MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e
SHA3-384 hash: a1fa710ae56df0f8649e21bd89d2109d4296d933980e3ba7cf01aededc16fc4dfc46601e96302792e5fbd87b35322e87
SHA1 hash: 118fb888b81c2795e935af827f51d0e80cc23f96
MD5 hash: ca72ddab93d1c3a2f4efc10317633e16
humanhash: six-failed-asparagus-princess
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:430 bytes
First seen:2025-09-27 03:33:24 UTC
Last seen:2025-09-30 06:45:16 UTC
File type: sh
MIME type:text/plain
ssdeep 6:SXWgZSZUKWgZSPkWgZSbNNIl5YMEWgZSva0LKiHEWgZSCNISFWgZSlN5QqWgZShj:LZgPXJNIl5h3S0LKu3tSIne/fJn
TLSH T1D3E0C09F7C21B16A88549EC2B3764849E097D6C87064DFDDB5D6943698D4600F019F47
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.17.183.25/arm457eae87319b1801066f8dfb4ce8e913a08f00da1aaedc2eb83d8a5c8067e57bc Miraielf mirai
http://193.17.183.25/arm513006eeaaf4f0cb533e1082dc36b24aa61e433b00e51a00fc4c132c63541cabc Miraielf mirai
http://193.17.183.25/arm67824ef603c1e2b4a1ff5d8923b2006f149f108106a3d9b2b27cb23d36f71bb83 Miraielf mirai
http://193.17.183.25/arm7491ff7502cf155751bdb7e8071971d31a13ff0d487ec2bebabf6cf27efe08fc9 Miraielf mirai
http://193.17.183.25/mipsba4bca86d45db6db11d6beb4aab1debae15b879082d17e6fd7f16f225ca40405 Mirai32-bit elf mirai Mozi
http://193.17.183.25/mpsl3cced96f83fb559fe534a4e1fde5153f93c3dd9f4d383b49aeed630e1eace23a Miraielf mirai
http://193.17.183.25/x86ef62503e39789426ac748cb9855c3083df33dc56c7050061ced30aff3ec831ae Mirai32-bit elf HailBot mirai Mozi

