747/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b889c4a1-f434-41cd-bcf2-3a641fd206e4
Behavior Graph:
Download SVG
%3 guuid=d64d63a1-1900-0000-a031-e2fcb60b0000 pid=2998 /usr/bin/sudo guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005 /tmp/sample.bin guuid=d64d63a1-1900-0000-a031-e2fcb60b0000 pid=2998->guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005 execve guuid=633c53a4-1900-0000-a031-e2fcbf0b0000 pid=3007 /usr/bin/cp guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=633c53a4-1900-0000-a031-e2fcbf0b0000 pid=3007 execve guuid=02f79dab-1900-0000-a031-e2fcd00b0000 pid=3024 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=02f79dab-1900-0000-a031-e2fcd00b0000 pid=3024 execve guuid=07ef24c5-1900-0000-a031-e2fc130c0000 pid=3091 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=07ef24c5-1900-0000-a031-e2fc130c0000 pid=3091 execve guuid=bbb106e4-1900-0000-a031-e2fc570c0000 pid=3159 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=bbb106e4-1900-0000-a031-e2fc570c0000 pid=3159 execve guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161 /tmp/m9x7k2v8b3.x86 net guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161 execve guuid=1dce3311-1b00-0000-a031-e2fc530e0000 pid=3667 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=1dce3311-1b00-0000-a031-e2fc530e0000 pid=3667 execve guuid=9331b311-1b00-0000-a031-e2fc540e0000 pid=3668 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=9331b311-1b00-0000-a031-e2fc540e0000 pid=3668 execve guuid=a80dcc2f-1b00-0000-a031-e2fc940e0000 pid=3732 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a80dcc2f-1b00-0000-a031-e2fc940e0000 pid=3732 execve guuid=6d9e0254-1b00-0000-a031-e2fc040f0000 pid=3844 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=6d9e0254-1b00-0000-a031-e2fc040f0000 pid=3844 execve guuid=44ed5654-1b00-0000-a031-e2fc050f0000 pid=3845 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=44ed5654-1b00-0000-a031-e2fc050f0000 pid=3845 clone guuid=10894455-1b00-0000-a031-e2fc0d0f0000 pid=3853 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=10894455-1b00-0000-a031-e2fc0d0f0000 pid=3853 execve guuid=90e19255-1b00-0000-a031-e2fc0e0f0000 pid=3854 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=90e19255-1b00-0000-a031-e2fc0e0f0000 pid=3854 execve guuid=432b3b74-1b00-0000-a031-e2fc750f0000 pid=3957 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=432b3b74-1b00-0000-a031-e2fc750f0000 pid=3957 execve guuid=3b836395-1b00-0000-a031-e2fce00f0000 pid=4064 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3b836395-1b00-0000-a031-e2fce00f0000 pid=4064 execve guuid=203abe95-1b00-0000-a031-e2fce20f0000 pid=4066 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=203abe95-1b00-0000-a031-e2fce20f0000 pid=4066 clone guuid=f68a9797-1b00-0000-a031-e2fceb0f0000 pid=4075 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=f68a9797-1b00-0000-a031-e2fceb0f0000 pid=4075 execve guuid=d631dc97-1b00-0000-a031-e2fcec0f0000 pid=4076 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=d631dc97-1b00-0000-a031-e2fcec0f0000 pid=4076 execve guuid=41ab8baa-1b00-0000-a031-e2fc1f100000 pid=4127 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=41ab8baa-1b00-0000-a031-e2fc1f100000 pid=4127 execve guuid=3dfc6fc1-1b00-0000-a031-e2fc66100000 pid=4198 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3dfc6fc1-1b00-0000-a031-e2fc66100000 pid=4198 execve guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199 /tmp/m9x7k2v8b3.i686 net guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199 execve guuid=fe2159ef-1c00-0000-a031-e2fcc2130000 pid=5058 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=fe2159ef-1c00-0000-a031-e2fcc2130000 pid=5058 execve guuid=36d3c5ef-1c00-0000-a031-e2fcc4130000 pid=5060 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=36d3c5ef-1c00-0000-a031-e2fcc4130000 pid=5060 execve guuid=9abdb802-1d00-0000-a031-e2fc07140000 pid=5127 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=9abdb802-1d00-0000-a031-e2fc07140000 