MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60
SHA3-384 hash: e04c85a03a44b3c114f32afab097f32c426e79e8762fcdbd73a593478153c1cd5de38c3d91f1d4d7647d7bd2a1d026f8
SHA1 hash: 18322dcb95b6e284e8237ca74843c2da7a12585f
MD5 hash: dd5ad7b51c0c377133f18b141d2de211
humanhash: earth-burger-william-jig
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:804 bytes
First seen:2025-11-02 18:12:24 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:llHFS4UFKNIl5LF30LKGJD+OTJUJFJoabSTHbSTH8iHkYpyS:ouNI78KuD+4UJvoWw7wciEW/
TLSH T1C601DEDD60B2E7920649DF44A067CA3D90148ED1A390CF9D68CC0E72ADD4D15731AA49
Magika batch
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://14.225.20.10/armcfaf3a934c7ca6e462a92dd30efd77e7d729c6489a89708d7d763b3c2044e87a Miraiarm elf geofenced mirai ua-wget USA
http://14.225.20.10/arm51dadc79006e0179905f7aacce2c3700236863cdfb470d57ea1c4147dc8250bb2 Miraiarm elf geofenced mirai ua-wget USA
http://14.225.20.10/arm6c114634ce88bf0e9e67e31d519352f797fc07443331e658b0b027e94e7d34896 Miraiarm elf geofenced mirai ua-wget USA
http://14.225.20.10/arm70bd072efea3edac7ceb4e7c36375286e4c3048c7bb64c830054d342db3a47682 Miraiarm elf geofenced mirai ua-wget USA
http://14.225.20.10/m68kb38d7da0820e78932e1076637f3a13b2f6159ac9a9d3f3ba5af679843a0e47b8 Miraielf geofenced m68k mirai ua-wget USA
http://14.225.20.10/mips6be7e802f862949380111de1f29bdfeb79bf29e95dae87c09075023eae08f04d Miraielf geofenced mips mirai ua-wget USA
http://14.225.20.10/mpsln/an/aelf geofenced mips mirai ua-wget USA
http://14.225.20.10/ppcfd0d38dd64ce7738b4518e0711ec7a03f2c7e01ec989eb0c7e77a13e81fc4b9d Miraielf geofenced mirai PowerPC ua-wget USA
http://14.225.20.10/spc7a76a08159df0a0ef83857daef41dc98d866c1cc939a3eecb93036a795750dab Miraielf geofenced mirai sparc ua-wget USA
http://14.225.20.10/x861e2220a4e7910b78cc5de178c301632b2e13c31697ed0a838e9ba0d460059225 Miraielf geofenced mirai ua-wget USA x86
http://14.225.20.10/x86_649b118ae3f035755a270475faa2ec351ff38ad1b3371fc83eed68089ba40fb88b Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69079f23de25fddba0617fe2/reports/5b906114-4a82-4f63-a1dc-1ebdaf55f2bd/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-11-02T15:27:00Z UTC
Last seen:
2025-11-03T10:18:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/71f55f33-4b27-496d-b77c-458369def45f
Behavior Graph:
Download SVG
%3 guuid=d320b95e-4600-0000-cbe5-8ad731040000 pid=1073 /usr/bin/sudo guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074 /tmp/sample.bin guuid=d320b95e-4600-0000-cbe5-8ad731040000 pid=1073->guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074 execve guuid=b7d4ff61-4600-0000-cbe5-8ad733040000 pid=1075 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=b7d4ff61-4600-0000-cbe5-8ad733040000 pid=1075 execve guuid=00a70fa3-4600-0000-cbe5-8ad734040000 pid=1076 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=00a70fa3-4600-0000-cbe5-8ad734040000 pid=1076 execve guuid=6eda85a3-4600-0000-cbe5-8ad735040000 pid=1077 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=6eda85a3-4600-0000-cbe5-8ad735040000 pid=1077 clone guuid=342a85a4-4600-0000-cbe5-8ad737040000 pid=1079 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=342a85a4-4600-0000-cbe5-8ad737040000 pid=1079 execve guuid=60768ad3-4600-0000-cbe5-8ad738040000 pid=1080 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=60768ad3-4600-0000-cbe5-8ad738040000 pid=1080 execve guuid=c6420ed4-4600-0000-cbe5-8ad739040000 pid=1081 