MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6
SHA3-384 hash: 53995d6ba2b2eb84252557af521287a09eb19ca5c092b5a83d37b5033c9d11028798e4c3841f5da72366009be1564fd1
SHA1 hash: b58327a0d63e780b56c97bcc1bb148980880ded4
MD5 hash: 9abbbaf02615886bfb1011fbedb27def
humanhash: undress-magnesium-earth-iowa
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:768 bytes
First seen:2025-06-21 19:31:09 UTC
Last seen:2025-06-22 03:21:17 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3FuQjQFbLqQFxNIl5zAQFif0LKjQFSgOsQFVCQFoa/QFkSEQFFtaKAQFU0jQFb:3J30Q8LNNI7nK9gMMapEtBGLaHA
TLSH T155019BCD25B593A21A0CCE1CF16F966C7A869AC0B0708E95FC58997978DDB043064B7A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.20.102.84/arm2a1784fe8e62a215af8edbf16a1be72eb97436e5b314014fc67c69e063f82628 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm5718c9d1905c62a6fed982fb0d52366417cc88c50482d924d8521c62c0cf01eba Miraicensys elf mirai ua-wget
http://103.20.102.84/arm6b78a40c5cfe60dac573574bc6d166596fe6053f24646bbf65468d8272bf82f90 Miraicensys elf mirai ua-wget
http://103.20.102.84/arm7ed3f02939036caf9222d47af47e32a1cab1d8fb3e8614f0281f3e2bc768f444b Miraicensys DEU elf geofenced mirai ua-wget
http://103.20.102.84/m68ka1b3a375a2a86d3ca87efb0ad6821d48958b020ca2240440f091a67441d6ae0b Miraicensys elf mirai ua-wget
http://103.20.102.84/mips1696726d9e61fdb92483cd792fe78121f10e6f46489fce7e78f975cc132d10cf Miraicensys elf mirai ua-wget
http://103.20.102.84/mpsl04d9d3b365ade8ea025dc8e7bb3dc5624ea89185435263b00cb96d238cf76ba2 Miraicensys elf mirai ua-wget
http://103.20.102.84/ppc00d5063c4ed84d4fd055d039da489c07e0cd10f9f7c52332cd2b5695145ffe3b Miraicensys elf mirai ua-wget
http://103.20.102.84/sh480f711fa14fe135a23c1d31064d83545f41f3df1e0c8c88ec0442ec7b8eb9d34 Miraicensys elf mirai ua-wget
http://103.20.102.84/spcae7f4dd7ff7cc7f64216b92e26366797247a61e47e0524433284613304b14e78 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86ce6595654dcd1cf8e6802e0538b82d06a3c44ec488bcf9e3331bc74bad6ad017 Miraicensys elf mirai ua-wget
http://103.20.102.84/x86_649e892c7701dabb3f4f898ecf9b49c764fa217d0510776a1c79f73034445905f6 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68570c60b06783b9ebd676dflinux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
lolbin remote
Link:
https://www.filescan.io/uploads/6857098c3faf8fcd7d3a1d56/reports/ab03b68a-0dad-4abb-b7eb-eba4e16b87f6/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1874f523-4519-45de-811a-7192821b4ae8
Behavior Graph:
Download SVG
%3 guuid=218dcb41-1b00-0000-d07c-5feeae070000 pid=1966 /usr/bin/sudo guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967 /tmp/sample.bin guuid=218dcb41-1b00-0000-d07c-5feeae070000 pid=1966->guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967 execve guuid=76c4f144-1b00-0000-d07c-5feeb0070000 pid=1968 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=76c4f144-1b00-0000-d07c-5feeb0070000 pid=1968 execve guuid=469b5e84-1b00-0000-d07c-5fee16080000 pid=2070 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=469b5e84-1b00-0000-d07c-5fee16080000 pid=2070 execve guuid=50a89b84-1b00-0000-d07c-5fee18080000 pid=2072 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=50a89b84-1b00-0000-d07c-5fee18080000 pid=2072 clone guuid=977ea184-1b00-0000-d07c-5fee19080000 pid=2073 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=977ea184-1b00-0000-d07c-5fee19080000 pid=2073 execve guuid=d64e6fad-1b00-0000-d07c-5fee7b080000 pid=2171 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=d64e6fad-1b00-0000-d07c-5fee7b080000 pid=2171 execve