MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460
SHA3-384 hash: 4fa8fe718e3999299b36a34e478bad216e6980f23b4f87cddf3773b57f41adcf6f2d998d88f68679d6162cea90281626
SHA1 hash: 5a9c556598d16a57b160517344b964297c1686a2
MD5 hash: a341a31b3b1c6788a6d94d6e3077fa92
humanhash: carpet-thirteen-william-high
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'065 bytes
First seen:2025-10-10 18:20:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3bw0wFw6NI4wPKgwMawJwHwknwMBwEdwcawNdn:hbO7Lfd
TLSH T1D711BCD82290515662186F30749B853E9EDBF2D6607265F0903FD867A0CF1C1BF64F7A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.144.20.51/UnHAnaAW.armcadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm52cc1630fc7c1f37a336e74fbbf81294467d1eb49c1121a459a7f8436be2e1a60 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm6a98d31417dd74c71c34e84e28f7269bc7b882622fbdf0183bfa48520b98a1f52 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm764cecc3ddcde57c504d5d4f50c68ec2f8dc9182ffbbd84542fcd4cfbd116942c Miraielf mirai
http://89.144.20.51/UnHAnaAW.sh4b99efc2f0d9968e8b8d246af1f7e68a8a8bc2bf31db01259d4c29f955642736a Miraielf mirai
http://89.144.20.51/UnHAnaAW.ppc8986d574f66c38aa730786281cd37fa332b6bc7834eaed64f060a386f79cb5c0 Miraielf mirai
http://89.144.20.51/UnHAnaAW.mipsca619232e424f47aa37e9681930de71499648516dd842054ca84f29e03f470f6 Miraielf mirai
http://89.144.20.51/UnHAnaAW.mpsl9a6f1800f6b8114b95c7c58a892651c79ea9cd2563d4df721dc87e00b464ebbe Miraielf mirai
http://89.144.20.51/UnHAnaAW.spc8122b636fe0eca6db90e4ae02ca55ee5b391c8cc1472f2445ec25833fddcdef4 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x861c8dab7f3654222eb46bf54de4854895d2e7f8faaca9e4362f7a9ac3e9afea88 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x86_64n/an/an/a
http://89.144.20.51/UnHAnaAW.i586n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68e94e9f71883144ef30d416/reports/bed4e733-b7ae-457a-97e8-2bb847d0d0e6/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-19T10:30:00Z UTC
Last seen:
2025-09-19T10:40:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/04da4bef-b5d1-4c1d-81e3-fe970cf4ac6d
Behavior Graph:
Download SVG
%3 guuid=c69f839f-1900-0000-085b-1e798e0c0000 pid=3214 /usr/bin/sudo guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220 /tmp/sample.bin guuid=c69f839f-1900-0000-085b-1e798e0c0000 pid=3214->guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220 execve guuid=27e037a3-1900-0000-085b-1e79960c0000 pid=3222 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=27e037a3-1900-0000-085b-1e79960c0000 pid=3222 execve guuid=690396b3-1900-0000-085b-1e79a70c0000 pid=3239 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=690396b3-1900-0000-085b-1e79a70c0000 pid=3239 execve guuid=e4c1ecb3-1900-0000-085b-1e79a80c0000 pid=3240 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=e4c1ecb3-1900-0000-085b-1e79a80c0000 pid=3240 clone guuid=bf3b06b4-1900-0000-085b-1e79aa0c0000 pid=3242 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=bf3b06b4-1900-0000-085b-1e79aa0c0000 pid=3242 execve guuid=46c054c3-1900-0000-085b-1e79c00c0000 pid=3264 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=46c054c3-1900-0000-085b-1e79c00c0000 pid=3264 execve guuid=0ca19fc3-1900-0000-085b-1e79c10c0000 pid=3265 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=0ca19fc3-1900-0000-085b-1e79c10c0000 pid=3265 clone guuid=4640b4c3-1900-0000-085b-1e79c30c0000 pid=3267 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=4640b4c3-1900-0000-085b-1e79c30c0000 pid=3267 execve guuid=fc8dced4-1900-0000-085b-1e79e90c0000 pid=3305 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=fc8dced4-1900-0000-085b-1e79e90c0000 pid=3305 execve guuid=272f47d5-1900-0000-085b-1e79ec0c0000 pid=3308 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=272f47d5-1900-0000-085b-1e79ec0c0000 pid=3308 clone guuid=fb4f55d5-1900-0000-085b-1e79ed0c0000 pid=3309 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=fb4f55d5-1900-0000-085b-1e79ed0c0000 pid=3309 execve guuid=856f91e6-1900-0000-085b-1e79040d0000 pid=3332 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=856f91e6-1900-0000-085b-1e79040d0000 pid=3332 execve guuid=4eb2e8e6-1900-0000-085b-1e79050d0000 pid=3333 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=4eb2e8e6-1900-0000-085b-1e79050d0000 pid=3333 clone guuid=e84ff5e6-1900-0000-085b-1e79070d0000 pid=3335 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=e84ff5e6-1900-0000-085b-1e79070d0000 pid=3335 execve guuid=901796f7-1900-0000-085b-1e792e0d0000 pid=3374 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=901796f7-1900-0000-085b-1e792e0d0000 pid=3374 execve guuid=356ce1f7-1900-0000-085b-1e79300d0000 pid=3376 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=356ce1f7-1900-0000-085b-1e79300d0000 pid=3376 clone guuid=ed6deaf7-1900-0000-085b-1e79310d0000 pid=3377 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=ed6deaf7-1900-0000-085b-1e79310d0000 pid=3377 execve guuid=8b9c0c06-1a00-0000-085b-1e79520d0000 pid=3410 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=8b9c0c06-1a00-0000-085b-1e79520d0000 pid=3410 execve guuid=9db76406-1a00-0000-085b-1e79530d0000 pid=3411 