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=c6420ed4-4600-0000-cbe5-8ad739040000 pid=1081 clone guuid=71dd24d5-4600-0000-cbe5-8ad73b040000 pid=1083 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=71dd24d5-4600-0000-cbe5-8ad73b040000 pid=1083 execve guuid=b3bee120-4700-0000-cbe5-8ad73c040000 pid=1084 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=b3bee120-4700-0000-cbe5-8ad73c040000 pid=1084 execve guuid=c81c2121-4700-0000-cbe5-8ad73d040000 pid=1085 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=c81c2121-4700-0000-cbe5-8ad73d040000 pid=1085 clone guuid=f65daf21-4700-0000-cbe5-8ad73f040000 pid=1087 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=f65daf21-4700-0000-cbe5-8ad73f040000 pid=1087 execve guuid=cb6a096c-4700-0000-cbe5-8ad740040000 pid=1088 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=cb6a096c-4700-0000-cbe5-8ad740040000 pid=1088 execve guuid=e7904f6c-4700-0000-cbe5-8ad741040000 pid=1089 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=e7904f6c-4700-0000-cbe5-8ad741040000 pid=1089 clone guuid=2126fb6c-4700-0000-cbe5-8ad743040000 pid=1091 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=2126fb6c-4700-0000-cbe5-8ad743040000 pid=1091 execve guuid=eab62dce-4700-0000-cbe5-8ad744040000 pid=1092 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=eab62dce-4700-0000-cbe5-8ad744040000 pid=1092 execve guuid=2fba8bce-4700-0000-cbe5-8ad745040000 pid=1093 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=2fba8bce-4700-0000-cbe5-8ad745040000 pid=1093 clone guuid=526b40cf-4700-0000-cbe5-8ad747040000 pid=1095 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=526b40cf-4700-0000-cbe5-8ad747040000 pid=1095 execve guuid=dc18461a-4800-0000-cbe5-8ad748040000 pid=1096 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=dc18461a-4800-0000-cbe5-8ad748040000 pid=1096 execve guuid=4937881a-4800-0000-cbe5-8ad749040000 pid=1097 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=4937881a-4800-0000-cbe5-8ad749040000 pid=1097 clone guuid=afe80b1b-4800-0000-cbe5-8ad74b040000 pid=1099 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=afe80b1b-4800-0000-cbe5-8ad74b040000 pid=1099 execve guuid=3db2b26c-4800-0000-cbe5-8ad74c040000 pid=1100 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=3db2b26c-4800-0000-cbe5-8ad74c040000 pid=1100 execve guuid=0dc7696d-4800-0000-cbe5-8ad74d040000 pid=1101 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=0dc7696d-4800-0000-cbe5-8ad74d040000 pid=1101 clone guuid=5e57746e-4800-0000-cbe5-8ad74f040000 pid=1103 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=5e57746e-4800-0000-cbe5-8ad74f040000 pid=1103 execve guuid=d3a8b1b2-4800-0000-cbe5-8ad750040000 pid=1104 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=d3a8b1b2-4800-0000-cbe5-8ad750040000 pid=1104 execve guuid=01f42fb3-4800-0000-cbe5-8ad751040000 pid=1105 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=01f42fb3-4800-0000-cbe5-8ad751040000 pid=1105 clone guuid=ffc856b4-4800-0000-cbe5-8ad753040000 pid=1107 /usr/bin/busybox net send-data guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=ffc856b4-4800-0000-cbe5-8ad753040000 pid=1107 execve guuid=568c85d2-4800-0000-cbe5-8ad754040000 pid=1108 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=568c85d2-4800-0000-cbe5-8ad754040000 pid=1108 execve guuid=2057f5d2-4800-0000-cbe5-8ad755040000 pid=1109 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=2057f5d2-4800-0000-cbe5-8ad755040000 