guuid=7344a8ad-1b00-0000-d07c-5fee7d080000 pid=2173 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=7344a8ad-1b00-0000-d07c-5fee7d080000 pid=2173 clone guuid=59a1b5ad-1b00-0000-d07c-5fee7e080000 pid=2174 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=59a1b5ad-1b00-0000-d07c-5fee7e080000 pid=2174 execve guuid=c01c94e4-1b00-0000-d07c-5feefc080000 pid=2300 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=c01c94e4-1b00-0000-d07c-5feefc080000 pid=2300 execve guuid=c4beebe4-1b00-0000-d07c-5feefe080000 pid=2302 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=c4beebe4-1b00-0000-d07c-5feefe080000 pid=2302 clone guuid=8a7cfde4-1b00-0000-d07c-5feeff080000 pid=2303 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=8a7cfde4-1b00-0000-d07c-5feeff080000 pid=2303 execve guuid=7365202a-1c00-0000-d07c-5fee7a090000 pid=2426 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=7365202a-1c00-0000-d07c-5fee7a090000 pid=2426 execve guuid=f7ec742a-1c00-0000-d07c-5fee7c090000 pid=2428 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=f7ec742a-1c00-0000-d07c-5fee7c090000 pid=2428 clone guuid=cdde872a-1c00-0000-d07c-5fee7d090000 pid=2429 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=cdde872a-1c00-0000-d07c-5fee7d090000 pid=2429 execve guuid=1ccd9362-1c00-0000-d07c-5feefc090000 pid=2556 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=1ccd9362-1c00-0000-d07c-5feefc090000 pid=2556 execve guuid=b498e962-1c00-0000-d07c-5feefd090000 pid=2557 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=b498e962-1c00-0000-d07c-5feefd090000 pid=2557 clone guuid=e8bff662-1c00-0000-d07c-5feeff090000 pid=2559 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=e8bff662-1c00-0000-d07c-5feeff090000 pid=2559 execve guuid=9c0a0ea8-1c00-0000-d07c-5feeae0a0000 pid=2734 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=9c0a0ea8-1c00-0000-d07c-5feeae0a0000 pid=2734 execve guuid=686f70a8-1c00-0000-d07c-5feeb00a0000 pid=2736 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=686f70a8-1c00-0000-d07c-5feeb00a0000 pid=2736 clone guuid=316486a8-1c00-0000-d07c-5feeb10a0000 pid=2737 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=316486a8-1c00-0000-d07c-5feeb10a0000 pid=2737 execve guuid=603700e2-1c00-0000-d07c-5fee0b0b0000 pid=2827 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=603700e2-1c00-0000-d07c-5fee0b0b0000 pid=2827 execve guuid=c44865e2-1c00-0000-d07c-5fee0c0b0000 pid=2828 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=c44865e2-1c00-0000-d07c-5fee0c0b0000 pid=2828 clone guuid=3d3b74e2-1c00-0000-d07c-5fee0e0b0000 pid=2830 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=3d3b74e2-1c00-0000-d07c-5fee0e0b0000 pid=2830 execve guuid=61a2b41c-1d00-0000-d07c-5fee880b0000 pid=2952 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=61a2b41c-1d00-0000-d07c-5fee880b0000 pid=2952 execve guuid=f319121d-1d00-0000-d07c-5fee890b0000 pid=2953 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=f319121d-1d00-0000-d07c-5fee890b0000 pid=2953 clone guuid=5d6c201d-1d00-0000-d07c-5fee8a0b0000 pid=2954 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=5d6c201d-1d00-0000-d07c-5fee8a0b0000 pid=2954 execve guuid=9fb63355-1d00-0000-d07c-5fee000c0000 pid=3072 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=9fb63355-1d00-0000-d07c-5fee000c0000 pid=3072 execve guuid=61f4a755-1d00-0000-d07c-5fee020c0000 pid=3074 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=61f4a755-1d00-0000-d07c-5fee020c0000 pid=3074 clone guuid=9608c955-1d00-0000-d07c-5fee040c0000 pid=3076 