MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6
SHA3-384 hash: 1bf1ec64df3945e9ccf0e98e0a644ae90f8ee35a39ea38e629d57bbbfa2b680dd82b540d35becf5abb7f3fcc51141e4e
SHA1 hash: b05e790ef45623e79f56ee292d35e3fe5eeeee75
MD5 hash: af308177d4dd2c38630bdfbacd5e2179
humanhash: muppet-louisiana-georgia-ceiling
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:930 bytes
First seen:2025-09-29 18:21:43 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:w35L535CY+E35rNIl5s3540LKc35K+OFw353jM435ZT935eSO435XtB35Y435RnX:rYNNI7cKF+I6jRTOlOtEkXn
TLSH T11D119DCEB76162720848CE64716AC8589134DAD4B1880F9E6DCD0CB7D9D9A11B27AE7C
Magika asm
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.97.149.138/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://161.97.149.138/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://161.97.149.138/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://161.97.149.138/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://161.97.149.138/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://161.97.149.138/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://161.97.149.138/systemcl/sh4n/an/aelf ua-wget
http://161.97.149.138/systemcl/spcn/an/aelf ua-wget
http://161.97.149.138/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68dace60c564c8e81d0a313b/reports/8564e158-714c-4b86-8c4a-c28ed1fd5c9b/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a0fe9f21-601d-40bc-9f1d-c4c56ad1f683
Behavior Graph:
Download SVG
%3 guuid=3b85992b-1f00-0000-06ae-73c2940b0000 pid=2964 /usr/bin/sudo guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969 /tmp/sample.bin guuid=3b85992b-1f00-0000-06ae-73c2940b0000 pid=2964->guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969 execve guuid=be4a402f-1f00-0000-06ae-73c29b0b0000 pid=2971 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=be4a402f-1f00-0000-06ae-73c29b0b0000 pid=2971 execve guuid=cb64dd33-1f00-0000-06ae-73c2a90b0000 pid=2985 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=cb64dd33-1f00-0000-06ae-73c2a90b0000 pid=2985 execve guuid=fa902034-1f00-0000-06ae-73c2aa0b0000 pid=2986 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=fa902034-1f00-0000-06ae-73c2aa0b0000 pid=2986 clone guuid=655f2035-1f00-0000-06ae-73c2ae0b0000 pid=2990 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=655f2035-1f00-0000-06ae-73c2ae0b0000 pid=2990 execve guuid=4d58b739-1f00-0000-06ae-73c2b70b0000 pid=2999 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=4d58b739-1f00-0000-06ae-73c2b70b0000 pid=2999 execve guuid=19e70e3a-1f00-0000-06ae-73c2b90b0000 pid=3001 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=19e70e3a-1f00-0000-06ae-73c2b90b0000 pid=3001 clone guuid=b4a7c03a-1f00-0000-06ae-73c2bc0b0000 pid=3004 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=b4a7c03a-1f00-0000-06ae-73c2bc0b0000 pid=3004 execve guuid=32aea340-1f00-0000-06ae-73c2cc0b0000 pid=3020 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=32aea340-1f00-0000-06ae-73c2cc0b0000 pid=3020 execve guuid=aa84d940-1f00-0000-06ae-73c2cd0b0000 pid=3021 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=aa84d940-1f00-0000-06ae-73c2cd0b0000 pid=3021 clone guuid=31ee5042-1f00-0000-06ae-73c2d40b0000 pid=3028 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=31ee5042-1f00-0000-06ae-73c2d40b0000 pid=3028 execve guuid=45082148-1f00-0000-06ae-73c2e30b0000 pid=3043 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=45082148-1f00-0000-06ae-73c2e30b0000 pid=3043 execve guuid=4e025348-1f00-0000-06ae-73c2e40b0000 pid=3044 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=4e025348-1f00-0000-06ae-73c2e40b0000 pid=3044 clone