pid=1109 clone guuid=665983d3-4800-0000-cbe5-8ad757040000 pid=1111 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=665983d3-4800-0000-cbe5-8ad757040000 pid=1111 execve guuid=46a0a50e-4900-0000-cbe5-8ad758040000 pid=1112 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=46a0a50e-4900-0000-cbe5-8ad758040000 pid=1112 execve guuid=c609080f-4900-0000-cbe5-8ad759040000 pid=1113 /usr/bin/dash guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=c609080f-4900-0000-cbe5-8ad759040000 pid=1113 clone guuid=f9dc0710-4900-0000-cbe5-8ad75b040000 pid=1115 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=f9dc0710-4900-0000-cbe5-8ad75b040000 pid=1115 execve guuid=b09a6179-4900-0000-cbe5-8ad75c040000 pid=1116 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=b09a6179-4900-0000-cbe5-8ad75c040000 pid=1116 execve guuid=38cef279-4900-0000-cbe5-8ad75d040000 pid=1117 /home/sandbox/x86 net guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=38cef279-4900-0000-cbe5-8ad75d040000 pid=1117 execve guuid=85e7317a-4900-0000-cbe5-8ad75f040000 pid=1119 /usr/bin/busybox net send-data write-file guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=85e7317a-4900-0000-cbe5-8ad75f040000 pid=1119 execve guuid=746828b7-4900-0000-cbe5-8ad762040000 pid=1122 /usr/bin/chmod guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=746828b7-4900-0000-cbe5-8ad762040000 pid=1122 execve guuid=01d86db7-4900-0000-cbe5-8ad763040000 pid=1123 /home/sandbox/x86_64 net guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=01d86db7-4900-0000-cbe5-8ad763040000 pid=1123 execve guuid=fb3cc8b7-4900-0000-cbe5-8ad766040000 pid=1126 /usr/bin/rm guuid=1003a261-4600-0000-cbe5-8ad732040000 pid=1074->guuid=fb3cc8b7-4900-0000-cbe5-8ad766040000 pid=1126 execve 1620c7c4-e93d-516f-a8e7-a70e9d4dc287 14.225.20.10:80 guuid=b7d4ff61-4600-0000-cbe5-8ad733040000 pid=1075->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 78B guuid=342a85a4-4600-0000-cbe5-8ad737040000 pid=1079->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=71dd24d5-4600-0000-cbe5-8ad73b040000 pid=1083->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=f65daf21-4700-0000-cbe5-8ad73f040000 pid=1087->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=2126fb6c-4700-0000-cbe5-8ad743040000 pid=1091->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=526b40cf-4700-0000-cbe5-8ad747040000 pid=1095->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=afe80b1b-4800-0000-cbe5-8ad74b040000 pid=1099->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 79B guuid=5e57746e-4800-0000-cbe5-8ad74f040000 pid=1103->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 78B guuid=ffc856b4-4800-0000-cbe5-8ad753040000 pid=1107->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 78B guuid=665983d3-4800-0000-cbe5-8ad757040000 pid=1111->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 78B guuid=f9dc0710-4900-0000-cbe5-8ad75b040000 pid=1115->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 78B f0cee7cd-6575-533a-a957-51df5bc0161d 180.93.42.18:53 guuid=38cef279-4900-0000-cbe5-8ad75d040000 pid=1117->f0cee7cd-6575-533a-a957-51df5bc0161d con guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118 /home/sandbox/x86 dns net send-data zombie guuid=38cef279-4900-0000-cbe5-8ad75d040000 pid=1117->guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B f9aada04-926a-58e4-8d29-6ecf4bfe56bb butternet.vietnamddns.com:55555 guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118->f9aada04-926a-58e4-8d29-6ecf4bfe56bb send: 10B df4404a4-3797-5b37-b2f8-55096df05a5e butternet.vietnamddns.com:53 guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118->df4404a4-3797-5b37-b2f8-55096df05a5e con guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120 /home/sandbox/x86 guuid=206a267a-4900-0000-cbe5-8ad75e040000 pid=1118->guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120 clone guuid=85e7317a-4900-0000-cbe5-8ad75f040000 pid=1119->1620c7c4-e93d-516f-a8e7-a70e9d4dc287 send: 81B guuid=a8743f7a-4900-0000-cbe5-8ad761040000 pid=1121 /home/sandbox/x86 guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120->guuid=a8743f7a-4900-0000-cbe5-8ad761040000 pid=1121 clone guuid=996a4cfb-4c00-0000-cbe5-8ad769040000 pid=1129 /home/sandbox/x86 guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120->guuid=996a4cfb-4c00-0000-cbe5-8ad769040000 pid=1129 clone guuid=00d73a7b-5000-0000-cbe5-8ad7e6050000 pid=1510 /home/sandbox/x86 guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120->guuid=00d73a7b-5000-0000-cbe5-8ad7e6050000 pid=1510 clone guuid=1a59befb-5300-0000-cbe5-8ad78e090000 pid=2446 /home/sandbox/x86 guuid=990c377a-4900-0000-cbe5-8ad760040000 pid=1120->guuid=1a59befb-5300-0000-cbe5-8ad78e090000 pid=2446 clone guuid=01d86db7-4900-0000-cbe5-8ad763040000 pid=1123->df4404a4-3797-5b37-b2f8-55096df05a5e con guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124 /home/sandbox/x86_64 dns net send-data zombie guuid=01d86db7-4900-0000-cbe5-8ad763040000 pid=1123->guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124 clone guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124->f9aada04-926a-58e4-8d29-6ecf4bfe56bb send: 10B guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124->df4404a4-3797-5b37-b2f8-55096df05a5e con guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125 /home/sandbox/x86_64 guuid=fa1ab1b7-4900-0000-cbe5-8ad764040000 pid=1124->guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125 clone guuid=85bdd0b7-4900-0000-cbe5-8ad767040000 pid=1127 /home/sandbox/x86_64 guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125->guuid=85bdd0b7-4900-0000-cbe5-8ad767040000 pid=1127 clone guuid=4ea4ae36-4d00-0000-cbe5-8ad76a040000 pid=1130 /home/sandbox/x86_64 guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125->guuid=4ea4ae36-4d00-0000-cbe5-8ad76a040000 pid=1130 clone guuid=c65b1bb5-5000-0000-cbe5-8ad75d060000 pid=1629 /home/sandbox/x86_64 guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125->guuid=c65b1bb5-5000-0000-cbe5-8ad75d060000 pid=1629 clone guuid=657c9a33-5400-0000-cbe5-8ad7fa090000 pid=2554 /home/sandbox/x86_64 guuid=10abc3b7-4900-0000-cbe5-8ad765040000 pid=1125->guuid=657c9a33-5400-0000-cbe5-8ad7fa090000 pid=2554 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-02 18:13:35 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=adhpi6hcxi6rb2aqoybb2x4uiyj5d3vpz72g4i3gu5istag55zqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251102-wtgz5abp2x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 00cef478e2ba3d10e81076021d5f944613d1eeafcff46e2366a7512980ddee60

(this sample)

Mirai

elf c602954ad7684dd46462da54a73487d856485cc473a33b66124600ba8d198e14

  
URLhaus
https://urlhaus.abuse.ch/url/3694301/
  
Delivery method
Distributed via web download
  
Dropping
MD5 88d63a07e8ca7fad4bb6d54dfa75bdf0
  
Dropping
SHA256 c602954ad7684dd46462da54a73487d856485cc473a33b66124600ba8d198e14

Comments