Intelligence

File Origin
# of uploads :
4
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
expand lolbin
Link:
https://www.filescan.io/uploads/68d75b17674d5fd6aa0e3283/reports/6a32f540-ca5b-4775-8934-a221c9a4c8e7/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-27T00:46:00Z UTC
Last seen:
2025-09-27T00:46:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f73d4562-6620-4d39-876f-cb1246917da1
Behavior Graph:
Download SVG
%3 guuid=1608a26d-1900-0000-af8d-6de748100000 pid=4168 /usr/bin/sudo guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173 /tmp/sample.bin guuid=1608a26d-1900-0000-af8d-6de748100000 pid=4168->guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173 execve guuid=075b9b6f-1900-0000-af8d-6de74e100000 pid=4174 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=075b9b6f-1900-0000-af8d-6de74e100000 pid=4174 execve guuid=a878517c-1900-0000-af8d-6de77a100000 pid=4218 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=a878517c-1900-0000-af8d-6de77a100000 pid=4218 execve guuid=d83c8e7c-1900-0000-af8d-6de77c100000 pid=4220 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=d83c8e7c-1900-0000-af8d-6de77c100000 pid=4220 clone guuid=baa1ed7d-1900-0000-af8d-6de782100000 pid=4226 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=baa1ed7d-1900-0000-af8d-6de782100000 pid=4226 execve guuid=8e28c989-1900-0000-af8d-6de7b1100000 pid=4273 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=8e28c989-1900-0000-af8d-6de7b1100000 pid=4273 execve guuid=e4470b8a-1900-0000-af8d-6de7b2100000 pid=4274 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=e4470b8a-1900-0000-af8d-6de7b2100000 pid=4274 clone guuid=e0f6508b-1900-0000-af8d-6de7b8100000 pid=4280 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=e0f6508b-1900-0000-af8d-6de7b8100000 pid=4280 execve guuid=71471f97-1900-0000-af8d-6de7da100000 pid=4314 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=71471f97-1900-0000-af8d-6de7da100000 pid=4314 execve guuid=8596a197-1900-0000-af8d-6de7de100000 pid=4318 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=8596a197-1900-0000-af8d-6de7de100000 pid=4318 clone guuid=f1a98798-1900-0000-af8d-6de7e1100000 pid=4321 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=f1a98798-1900-0000-af8d-6de7e1100000 pid=4321 execve guuid=1f4dfaa4-1900-0000-af8d-6de709110000 pid=4361 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=1f4dfaa4-1900-0000-af8d-6de709110000 pid=4361 execve guuid=732b4ca5-1900-0000-af8d-6de70a110000 pid=4362 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=732b4ca5-1900-0000-af8d-6de70a110000 pid=4362 clone guuid=0a9717a6-1900-0000-af8d-6de70f110000 pid=4367 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=0a9717a6-1900-0000-af8d-6de70f110000 pid=4367 execve guuid=cc67d9b1-1900-0000-af8d-6de738110000 pid=4408 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=cc67d9b1-1900-0000-af8d-6de738110000 pid=4408 execve guuid=abc47db2-1900-0000-af8d-6de73a110000 pid=4410 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=abc47db2-1900-0000-af8d-6de73a110000 pid=4410 clone guuid=f08999b4-1900-0000-af8d-6de743110000 pid=4419 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=f08999b4-1900-0000-af8d-6de743110000 pid=4419 execve guuid=526120c1-1900-0000-af8d-6de76e110000 pid=4462 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=526120c1-1900-0000-af8d-6de76e110000 pid=4462 execve guuid=6bd15dc1-1900-0000-af8d-6de76f110000 pid=4463 /usr/bin/dash guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=6bd15dc1-1900-0000-af8d-6de76f110000 pid=4463 clone guuid=7824f8c1-1900-0000-af8d-6de774110000 pid=4468 /usr/bin/wget net send-data write-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=7824f8c1-1900-0000-af8d-6de774110000 pid=4468 execve guuid=ebbd43ce-1900-0000-af8d-6de79f110000 pid=4511 /usr/bin/chmod guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=ebbd43ce-1900-0000-af8d-6de79f110000 pid=4511 execve guuid=42e191ce-1900-0000-af8d-6de7a1110000 pid=4513 /home/sandbox/x86 net guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=42e191ce-1900-0000-af8d-6de7a1110000 pid=4513 execve guuid=2bcec4d2-1900-0000-af8d-6de7b0110000 pid=4528 /usr/bin/rm delete-file guuid=8422586f-1900-0000-af8d-6de74d100000 pid=4173->guuid=2bcec4d2-1900-0000-af8d-6de7b0110000 pid=4528 execve e7dde9a3-1eb2-52c2-8610-1af08bcab6ba 193.17.183.25:80 guuid=075b9b6f-1900-0000-af8d-6de74e100000 pid=4174->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=baa1ed7d-1900-0000-af8d-6de782100000 pid=4226->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=e0f6508b-1900-0000-af8d-6de7b8100000 pid=4280->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=f1a98798-1900-0000-af8d-6de7e1100000 pid=4321->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=0a9717a6-1900-0000-af8d-6de70f110000 pid=4367->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=f08999b4-1900-0000-af8d-6de743110000 pid=4419->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 132B guuid=7824f8c1-1900-0000-af8d-6de774110000 pid=4468->e7dde9a3-1eb2-52c2-8610-1af08bcab6ba send: 131B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=42e191ce-1900-0000-af8d-6de7a1110000 pid=4513->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9621b3d2-1900-0000-af8d-6de7ad110000 pid=4525 /home/sandbox/x86 zombie guuid=42e191ce-1900-0000-af8d-6de7a1110000 pid=4513->guuid=9621b3d2-1900-0000-af8d-6de7ad110000 pid=4525 clone guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527 /home/sandbox/dvrDecoder net zombie guuid=42e191ce-1900-0000-af8d-6de7a1110000 pid=4513->guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527 clone dcca694b-3e74-5b77-ab67-7079081df1bf 23.132.228.76:41763 guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->dcca694b-3e74-5b77-ab67-7079081df1bf con b42fe9cc-9833-5585-93b0-6d79f433fdbc 23.132.228.76:26141 guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->b42fe9cc-9833-5585-93b0-6d79f433fdbc con 6df43f9f-32d1-5c3e-ace2-db9780b89d9b 23.132.228.76:46164 guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->6df43f9f-32d1-5c3e-ace2-db9780b89d9b con 80be741a-27b0-551e-aaef-623896a10f67 23.132.228.76:35086 guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->80be741a-27b0-551e-aaef-623896a10f67 con guuid=0ef3d9d2-1900-0000-af8d-6de7b1110000 pid=4529 /home/sandbox/dvrDecoder guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->guuid=0ef3d9d2-1900-0000-af8d-6de7b1110000 pid=4529 clone guuid=051addd2-1900-0000-af8d-6de7b2110000 pid=4530 /home/sandbox/dvrDecoder guuid=b448bfd2-1900-0000-af8d-6de7af110000 pid=4527->guuid=051addd2-1900-0000-af8d-6de7b2110000 pid=4530 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-09-27 03:34:29 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=agqs6bskosw5evcw5wtaierehjudxhkceabqvlqwhhhad3b7b2ha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250927-d4jbtsxpy7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 01a12f064a74add25456eda60412243a683b9d4220030aae1639ce01ec3f0e8e

(this sample)

Mirai

elf 89463707186ea020ed06efd714c91a6442afbf656b638cdcc1d81baeb6c62830

  
URLhaus
https://urlhaus.abuse.ch/url/3626681/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3626704/
  
URLhaus
https://urlhaus.abuse.ch/url/3626652/
  
URLhaus
https://urlhaus.abuse.ch/url/3626650/
  
URLhaus
https://urlhaus.abuse.ch/url/3626643/
  
URLhaus
https://urlhaus.abuse.ch/url/3626642/
  
Dropping
MD5 d7559a445ea67c98c70452747ed6c1f6
  
Dropping
SHA256 89463707186ea020ed06efd714c91a6442afbf656b638cdcc1d81baeb6c62830

Comments