guuid=63260d49-1f00-0000-06ae-73c2e90b0000 pid=3049 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=63260d49-1f00-0000-06ae-73c2e90b0000 pid=3049 execve guuid=f8c0424b-1f00-0000-06ae-73c2ef0b0000 pid=3055 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=f8c0424b-1f00-0000-06ae-73c2ef0b0000 pid=3055 execve guuid=9d2c874b-1f00-0000-06ae-73c2f10b0000 pid=3057 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=9d2c874b-1f00-0000-06ae-73c2f10b0000 pid=3057 clone guuid=13b2114c-1f00-0000-06ae-73c2f40b0000 pid=3060 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=13b2114c-1f00-0000-06ae-73c2f40b0000 pid=3060 execve guuid=b9802c4e-1f00-0000-06ae-73c2fc0b0000 pid=3068 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=b9802c4e-1f00-0000-06ae-73c2fc0b0000 pid=3068 execve guuid=0f588f4e-1f00-0000-06ae-73c2fe0b0000 pid=3070 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=0f588f4e-1f00-0000-06ae-73c2fe0b0000 pid=3070 clone guuid=22612d4f-1f00-0000-06ae-73c2020c0000 pid=3074 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=22612d4f-1f00-0000-06ae-73c2020c0000 pid=3074 execve guuid=23dd4551-1f00-0000-06ae-73c20b0c0000 pid=3083 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=23dd4551-1f00-0000-06ae-73c20b0c0000 pid=3083 execve guuid=5bf1db51-1f00-0000-06ae-73c20e0c0000 pid=3086 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=5bf1db51-1f00-0000-06ae-73c20e0c0000 pid=3086 clone guuid=3457ab53-1f00-0000-06ae-73c2160c0000 pid=3094 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=3457ab53-1f00-0000-06ae-73c2160c0000 pid=3094 execve guuid=892c6f55-1f00-0000-06ae-73c21a0c0000 pid=3098 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=892c6f55-1f00-0000-06ae-73c21a0c0000 pid=3098 execve guuid=4ba4bc55-1f00-0000-06ae-73c21c0c0000 pid=3100 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=4ba4bc55-1f00-0000-06ae-73c21c0c0000 pid=3100 clone guuid=fcc19c56-1f00-0000-06ae-73c2200c0000 pid=3104 /usr/bin/busybox net send-data guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=fcc19c56-1f00-0000-06ae-73c2200c0000 pid=3104 execve guuid=7ae9f157-1f00-0000-06ae-73c2250c0000 pid=3109 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=7ae9f157-1f00-0000-06ae-73c2250c0000 pid=3109 execve guuid=9dbe3c58-1f00-0000-06ae-73c2270c0000 pid=3111 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=9dbe3c58-1f00-0000-06ae-73c2270c0000 pid=3111 clone guuid=338a4258-1f00-0000-06ae-73c2280c0000 pid=3112 /usr/bin/busybox net send-data guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=338a4258-1f00-0000-06ae-73c2280c0000 pid=3112 execve guuid=b74f4d5b-1f00-0000-06ae-73c2300c0000 pid=3120 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=b74f4d5b-1f00-0000-06ae-73c2300c0000 pid=3120 execve guuid=b8fe8a5b-1f00-0000-06ae-73c2320c0000 pid=3122 /usr/bin/dash guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=b8fe8a5b-1f00-0000-06ae-73c2320c0000 pid=3122 clone guuid=1264995b-1f00-0000-06ae-73c2330c0000 pid=3123 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=1264995b-1f00-0000-06ae-73c2330c0000 pid=3123 execve guuid=0b31495d-1f00-0000-06ae-73c2380c0000 pid=3128 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=0b31495d-1f00-0000-06ae-73c2380c0000 pid=3128 execve guuid=79c5885d-1f00-0000-06ae-73c23a0c0000 pid=3130 /home/sandbox/x86 net guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=79c5885d-1f00-0000-06ae-73c23a0c0000 pid=3130 execve guuid=4bc69e6c-1f00-0000-06ae-73c2640c0000 pid=3172 /usr/bin/busybox net send-data write-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=4bc69e6c-1f00-0000-06ae-73c2640c0000 pid=3172 execve guuid=0a576f6e-1f00-0000-06ae-73c26c0c0000 