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=9608c955-1d00-0000-d07c-5fee040c0000 pid=3076 execve guuid=5803398d-1d00-0000-d07c-5fee700c0000 pid=3184 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=5803398d-1d00-0000-d07c-5fee700c0000 pid=3184 execve guuid=a9b9aa8d-1d00-0000-d07c-5fee710c0000 pid=3185 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=a9b9aa8d-1d00-0000-d07c-5fee710c0000 pid=3185 clone guuid=c5debf8d-1d00-0000-d07c-5fee720c0000 pid=3186 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=c5debf8d-1d00-0000-d07c-5fee720c0000 pid=3186 execve guuid=58355fc6-1d00-0000-d07c-5feeac0c0000 pid=3244 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=58355fc6-1d00-0000-d07c-5feeac0c0000 pid=3244 execve guuid=dbc5bac6-1d00-0000-d07c-5feead0c0000 pid=3245 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=dbc5bac6-1d00-0000-d07c-5feead0c0000 pid=3245 clone guuid=b5ffcac6-1d00-0000-d07c-5feeae0c0000 pid=3246 /usr/bin/curl net send-data guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=b5ffcac6-1d00-0000-d07c-5feeae0c0000 pid=3246 execve guuid=bc4758fe-1d00-0000-d07c-5fee0b0d0000 pid=3339 /usr/bin/chmod guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=bc4758fe-1d00-0000-d07c-5fee0b0d0000 pid=3339 execve guuid=37beb2fe-1d00-0000-d07c-5fee0d0d0000 pid=3341 /usr/bin/dash guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=37beb2fe-1d00-0000-d07c-5fee0d0d0000 pid=3341 clone guuid=3bd0c3fe-1d00-0000-d07c-5fee0e0d0000 pid=3342 /usr/bin/rm guuid=c5929d44-1b00-0000-d07c-5feeaf070000 pid=1967->guuid=3bd0c3fe-1d00-0000-d07c-5fee0e0d0000 pid=3342 execve 3facbf0f-3b96-584f-8c0a-db279242f5a0 103.20.102.84:80 guuid=76c4f144-1b00-0000-d07c-5feeb0070000 pid=1968->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=977ea184-1b00-0000-d07c-5fee19080000 pid=2073->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=59a1b5ad-1b00-0000-d07c-5fee7e080000 pid=2174->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=8a7cfde4-1b00-0000-d07c-5feeff080000 pid=2303->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=cdde872a-1c00-0000-d07c-5fee7d090000 pid=2429->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=e8bff662-1c00-0000-d07c-5feeff090000 pid=2559->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=316486a8-1c00-0000-d07c-5feeb10a0000 pid=2737->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 81B guuid=3d3b74e2-1c00-0000-d07c-5fee0e0b0000 pid=2830->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=5d6c201d-1d00-0000-d07c-5fee8a0b0000 pid=2954->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=9608c955-1d00-0000-d07c-5fee040c0000 pid=3076->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=c5debf8d-1d00-0000-d07c-5fee720c0000 pid=3186->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 80B guuid=b5ffcac6-1d00-0000-d07c-5feeae0c0000 pid=3246->3facbf0f-3b96-584f-8c0a-db279242f5a0 send: 83B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-06-21 19:39:20 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=76i6kwx6v4nx3zmlariz6wcigqj3arocbaaydg3av3zaarjmqw3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250621-yaszdstmz3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ff91e55afeaf1b7de58b04519f58483413b045c20801819b60aef200452c85b6

(this sample)

Mirai

elf d10ed7ea92975d9c975485d74f6fad128a29e13bfffa0fe566fb3b097adf11a1

  
URLhaus
https://urlhaus.abuse.ch/url/3568987/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3569033/
  
Dropping
MD5 ebe24a69e45dbf5edc2a6f9bc02fc51a
  
Dropping
SHA256 d10ed7ea92975d9c975485d74f6fad128a29e13bfffa0fe566fb3b097adf11a1

Comments