MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263
SHA3-384 hash: 73f7d5afac1eb25e5a07f231be28610a1da94e7971ce2b0f945860438208e1d73ed7a06fa7b2f5da574b03e4f98852ab
SHA1 hash: d473da82daad66d94d6e241220935268a1b6ddb9
MD5 hash: e20dc8452d0cd46062a71aa0fe445e98
humanhash: missouri-crazy-two-cola
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'153 bytes
First seen:2025-07-11 05:00:21 UTC
Last seen:2025-07-12 01:42:16 UTC
File type: sh
MIME type:text/plain
ssdeep 24:2dYC3gdYBI3dYuNNIUuiupd6n4K6xdKmr8dejGpdZNmBpdjdr7dw6odNSdYV2fxv:2d6dBdJ2HpdJzdKmr8dejGpdZNmBpdjT
TLSH T10121218D0EA7904F54388F33E49B87684B9E82C7F4B4AE6565CD4CB3548DB04B439E5B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.32/HBTs/HBTs/top1miku.armn/an/aelf ua-wget
http://196.251.66.32/HBTs/HBTs/top1miku.arm5n/an/aelf ua-wget
http://196.251.66.32/HBTs/HBTs/top1miku.arm6n/an/aelf ua-wget
http://196.251.66.32/HBTs/top1miku.arm7b5bce493d05031ba446080722dfb270aec7c97fc4378e639723d637adea784d2 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.m68keb6913d816c810b0846bc7bf8dd6a19152cf078b0e4ddac040eda89ae0de8ac1 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mipsa77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f Gafgytelf gafgyt mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mpsl425dc69ffcd048df8726f1cb3716901322750e3bfc56803135c3a803eeab6369 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.ppc4adaa8fbc175e4a169c4767bc147fe1b288888cddfa4f1b39abc3fe250806ff7 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.sh4b3f1e7014dfba66c06190cfa803ea2dc947f59a0b6f437f3ec6f9263b34cb4a0 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.spc58600e74fbacf7c5e92061399451cfe44073cc61d03ee7145bfd630a6bba2f88 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.x86effabb0c89d67dc1deaaff5d5a7512613f0c6d6a3c86c773d05a3062890673ba Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.x86_64d98f7aaa9e2aa30f86d5f7c88bc2e895bee6adeebc6d87a904bd28e6f9e01810 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68709a96900df8e7f869acealinux22vpnfull_triage
Tags:
downloader trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68709a9830bf733323370344/reports/86e35468-0752-4f47-bd7f-b35b2daeb42d/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fe642819-7024-4624-a801-627e464558b1
Behavior Graph:
Download SVG
%3 guuid=50663ab8-1a00-0000-c17d-39ae650c0000 pid=3173 /usr/bin/sudo guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177 /tmp/sample.bin guuid=50663ab8-1a00-0000-c17d-39ae650c0000 pid=3173->guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177 execve guuid=a9d71abb-1a00-0000-c17d-39ae6b0c0000 pid=3179 /usr/bin/wget net send-data guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=a9d71abb-1a00-0000-c17d-39ae6b0c0000 pid=3179 execve guuid=f4afbdc0-1a00-0000-c17d-39ae7b0c0000 pid=3195 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=f4afbdc0-1a00-0000-c17d-39ae7b0c0000 pid=3195 execve guuid=8f373cc1-1a00-0000-c17d-39ae7c0c0000 pid=3196 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=8f373cc1-1a00-0000-c17d-39ae7c0c0000 pid=3196 clone guuid=6dc249c1-1a00-0000-c17d-39ae7d0c0000 pid=3197 /usr/bin/wget net send-data guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=6dc249c1-1a00-0000-c17d-39ae7d0c0000 pid=3197 execve guuid=fcf99ac4-1a00-0000-c17d-39ae840c0000 pid=3204 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=fcf99ac4-1a00-0000-c17d-39ae840c0000 pid=3204 execve guuid=d18df5c4-1a00-0000-c17d-39ae860c0000 pid=3206 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=d18df5c4-1a00-0000-c17d-39ae860c0000 pid=3206 clone guuid=bb4f00c5-1a00-0000-c17d-39ae870c0000 pid=3207 /usr/bin/wget net send-data guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=bb4f00c5-1a00-0000-c17d-39ae870c0000 pid=3207 execve guuid=03b443c8-1a00-0000-c17d-39ae910c0000 pid=3217 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=03b443c8-1a00-0000-c17d-39ae910c0000 pid=3217 execve guuid=463e85c8-1a00-0000-c17d-39ae930c0000 pid=3219 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=463e85c8-1a00-0000-c17d-39ae930c0000 pid=3219 clone guuid=fff198c8-1a00-0000-c17d-39ae940c0000 pid=3220 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=fff198c8-1a00-0000-c17d-39ae940c0000 