pid=5127 execve guuid=2e6b8b19-1d00-0000-a031-e2fc41140000 pid=5185 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=2e6b8b19-1d00-0000-a031-e2fc41140000 pid=5185 execve guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187 /tmp/m9x7k2v8b3.x86_64 mprotect-exec net guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187 execve guuid=a2ac6045-1e00-0000-a031-e2fc97140000 pid=5271 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a2ac6045-1e00-0000-a031-e2fc97140000 pid=5271 execve guuid=5c6ffd45-1e00-0000-a031-e2fc98140000 pid=5272 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=5c6ffd45-1e00-0000-a031-e2fc98140000 pid=5272 execve guuid=3e263060-1e00-0000-a031-e2fc99140000 pid=5273 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3e263060-1e00-0000-a031-e2fc99140000 pid=5273 execve guuid=1b38d3a2-1e00-0000-a031-e2fc9a140000 pid=5274 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=1b38d3a2-1e00-0000-a031-e2fc9a140000 pid=5274 execve guuid=08b474a3-1e00-0000-a031-e2fc9b140000 pid=5275 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=08b474a3-1e00-0000-a031-e2fc9b140000 pid=5275 clone guuid=3c23e5a5-1e00-0000-a031-e2fc9d140000 pid=5277 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3c23e5a5-1e00-0000-a031-e2fc9d140000 pid=5277 execve guuid=161b9fa7-1e00-0000-a031-e2fc9e140000 pid=5278 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=161b9fa7-1e00-0000-a031-e2fc9e140000 pid=5278 execve guuid=8d9f2bca-1e00-0000-a031-e2fc9f140000 pid=5279 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=8d9f2bca-1e00-0000-a031-e2fc9f140000 pid=5279 execve guuid=250a69eb-1e00-0000-a031-e2fca0140000 pid=5280 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=250a69eb-1e00-0000-a031-e2fca0140000 pid=5280 execve guuid=7ee4abeb-1e00-0000-a031-e2fca1140000 pid=5281 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=7ee4abeb-1e00-0000-a031-e2fca1140000 pid=5281 clone guuid=805c53ec-1e00-0000-a031-e2fca3140000 pid=5283 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=805c53ec-1e00-0000-a031-e2fca3140000 pid=5283 execve guuid=a040a6ec-1e00-0000-a031-e2fca4140000 pid=5284 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a040a6ec-1e00-0000-a031-e2fca4140000 pid=5284 execve guuid=bf570600-1f00-0000-a031-e2fca5140000 pid=5285 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=bf570600-1f00-0000-a031-e2fca5140000 pid=5285 execve guuid=1ca8f616-1f00-0000-a031-e2fca6140000 pid=5286 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=1ca8f616-1f00-0000-a031-e2fca6140000 pid=5286 execve guuid=10054717-1f00-0000-a031-e2fca7140000 pid=5287 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=10054717-1f00-0000-a031-e2fca7140000 pid=5287 clone guuid=fe8ce917-1f00-0000-a031-e2fca9140000 pid=5289 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=fe8ce917-1f00-0000-a031-e2fca9140000 pid=5289 execve guuid=50cd4618-1f00-0000-a031-e2fcaa140000 pid=5290 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=50cd4618-1f00-0000-a031-e2fcaa140000 pid=5290 execve guuid=b611353e-1f00-0000-a031-e2fcac140000 pid=5292 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=b611353e-1f00-0000-a031-e2fcac140000 pid=5292 execve guuid=0c558958-1f00-0000-a031-e2fcb2140000 pid=5298 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=0c558958-1f00-0000-a031-e2fcb2140000 pid=5298 execve guuid=9656da58-1f00-0000-a031-e2fcb3140000 pid=5299 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=9656da58-1f00-0000-a031-e2fcb3140000 pid=5299 clone guuid=574d8859-1f00-0000-a031-e2fcb5140000 pid=5301 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=574d8859-1f00-0000-a031-e2fcb5140000 pid=5301 execve guuid=a8c8b55a-1f00-0000-a031-e2fcb6140000 pid=5302 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a8c8b55a-1f00-0000-a031-e2fcb6140000 pid=5302 execve guuid=321f5b7e-1f00-0000-a031-e2fcc1140000 pid=5313 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=321f5b7e-1f00-0000-a031-e2fcc1140000 pid=5313 execve guuid=ce40ef97-1f00-0000-a031-e2fcd2140000 