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=9db76406-1a00-0000-085b-1e79530d0000 pid=3411 clone guuid=afce6b06-1a00-0000-085b-1e79540d0000 pid=3412 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=afce6b06-1a00-0000-085b-1e79540d0000 pid=3412 execve guuid=7983b117-1a00-0000-085b-1e79840d0000 pid=3460 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=7983b117-1a00-0000-085b-1e79840d0000 pid=3460 execve guuid=e8381a18-1a00-0000-085b-1e79860d0000 pid=3462 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=e8381a18-1a00-0000-085b-1e79860d0000 pid=3462 clone guuid=00772918-1a00-0000-085b-1e79870d0000 pid=3463 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=00772918-1a00-0000-085b-1e79870d0000 pid=3463 execve guuid=49e3c829-1a00-0000-085b-1e79af0d0000 pid=3503 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=49e3c829-1a00-0000-085b-1e79af0d0000 pid=3503 execve guuid=4447432a-1a00-0000-085b-1e79b40d0000 pid=3508 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=4447432a-1a00-0000-085b-1e79b40d0000 pid=3508 clone guuid=c7e5542a-1a00-0000-085b-1e79b50d0000 pid=3509 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=c7e5542a-1a00-0000-085b-1e79b50d0000 pid=3509 execve guuid=4bd44239-1a00-0000-085b-1e79cb0d0000 pid=3531 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=4bd44239-1a00-0000-085b-1e79cb0d0000 pid=3531 execve guuid=e197a839-1a00-0000-085b-1e79cc0d0000 pid=3532 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=e197a839-1a00-0000-085b-1e79cc0d0000 pid=3532 clone guuid=a15bb939-1a00-0000-085b-1e79cd0d0000 pid=3533 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=a15bb939-1a00-0000-085b-1e79cd0d0000 pid=3533 execve guuid=fc232348-1a00-0000-085b-1e79e70d0000 pid=3559 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=fc232348-1a00-0000-085b-1e79e70d0000 pid=3559 execve guuid=c7629a48-1a00-0000-085b-1e79e90d0000 pid=3561 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=c7629a48-1a00-0000-085b-1e79e90d0000 pid=3561 clone guuid=b7aead48-1a00-0000-085b-1e79ea0d0000 pid=3562 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=b7aead48-1a00-0000-085b-1e79ea0d0000 pid=3562 execve guuid=18d28158-1a00-0000-085b-1e79170e0000 pid=3607 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=18d28158-1a00-0000-085b-1e79170e0000 pid=3607 execve guuid=7313d458-1a00-0000-085b-1e79190e0000 pid=3609 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=7313d458-1a00-0000-085b-1e79190e0000 pid=3609 clone guuid=dde8d958-1a00-0000-085b-1e791a0e0000 pid=3610 /usr/bin/curl net send-data guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=dde8d958-1a00-0000-085b-1e791a0e0000 pid=3610 execve guuid=8d22af62-1a00-0000-085b-1e79370e0000 pid=3639 /usr/bin/chmod guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=8d22af62-1a00-0000-085b-1e79370e0000 pid=3639 execve guuid=93c9e762-1a00-0000-085b-1e79380e0000 pid=3640 /usr/bin/dash guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=93c9e762-1a00-0000-085b-1e79380e0000 pid=3640 clone guuid=996eef62-1a00-0000-085b-1e793a0e0000 pid=3642 /usr/bin/rm delete-file guuid=4780c3a2-1900-0000-085b-1e79940c0000 pid=3220->guuid=996eef62-1a00-0000-085b-1e793a0e0000 pid=3642 execve c52c8c68-d8b7-50e7-8387-bf4eaaab6eab 89.144.20.51:80 guuid=27e037a3-1900-0000-085b-1e79960c0000 pid=3222->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=bf3b06b4-1900-0000-085b-1e79aa0c0000 pid=3242->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B guuid=4640b4c3-1900-0000-085b-1e79c30c0000 pid=3267->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B guuid=fb4f55d5-1900-0000-085b-1e79ed0c0000 pid=3309->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B guuid=e84ff5e6-1900-0000-085b-1e79070d0000 pid=3335->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=ed6deaf7-1900-0000-085b-1e79310d0000 pid=3377->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=afce6b06-1a00-0000-085b-1e79540d0000 pid=3412->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B guuid=00772918-1a00-0000-085b-1e79870d0000 pid=3463->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B guuid=c7e5542a-1a00-0000-085b-1e79b50d0000 pid=3509->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=a15bb939-1a00-0000-085b-1e79cd0d0000 pid=3533->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=b7aead48-1a00-0000-085b-1e79ea0d0000 pid=3562->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 91B guuid=dde8d958-1a00-0000-085b-1e791a0e0000 pid=3610->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 89B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-19 15:57:51 UTC
File Type:
Text
AV detection:
16 of 37 (43.24%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=72nvuxp4qevbooshhdqlaku5prtqc325hq6epzt47mrhl4t3mrqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251010-wzgljstvdy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fe9b5a5dfc812a173a4738e0b02a9d7c67016f5d3c3c47e67cfb2275f27b6460

(this sample)

Mirai

elf cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

  
URLhaus
https://urlhaus.abuse.ch/url/3667552/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d7aa17420b4e793ecbfd7fd19a4ca174
  
Dropping
SHA256 cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

Comments