pid=3220 execve guuid=117921cf-1a00-0000-c17d-39ae950c0000 pid=3221 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=117921cf-1a00-0000-c17d-39ae950c0000 pid=3221 execve guuid=d09972cf-1a00-0000-c17d-39ae960c0000 pid=3222 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=d09972cf-1a00-0000-c17d-39ae960c0000 pid=3222 clone guuid=1da12dd0-1a00-0000-c17d-39ae980c0000 pid=3224 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=1da12dd0-1a00-0000-c17d-39ae980c0000 pid=3224 execve guuid=98d164d7-1a00-0000-c17d-39ae9a0c0000 pid=3226 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=98d164d7-1a00-0000-c17d-39ae9a0c0000 pid=3226 execve guuid=790c03d8-1a00-0000-c17d-39ae9c0c0000 pid=3228 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=790c03d8-1a00-0000-c17d-39ae9c0c0000 pid=3228 clone guuid=8d79d9d8-1a00-0000-c17d-39aea00c0000 pid=3232 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=8d79d9d8-1a00-0000-c17d-39aea00c0000 pid=3232 execve guuid=a080d5dd-1a00-0000-c17d-39aea80c0000 pid=3240 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=a080d5dd-1a00-0000-c17d-39aea80c0000 pid=3240 execve guuid=d3cf5ede-1a00-0000-c17d-39aeab0c0000 pid=3243 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=d3cf5ede-1a00-0000-c17d-39aeab0c0000 pid=3243 clone guuid=c9695bdf-1a00-0000-c17d-39aeae0c0000 pid=3246 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=c9695bdf-1a00-0000-c17d-39aeae0c0000 pid=3246 execve guuid=b4c195e4-1a00-0000-c17d-39aeb30c0000 pid=3251 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=b4c195e4-1a00-0000-c17d-39aeb30c0000 pid=3251 execve guuid=9ef0e3e4-1a00-0000-c17d-39aeb60c0000 pid=3254 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=9ef0e3e4-1a00-0000-c17d-39aeb60c0000 pid=3254 clone guuid=0af7f8e6-1a00-0000-c17d-39aeb90c0000 pid=3257 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=0af7f8e6-1a00-0000-c17d-39aeb90c0000 pid=3257 execve guuid=f8e412ec-1a00-0000-c17d-39aebb0c0000 pid=3259 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=f8e412ec-1a00-0000-c17d-39aebb0c0000 pid=3259 execve guuid=751a59ec-1a00-0000-c17d-39aebc0c0000 pid=3260 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=751a59ec-1a00-0000-c17d-39aebc0c0000 pid=3260 clone guuid=6e9f0ded-1a00-0000-c17d-39aebe0c0000 pid=3262 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=6e9f0ded-1a00-0000-c17d-39aebe0c0000 pid=3262 execve guuid=c67628f2-1a00-0000-c17d-39aecb0c0000 pid=3275 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=c67628f2-1a00-0000-c17d-39aecb0c0000 pid=3275 execve guuid=3582a1f2-1a00-0000-c17d-39aecd0c0000 pid=3277 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=3582a1f2-1a00-0000-c17d-39aecd0c0000 pid=3277 clone guuid=f76c6ef3-1a00-0000-c17d-39aed00c0000 pid=3280 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=f76c6ef3-1a00-0000-c17d-39aed00c0000 pid=3280 execve guuid=50d9b3f8-1a00-0000-c17d-39aed70c0000 pid=3287 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=50d9b3f8-1a00-0000-c17d-39aed70c0000 pid=3287 execve guuid=d7a80df9-1a00-0000-c17d-39aed80c0000 pid=3288 /usr/bin/dash guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=d7a80df9-1a00-0000-c17d-39aed80c0000 pid=3288 clone guuid=1e5fd7f9-1a00-0000-c17d-39aeda0c0000 pid=3290 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=1e5fd7f9-1a00-0000-c17d-39aeda0c0000 pid=3290 execve guuid=896fe8fe-1a00-0000-c17d-39aedc0c0000 pid=3292 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=896fe8fe-1a00-0000-c17d-39aedc0c0000 pid=3292 execve guuid=4fb135ff-1a00-0000-c17d-39aede0c0000 pid=3294 /home/sandbox/top1miku.x86 net guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=4fb135ff-1a00-0000-c17d-39aede0c0000 pid=3294 execve guuid=e17d63ff-1a00-0000-c17d-39aee00c0000 pid=3296 /usr/bin/wget net send-data write-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=e17d63ff-1a00-0000-c17d-39aee00c0000 pid=3296 execve guuid=ac270c04-1b00-0000-c17d-39aeef0c0000 pid=3311 /usr/bin/chmod guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=ac270c04-1b00-0000-c17d-39aeef0c0000 pid=3311 execve guuid=c0156c04-1b00-0000-c17d-39aef10c0000 pid=3313 /home/sandbox/top1miku.x86_64 net guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=c0156c04-1b00-0000-c17d-39aef10c0000 pid=3313 execve guuid=d5100d30-1c00-0000-c17d-39ae930f0000 pid=3987 /usr/bin/rm delete-file guuid=13c4e1ba-1a00-0000-c17d-39ae690c0000 pid=3177->guuid=d5100d30-1c00-0000-c17d-39ae930f0000 pid=3987 execve b4463e29-c6ee-5341-9c75-3bf4da178e37 196.251.66.32:80 guuid=a9d71abb-1a00-0000-c17d-39ae6b0c0000 pid=3179->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 150B guuid=6dc249c1-1a00-0000-c17d-39ae7d0c0000 pid=3197->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 151B guuid=bb4f00c5-1a00-0000-c17d-39ae870c0000 pid=3207->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 151B guuid=fff198c8-1a00-0000-c17d-39ae940c0000 pid=3220->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 146B guuid=1da12dd0-1a00-0000-c17d-39ae980c0000 pid=3224->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 146B guuid=8d79d9d8-1a00-0000-c17d-39aea00c0000 pid=3232->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 146B guuid=c9695bdf-1a00-0000-c17d-39aeae0c0000 pid=3246->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 146B guuid=0af7f8e6-1a00-0000-c17d-39aeb90c0000 pid=3257->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 145B guuid=6e9f0ded-1a00-0000-c17d-39aebe0c0000 pid=3262->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 145B guuid=f76c6ef3-1a00-0000-c17d-39aed00c0000 pid=3280->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 145B guuid=1e5fd7f9-1a00-0000-c17d-39aeda0c0000 pid=3290->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 145B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4fb135ff-1a00-0000-c17d-39aede0c0000 pid=3294->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295 /home/sandbox/top1miku.x86 delete-file net send-data zombie guuid=4fb135ff-1a00-0000-c17d-39aede0c0000 pid=3294->guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295 clone guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con b07a7f29-f341-5457-ac66-92995794ff16 196.251.66.32:1302 guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295->b07a7f29-f341-5457-ac66-92995794ff16 send: 12B guuid=d93683ff-1a00-0000-c17d-39aee20c0000 pid=3298 /home/sandbox/top1miku.x86 guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295->guuid=d93683ff-1a00-0000-c17d-39aee20c0000 pid=3298 clone guuid=880e8cff-1a00-0000-c17d-39aee30c0000 pid=3299 /home/sandbox/top1miku.x86 guuid=87465bff-1a00-0000-c17d-39aedf0c0000 pid=3295->guuid=880e8cff-1a00-0000-c17d-39aee30c0000 pid=3299 clone guuid=e17d63ff-1a00-0000-c17d-39aee00c0000 pid=3296->b4463e29-c6ee-5341-9c75-3bf4da178e37 send: 148B guuid=c0156c04-1b00-0000-c17d-39aef10c0000 pid=3313->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 836dce14-4611-5ec0-94fd-a9232d5a3558 0.0.0.0:9473 guuid=c0156c04-1b00-0000-c17d-39aef10c0000 pid=3313->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986 /home/sandbox/top1miku.x86_64 net send-data zombie guuid=c0156c04-1b00-0000-c17d-39aef10c0000 pid=3313->guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986 clone guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986->b07a7f29-f341-5457-ac66-92995794ff16 send: 14B guuid=29b81130-1c00-0000-c17d-39ae940f0000 pid=3988 /home/sandbox/top1miku.x86_64 guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986->guuid=29b81130-1c00-0000-c17d-39ae940f0000 pid=3988 clone guuid=46871830-1c00-0000-c17d-39ae950f0000 pid=3989 /home/sandbox/top1miku.x86_64 guuid=38420330-1c00-0000-c17d-39ae920f0000 pid=3986->guuid=46871830-1c00-0000-c17d-39ae950f0000 pid=3989 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-11 05:01:11 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aef2f3t76yaechunxfahkvzzlr4cram72yn73gws5t3chkgkyjrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250711-fm7zzaaq8z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 010ba2ee7ff600411e8db9407557395c7828819fd61bfd9ad2ecf623a8cac263

(this sample)

Mirai

elf 4fde97802cacc8c533af80b6fbcfc30372fd88c1b1505eee02a6d312a6de6bf6

  
URLhaus
https://urlhaus.abuse.ch/url/3579487/
  
Delivery method
Distributed via web download
  
Dropping
MD5 11255f62a9fcf73a90c92a96e52839fe
  
Dropping
SHA256 4fde97802cacc8c533af80b6fbcfc30372fd88c1b1505eee02a6d312a6de6bf6

Comments