pid=5330 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=ce40ef97-1f00-0000-a031-e2fcd2140000 pid=5330 execve guuid=16cc4698-1f00-0000-a031-e2fcd3140000 pid=5331 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=16cc4698-1f00-0000-a031-e2fcd3140000 pid=5331 clone guuid=7a0ef098-1f00-0000-a031-e2fcd5140000 pid=5333 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=7a0ef098-1f00-0000-a031-e2fcd5140000 pid=5333 execve guuid=b0e64c99-1f00-0000-a031-e2fcd6140000 pid=5334 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=b0e64c99-1f00-0000-a031-e2fcd6140000 pid=5334 execve guuid=369ebaad-1f00-0000-a031-e2fcd7140000 pid=5335 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=369ebaad-1f00-0000-a031-e2fcd7140000 pid=5335 execve guuid=362237c9-1f00-0000-a031-e2fcd8140000 pid=5336 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=362237c9-1f00-0000-a031-e2fcd8140000 pid=5336 execve guuid=1fdd97c9-1f00-0000-a031-e2fcd9140000 pid=5337 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=1fdd97c9-1f00-0000-a031-e2fcd9140000 pid=5337 clone guuid=a12d93ca-1f00-0000-a031-e2fcdb140000 pid=5339 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a12d93ca-1f00-0000-a031-e2fcdb140000 pid=5339 execve guuid=5270d9ca-1f00-0000-a031-e2fcdc140000 pid=5340 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=5270d9ca-1f00-0000-a031-e2fcdc140000 pid=5340 execve guuid=85669beb-1f00-0000-a031-e2fcdd140000 pid=5341 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=85669beb-1f00-0000-a031-e2fcdd140000 pid=5341 execve guuid=dcea730c-2000-0000-a031-e2fcde140000 pid=5342 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=dcea730c-2000-0000-a031-e2fcde140000 pid=5342 execve guuid=3b59bc0c-2000-0000-a031-e2fcdf140000 pid=5343 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3b59bc0c-2000-0000-a031-e2fcdf140000 pid=5343 clone guuid=c76d810d-2000-0000-a031-e2fce1140000 pid=5345 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=c76d810d-2000-0000-a031-e2fce1140000 pid=5345 execve guuid=b21edd0d-2000-0000-a031-e2fce2140000 pid=5346 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=b21edd0d-2000-0000-a031-e2fce2140000 pid=5346 execve guuid=a4d7b726-2000-0000-a031-e2fce3140000 pid=5347 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=a4d7b726-2000-0000-a031-e2fce3140000 pid=5347 execve guuid=6cb12145-2000-0000-a031-e2fce4140000 pid=5348 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=6cb12145-2000-0000-a031-e2fce4140000 pid=5348 execve guuid=78637e45-2000-0000-a031-e2fce5140000 pid=5349 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=78637e45-2000-0000-a031-e2fce5140000 pid=5349 clone guuid=51410d46-2000-0000-a031-e2fce7140000 pid=5351 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=51410d46-2000-0000-a031-e2fce7140000 pid=5351 execve guuid=abdb6d46-2000-0000-a031-e2fce8140000 pid=5352 /usr/bin/wget net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=abdb6d46-2000-0000-a031-e2fce8140000 pid=5352 execve guuid=3b1f7a62-2000-0000-a031-e2fce9140000 pid=5353 /usr/bin/curl net send-data write-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=3b1f7a62-2000-0000-a031-e2fce9140000 pid=5353 execve guuid=8f62c286-2000-0000-a031-e2fcea140000 pid=5354 /usr/bin/chmod guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=8f62c286-2000-0000-a031-e2fcea140000 pid=5354 execve guuid=07350a87-2000-0000-a031-e2fceb140000 pid=5355 /usr/bin/bash guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=07350a87-2000-0000-a031-e2fceb140000 pid=5355 clone guuid=1cc9a587-2000-0000-a031-e2fced140000 pid=5357 /usr/bin/rm delete-file guuid=67c239a3-1900-0000-a031-e2fcbd0b0000 pid=3005->guuid=1cc9a587-2000-0000-a031-e2fced140000 pid=5357 execve 1a25d009-e9f5-535b-9794-133757a79f2f 192.3.154.52:80 guuid=02f79dab-1900-0000-a031-e2fcd00b0000 pid=3024->1a25d009-e9f5-535b-9794-133757a79f2f send: 151B guuid=07ef24c5-1900-0000-a031-e2fc130c0000 pid=3091->1a25d009-e9f5-535b-9794-133757a79f2f send: 100B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=95a4e8e4-1900-0000-a031-e2fc5b0c0000 pid=3163 /tmp/m9x7k2v8b3.x86 guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161->guuid=95a4e8e4-1900-0000-a031-e2fc5b0c0000 pid=3163 clone guuid=03cf1b11-1b00-0000-a031-e2fc510e0000 pid=3665 /tmp/m9x7k2v8b3.x86 guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161->guuid=03cf1b11-1b00-0000-a031-e2fc510e0000 pid=3665 clone guuid=170d2311-1b00-0000-a031-e2fc520e0000 pid=3666 /tmp/m9x7k2v8b3.x86 net send-data zombie guuid=45c652e4-1900-0000-a031-e2fc590c0000 pid=3161->guuid=170d2311-1b00-0000-a031-e2fc520e0000 pid=3666 clone guuid=c1dceee4-1900-0000-a031-e2fc5c0c0000 pid=3164 /tmp/m9x7k2v8b3.x86 guuid=95a4e8e4-1900-0000-a031-e2fc5b0c0000 pid=3163->guuid=c1dceee4-1900-0000-a031-e2fc5c0c0000 pid=3164 clone guuid=8683f2e4-1900-0000-a031-e2fc5d0c0000 pid=3165 /tmp/m9x7k2v8b3.x86 dns net send-data zombie guuid=95a4e8e4-1900-0000-a031-e2fc5b0c0000 pid=3163->guuid=8683f2e4-1900-0000-a031-e2fc5d0c0000 pid=3165 clone guuid=8683f2e4-1900-0000-a031-e2fc5d0c0000 pid=3165->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 38B 852eada3-51ac-5275-909a-778490b5e6b0 play.mclighthouse.ir:6742 guuid=8683f2e4-1900-0000-a031-e2fc5d0c0000 pid=3165->852eada3-51ac-5275-909a-778490b5e6b0 send: 18B guuid=170d2311-1b00-0000-a031-e2fc520e0000 pid=3666->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 975B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=170d2311-1b00-0000-a031-e2fc520e0000 pid=3666->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 4B ad785374-9e7c-5217-acbe-83a9cb2f51b9 play.mclighthouse.ir:80 guuid=9331b311-1b00-0000-a031-e2fc540e0000 pid=3668->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=a80dcc2f-1b00-0000-a031-e2fc940e0000 pid=3732->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=90e19255-1b00-0000-a031-e2fc0e0f0000 pid=3854->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 151B guuid=432b3b74-1b00-0000-a031-e2fc750f0000 pid=3957->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 100B guuid=d631dc97-1b00-0000-a031-e2fcec0f0000 pid=4076->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=41ab8baa-1b00-0000-a031-e2fc1f100000 pid=4127->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b62e5ac2-1b00-0000-a031-e2fc6c100000 pid=4204 /tmp/m9x7k2v8b3.i686 guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199->guuid=b62e5ac2-1b00-0000-a031-e2fc6c100000 pid=4204 clone guuid=c66c45ef-1c00-0000-a031-e2fcc0130000 pid=5056 /tmp/m9x7k2v8b3.i686 guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199->guuid=c66c45ef-1c00-0000-a031-e2fcc0130000 pid=5056 clone guuid=455f4cef-1c00-0000-a031-e2fcc1130000 pid=5057 /tmp/m9x7k2v8b3.i686 net send-data zombie guuid=350bb7c1-1b00-0000-a031-e2fc67100000 pid=4199->guuid=455f4cef-1c00-0000-a031-e2fcc1130000 pid=5057 clone guuid=220a63c2-1b00-0000-a031-e2fc6d100000 pid=4205 /tmp/m9x7k2v8b3.i686 guuid=b62e5ac2-1b00-0000-a031-e2fc6c100000 pid=4204->guuid=220a63c2-1b00-0000-a031-e2fc6d100000 pid=4205 clone guuid=a37867c2-1b00-0000-a031-e2fc6e100000 pid=4206 /tmp/m9x7k2v8b3.i686 dns net send-data zombie guuid=b62e5ac2-1b00-0000-a031-e2fc6c100000 pid=4204->guuid=a37867c2-1b00-0000-a031-e2fc6e100000 pid=4206 clone guuid=a37867c2-1b00-0000-a031-e2fc6e100000 pid=4206->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 38B guuid=a37867c2-1b00-0000-a031-e2fc6e100000 pid=4206->852eada3-51ac-5275-909a-778490b5e6b0 send: 18B guuid=455f4cef-1c00-0000-a031-e2fcc1130000 pid=5057->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 975B guuid=455f4cef-1c00-0000-a031-e2fcc1130000 pid=5057->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=36d3c5ef-1c00-0000-a031-e2fcc4130000 pid=5060->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 154B guuid=9abdb802-1d00-0000-a031-e2fc07140000 pid=5127->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 103B guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8207a01a-1d00-0000-a031-e2fc45140000 pid=5189 /tmp/m9x7k2v8b3.x86_64 guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187->guuid=8207a01a-1d00-0000-a031-e2fc45140000 pid=5189 clone guuid=d1c34345-1e00-0000-a031-e2fc95140000 pid=5269 /tmp/m9x7k2v8b3.x86_64 guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187->guuid=d1c34345-1e00-0000-a031-e2fc95140000 pid=5269 clone guuid=c7f95445-1e00-0000-a031-e2fc96140000 pid=5270 /tmp/m9x7k2v8b3.x86_64 net send-data zombie guuid=c413eb19-1d00-0000-a031-e2fc43140000 pid=5187->guuid=c7f95445-1e00-0000-a031-e2fc96140000 pid=5270 clone guuid=e7eea91a-1d00-0000-a031-e2fc46140000 pid=5190 /tmp/m9x7k2v8b3.x86_64 guuid=8207a01a-1d00-0000-a031-e2fc45140000 pid=5189->guuid=e7eea91a-1d00-0000-a031-e2fc46140000 pid=5190 clone guuid=3923ae1a-1d00-0000-a031-e2fc47140000 pid=5191 /tmp/m9x7k2v8b3.x86_64 net send-data zombie guuid=8207a01a-1d00-0000-a031-e2fc45140000 pid=5189->guuid=3923ae1a-1d00-0000-a031-e2fc47140000 pid=5191 clone guuid=3923ae1a-1d00-0000-a031-e2fc47140000 pid=5191->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 975B guuid=3923ae1a-1d00-0000-a031-e2fc47140000 pid=5191->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=c7f95445-1e00-0000-a031-e2fc96140000 pid=5270->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 780B guuid=c7f95445-1e00-0000-a031-e2fc96140000 pid=5270->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=5c6ffd45-1e00-0000-a031-e2fc98140000 pid=5272->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=3e263060-1e00-0000-a031-e2fc99140000 pid=5273->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=161b9fa7-1e00-0000-a031-e2fc9e140000 pid=5278->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 151B guuid=8d9f2bca-1e00-0000-a031-e2fc9f140000 pid=5279->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 100B guuid=a040a6ec-1e00-0000-a031-e2fca4140000 pid=5284->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=bf570600-1f00-0000-a031-e2fca5140000 pid=5285->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=50cd4618-1f00-0000-a031-e2fcaa140000 pid=5290->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=b611353e-1f00-0000-a031-e2fcac140000 pid=5292->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=a8c8b55a-1f00-0000-a031-e2fcb6140000 pid=5302->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=321f5b7e-1f00-0000-a031-e2fcc1140000 pid=5313->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=b0e64c99-1f00-0000-a031-e2fcd6140000 pid=5334->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 151B guuid=369ebaad-1f00-0000-a031-e2fcd7140000 pid=5335->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 100B guuid=5270d9ca-1f00-0000-a031-e2fcdc140000 pid=5340->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 151B guuid=85669beb-1f00-0000-a031-e2fcdd140000 pid=5341->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 100B guuid=b21edd0d-2000-0000-a031-e2fce2140000 pid=5346->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 152B guuid=a4d7b726-2000-0000-a031-e2fce3140000 pid=5347->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 101B guuid=abdb6d46-2000-0000-a031-e2fce8140000 pid=5352->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 151B guuid=3b1f7a62-2000-0000-a031-e2fce9140000 pid=5353->ad785374-9e7c-5217-acbe-83a9cb2f51b9 send: 100B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-13 06:29:00 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7z36qdcncvxmdt26qmomnrf3ptfdp4k4ygnmpy3avvnxvixw73pa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260214-qcsseacw8b/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fe77e80c4d15/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fe77e80c4d156ec1cf5e831cc6c4bb7cca37f15cc19ac7e360ad5b7aa2f6fede

(this sample)

Mirai

elf 40b4b8678687daf5daf25dff607144765a956de8b88757c3ce343165fece2dad

Mirai

elf a032e7a7053822b6d37f8dc47c093ee0ba09ca5b95ad8413f8511fb0cf9c8abd

  
URLhaus
https://urlhaus.abuse.ch/url/3747245/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ae181b52beea891e03c5d55c15fd3945
  
Dropping
SHA256 a032e7a7053822b6d37f8dc47c093ee0ba09ca5b95ad8413f8511fb0cf9c8abd

Comments