pid=3180 /usr/bin/chmod guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=0a576f6e-1f00-0000-06ae-73c26c0c0000 pid=3180 execve guuid=93a9ac6e-1f00-0000-06ae-73c26d0c0000 pid=3181 /home/sandbox/x86_64 net guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=93a9ac6e-1f00-0000-06ae-73c26d0c0000 pid=3181 execve guuid=1794e87e-1f00-0000-06ae-73c2970c0000 pid=3223 /usr/bin/rm delete-file guuid=786dd22e-1f00-0000-06ae-73c2990b0000 pid=2969->guuid=1794e87e-1f00-0000-06ae-73c2970c0000 pid=3223 execve fc577216-6857-5e80-aeaf-7ca7103e91b9 161.97.149.138:80 guuid=be4a402f-1f00-0000-06ae-73c29b0b0000 pid=2971->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 89B guuid=655f2035-1f00-0000-06ae-73c2ae0b0000 pid=2990->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=b4a7c03a-1f00-0000-06ae-73c2bc0b0000 pid=3004->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=31ee5042-1f00-0000-06ae-73c2d40b0000 pid=3028->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=63260d49-1f00-0000-06ae-73c2e90b0000 pid=3049->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=13b2114c-1f00-0000-06ae-73c2f40b0000 pid=3060->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=22612d4f-1f00-0000-06ae-73c2020c0000 pid=3074->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 90B guuid=3457ab53-1f00-0000-06ae-73c2160c0000 pid=3094->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 89B guuid=fcc19c56-1f00-0000-06ae-73c2200c0000 pid=3104->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 89B guuid=338a4258-1f00-0000-06ae-73c2280c0000 pid=3112->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 89B guuid=1264995b-1f00-0000-06ae-73c2330c0000 pid=3123->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=79c5885d-1f00-0000-06ae-73c23a0c0000 pid=3130->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7545956c-1f00-0000-06ae-73c2620c0000 pid=3170 /home/sandbox/x86 guuid=79c5885d-1f00-0000-06ae-73c23a0c0000 pid=3130->guuid=7545956c-1f00-0000-06ae-73c2620c0000 pid=3170 clone guuid=eb2d9a6c-1f00-0000-06ae-73c2630c0000 pid=3171 /home/sandbox/x86 net send-data zombie guuid=79c5885d-1f00-0000-06ae-73c23a0c0000 pid=3130->guuid=eb2d9a6c-1f00-0000-06ae-73c2630c0000 pid=3171 clone guuid=eb2d9a6c-1f00-0000-06ae-73c2630c0000 pid=3171->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=eb2d9a6c-1f00-0000-06ae-73c2630c0000 pid=3171->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=4bc69e6c-1f00-0000-06ae-73c2640c0000 pid=3172->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 92B guuid=93a9ac6e-1f00-0000-06ae-73c26d0c0000 pid=3181->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6c67c87e-1f00-0000-06ae-73c2950c0000 pid=3221 /home/sandbox/x86_64 guuid=93a9ac6e-1f00-0000-06ae-73c26d0c0000 pid=3181->guuid=6c67c87e-1f00-0000-06ae-73c2950c0000 pid=3221 clone guuid=c55ed27e-1f00-0000-06ae-73c2960c0000 pid=3222 /home/sandbox/x86_64 net send-data zombie guuid=93a9ac6e-1f00-0000-06ae-73c26d0c0000 pid=3181->guuid=c55ed27e-1f00-0000-06ae-73c2960c0000 pid=3222 clone guuid=c55ed27e-1f00-0000-06ae-73c2960c0000 pid=3222->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c55ed27e-1f00-0000-06ae-73c2960c0000 pid=3222->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-09-29 17:09:09 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahpenlhz5k3qiopcbflg5cfmwpztd4mqd7rgyym2pbyvn4a35tta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250929-wz1z7a1tdx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 01de46acf9eab70439e209566e88acb3f331f1901fe26c619a787156f01bece6

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3635181/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments