MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1
SHA3-384 hash: ff7cda47345d341baf6f22e7da978762b6bf09646709141b7a9eebc2937bb3b192911fd267f505f76cae5c57f8ff6285
SHA1 hash: fe8388ef221442768ef569891b5162913db90e5f
MD5 hash: 0421fb471e06fad0e4355453353dd36f
humanhash: victor-lemon-nuts-stream
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'148 bytes
First seen:2025-07-26 10:45:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:0jyN5Z5Il+VjyNkZkIU+VjyN6NIF6/AA+VjyNHC4K/dEH+Vjy9ju5+VjyYOR5+Va:j+JoNIsBK1KEdx18mCHZIe8tnqL/Sxn
TLSH T1E2212C8F9E315C0492084FF56096B5106B5BCFD0E3BD8B89E46C58B66D94B14F3CAE2B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.34/bins/upjohn90.armc395ceb8a4f4064e0671b8d6fdfb45e032c1664b7b2f573c800c3bd6072814d7 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm54e961ef5d8f7785e80d7b3a0724867290f3b1915f6c18e29161fa13bc2847308 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm65ce4b2ec0bed3dad02122aa983b8b971c1f7f1c83790fc0ff0553b01e7787643 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.arm7ee13944117cc17dbf206670b936391e7f972f4602ac69dfd697a7657247a8e8c Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.m68k6404f414a595daa57a4392b69cb368b82564ab3f10e4f2e693bf0d5527164947 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.mipsn/an/aelf opendir ua-wget
http://196.251.116.34/bins/upjohn90.mpsln/an/aelf opendir ua-wget
http://196.251.116.34/bins/upjohn90.ppcc3a430647d7655e27a93bd9603eea92334be7e84c8ea8980a78b598ff1224c67 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.sh492847d3959ecb46f8ca414864ec47af1d7de4dcb9f15bea49f0ca9c543f7fcc4 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.spcc4657bca1b72a99df88dd18a5f6facfae6fea5df0c5c24844456d1a9e35c73f7 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.x860bfd4a0db43370d7fafc548626a96aa0fbb22a13f517499cc10f357825fa0e37 Miraielf mirai opendir ua-wget
http://196.251.116.34/bins/upjohn90.x86_643f2ac0cc57fb6ed02a616835f1c67c6e8fb85bdb9dee190094293f0017b69e44 Miraielf mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6884b1d4c79df08ef095e8ed/reports/fe02fa66-7946-4422-80eb-5108b8f2e16f/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/58322354-c4e5-4c43-a50d-0ed645483510
Behavior Graph:
Download SVG
%3 guuid=8d71bf10-1700-0000-0a26-960eff060000 pid=1791 /usr/bin/sudo guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799 /tmp/sample.bin guuid=8d71bf10-1700-0000-0a26-960eff060000 pid=1791->guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799 execve guuid=73220114-1700-0000-0a26-960e09070000 pid=1801 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=73220114-1700-0000-0a26-960e09070000 pid=1801 execve guuid=b2c06919-1700-0000-0a26-960e15070000 pid=1813 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=b2c06919-1700-0000-0a26-960e15070000 pid=1813 execve guuid=a465c619-1700-0000-0a26-960e17070000 pid=1815 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=a465c619-1700-0000-0a26-960e17070000 pid=1815 clone guuid=818d6f1a-1700-0000-0a26-960e1b070000 pid=1819 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=818d6f1a-1700-0000-0a26-960e1b070000 pid=1819 execve guuid=d6761b1e-1700-0000-0a26-960e23070000 pid=1827 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=d6761b1e-1700-0000-0a26-960e23070000 pid=1827 execve guuid=3565631e-1700-0000-0a26-960e24070000 pid=1828 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=3565631e-1700-0000-0a26-960e24070000 pid=1828 clone guuid=c0b20b1f-1700-0000-0a26-960e27070000 pid=1831 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=c0b20b1f-1700-0000-0a26-960e27070000 pid=1831 execve guuid=e71d6623-1700-0000-0a26-960e31070000 pid=1841 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=e71d6623-1700-0000-0a26-960e31070000 pid=1841 execve guuid=4fb1ac23-1700-0000-0a26-960e32070000 pid=1842 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=4fb1ac23-1700-0000-0a26-960e32070000 pid=1842 clone guuid=9c1e5e24-1700-0000-0a26-960e35070000 pid=1845 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=9c1e5e24-1700-0000-0a26-960e35070000 pid=1845 execve guuid=a1a25228-1700-0000-0a26-960e41070000 pid=1857 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=a1a25228-1700-0000-0a26-960e41070000 pid=1857 execve guuid=d3119028-1700-0000-0a26-960e43070000 pid=1859 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=d3119028-1700-0000-0a26-960e43070000 pid=1859 clone guuid=06451329-1700-0000-0a26-960e46070000 pid=1862 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=06451329-1700-0000-0a26-960e46070000 pid=1862 execve guuid=bb6d3e2d-1700-0000-0a26-960e52070000 pid=1874 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=bb6d3e2d-1700-0000-0a26-960e52070000 pid=1874 execve guuid=ffdc712d-1700-0000-0a26-960e54070000 pid=1876 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=ffdc712d-1700-0000-0a26-960e54070000 pid=1876 clone guuid=46ace22d-1700-0000-0a26-960e57070000 pid=1879 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=46ace22d-1700-0000-0a26-960e57070000 pid=1879 execve guuid=83e80032-1700-0000-0a26-960e63070000 pid=1891 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=83e80032-1700-0000-0a26-960e63070000 pid=1891 execve guuid=8c3c4d32-1700-0000-0a26-960e66070000 pid=1894 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=8c3c4d32-1700-0000-0a26-960e66070000 pid=1894 clone guuid=5eddcb32-1700-0000-0a26-960e69070000 pid=1897 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=5eddcb32-1700-0000-0a26-960e69070000 pid=1897 execve guuid=492f6637-1700-0000-0a26-960e77070000 pid=1911 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=492f6637-1700-0000-0a26-960e77070000 pid=1911 execve guuid=c3cbba37-1700-0000-0a26-960e79070000 pid=1913 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=c3cbba37-1700-0000-0a26-960e79070000 pid=1913 clone guuid=858a4238-1700-0000-0a26-960e7c070000 pid=1916 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=858a4238-1700-0000-0a26-960e7c070000 pid=1916 execve guuid=bb73c63b-1700-0000-0a26-960e87070000 pid=1927 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=bb73c63b-1700-0000-0a26-960e87070000 pid=1927 execve guuid=7db01e3c-1700-0000-0a26-960e89070000 pid=1929 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=7db01e3c-1700-0000-0a26-960e89070000 pid=1929 clone guuid=b042253c-1700-0000-0a26-960e8a070000 pid=1930 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=b042253c-1700-0000-0a26-960e8a070000 pid=1930 execve guuid=05e00640-1700-0000-0a26-960e94070000 pid=1940 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=05e00640-1700-0000-0a26-960e94070000 pid=1940 execve guuid=0a7a4040-1700-0000-0a26-960e96070000 pid=1942 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=0a7a4040-1700-0000-0a26-960e96070000 pid=1942 clone guuid=1394c540-1700-0000-0a26-960e9a070000 pid=1946 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=1394c540-1700-0000-0a26-960e9a070000 pid=1946 execve guuid=4eaab645-1700-0000-0a26-960eaa070000 pid=1962 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=4eaab645-1700-0000-0a26-960eaa070000 pid=1962 execve guuid=bbb8ec45-1700-0000-0a26-960eab070000 pid=1963 /usr/bin/dash guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=bbb8ec45-1700-0000-0a26-960eab070000 pid=1963 clone guuid=127a7b46-1700-0000-0a26-960eaf070000 pid=1967 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=127a7b46-1700-0000-0a26-960eaf070000 pid=1967 execve guuid=97c52a4a-1700-0000-0a26-960eb9070000 pid=1977 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=97c52a4a-1700-0000-0a26-960eb9070000 pid=1977 execve guuid=67eb784a-1700-0000-0a26-960ebb070000 pid=1979 /home/sandbox/upjohn90.x86 net guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=67eb784a-1700-0000-0a26-960ebb070000 pid=1979 execve guuid=821d024b-1700-0000-0a26-960ebf070000 pid=1983 /usr/bin/wget net send-data write-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=821d024b-1700-0000-0a26-960ebf070000 pid=1983 execve guuid=01136a4e-1700-0000-0a26-960ec9070000 pid=1993 /usr/bin/chmod guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=01136a4e-1700-0000-0a26-960ec9070000 pid=1993 execve guuid=1336a64e-1700-0000-0a26-960ecd070000 pid=1997 /home/sandbox/upjohn90.x86_64 mprotect-exec net guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=1336a64e-1700-0000-0a26-960ecd070000 pid=1997 execve guuid=ee60314f-1700-0000-0a26-960ed0070000 pid=2000 /usr/bin/rm delete-file guuid=a281ad13-1700-0000-0a26-960e07070000 pid=1799->guuid=ee60314f-1700-0000-0a26-960ed0070000 pid=2000 execve f2b0adff-3c28-5b5a-8344-605c6057838c 196.251.116.34:80 guuid=73220114-1700-0000-0a26-960e09070000 pid=1801->f2b0adff-3c28-5b5a-8344-605c6057838c send: 146B guuid=818d6f1a-1700-0000-0a26-960e1b070000 pid=1819->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=c0b20b1f-1700-0000-0a26-960e27070000 pid=1831->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=9c1e5e24-1700-0000-0a26-960e35070000 pid=1845->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=06451329-1700-0000-0a26-960e46070000 pid=1862->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=46ace22d-1700-0000-0a26-960e57070000 pid=1879->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=5eddcb32-1700-0000-0a26-960e69070000 pid=1897->f2b0adff-3c28-5b5a-8344-605c6057838c send: 147B guuid=858a4238-1700-0000-0a26-960e7c070000 pid=1916->f2b0adff-3c28-5b5a-8344-605c6057838c send: 146B guuid=b042253c-1700-0000-0a26-960e8a070000 pid=1930->f2b0adff-3c28-5b5a-8344-605c6057838c send: 146B guuid=1394c540-1700-0000-0a26-960e9a070000 pid=1946->f2b0adff-3c28-5b5a-8344-605c6057838c send: 146B guuid=127a7b46-1700-0000-0a26-960eaf070000 pid=1967->f2b0adff-3c28-5b5a-8344-605c6057838c send: 146B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=67eb784a-1700-0000-0a26-960ebb070000 pid=1979->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=30fcfa4a-1700-0000-0a26-960ebe070000 pid=1982 /home/sandbox/upjohn90.x86 guuid=67eb784a-1700-0000-0a26-960ebb070000 pid=1979->guuid=30fcfa4a-1700-0000-0a26-960ebe070000 pid=1982 clone guuid=fcb7044b-1700-0000-0a26-960ec0070000 pid=1984 /home/sandbox/upjohn90.x86 write-config zombie guuid=30fcfa4a-1700-0000-0a26-960ebe070000 pid=1982->guuid=fcb7044b-1700-0000-0a26-960ec0070000 pid=1984 clone guuid=821d024b-1700-0000-0a26-960ebf070000 pid=1983->f2b0adff-3c28-5b5a-8344-605c6057838c send: 149B guuid=a59e7d4e-1700-0000-0a26-960eca070000 pid=1994 /usr/bin/dash guuid=fcb7044b-1700-0000-0a26-960ec0070000 pid=1984->guuid=a59e7d4e-1700-0000-0a26-960eca070000 pid=1994 execve guuid=af31f850-1700-0000-0a26-960ed7070000 pid=2007 /home/sandbox/upjohn90.x86 net send-data guuid=fcb7044b-1700-0000-0a26-960ec0070000 pid=1984->guuid=af31f850-1700-0000-0a26-960ed7070000 pid=2007 clone guuid=0f39a44e-1700-0000-0a26-960ecc070000 pid=1996 /usr/bin/cp guuid=a59e7d4e-1700-0000-0a26-960eca070000 pid=1994->guuid=0f39a44e-1700-0000-0a26-960ecc070000 pid=1996 execve guuid=1336a64e-1700-0000-0a26-960ecd070000 pid=1997->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=38562b4f-1700-0000-0a26-960ecf070000 pid=1999 /home/sandbox/upjohn90.x86_64 zombie guuid=1336a64e-1700-0000-0a26-960ecd070000 pid=1997->guuid=38562b4f-1700-0000-0a26-960ecf070000 pid=1999 clone guuid=e7e3374f-1700-0000-0a26-960ed1070000 pid=2001 /home/sandbox/upjohn90.x86_64 write-config zombie guuid=38562b4f-1700-0000-0a26-960ecf070000 pid=1999->guuid=e7e3374f-1700-0000-0a26-960ed1070000 pid=2001 clone guuid=eb7d944f-1700-0000-0a26-960ed2070000 pid=2002 /usr/bin/dash guuid=e7e3374f-1700-0000-0a26-960ed1070000 pid=2001->guuid=eb7d944f-1700-0000-0a26-960ed2070000 pid=2002 execve guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006 /home/sandbox/upjohn90.x86_64 net send-data zombie guuid=e7e3374f-1700-0000-0a26-960ed1070000 pid=2001->guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006 clone guuid=92a81650-1700-0000-0a26-960ed4070000 pid=2004 /usr/bin/cp guuid=eb7d944f-1700-0000-0a26-960ed2070000 pid=2002->guuid=92a81650-1700-0000-0a26-960ed4070000 pid=2004 execve guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 2545B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=f5d9f850-1700-0000-0a26-960ed8070000 pid=2008 /home/sandbox/upjohn90.x86_64 guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006->guuid=f5d9f850-1700-0000-0a26-960ed8070000 pid=2008 clone guuid=10f6fb50-1700-0000-0a26-960eda070000 pid=2010 /home/sandbox/upjohn90.x86_64 guuid=a327f450-1700-0000-0a26-960ed6070000 pid=2006->guuid=10f6fb50-1700-0000-0a26-960eda070000 pid=2010 clone guuid=af31f850-1700-0000-0a26-960ed7070000 pid=2007->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 35B guuid=070dff50-1700-0000-0a26-960edb070000 pid=2011 /home/sandbox/upjohn90.x86 guuid=af31f850-1700-0000-0a26-960ed7070000 pid=2007->guuid=070dff50-1700-0000-0a26-960edb070000 pid=2011 clone guuid=9d0f0351-1700-0000-0a26-960edc070000 pid=2012 /home/sandbox/upjohn90.x86 guuid=af31f850-1700-0000-0a26-960ed7070000 pid=2007->guuid=9d0f0351-1700-0000-0a26-960edc070000 pid=2012 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-07-26 10:45:39 UTC
File Type:
Text (Shell)
AV detection:
14 of 35 (40.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=avmpyeihslbqx5r2htiitynvrighz63jspi4hq56shlr43azs7iq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250726-mtpwasyzdt/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0558fc110792c30bf63a3cd089e1b58a0c7cfb6993d1c3c3be91d71e6c1997d1

(this sample)

Mirai

elf 57fa443d9f2a3d95c4f2f64e2501e0cf22ce80a71b8aa382b5203519457b138f

Mirai

elf c395ceb8a4f4064e0671b8d6fdfb45e032c1664b7b2f573c800c3bd6072814d7

  
URLhaus
https://urlhaus.abuse.ch/url/3586691/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f52faafa1af0973dff3f55c77d1ee33c
  
Dropping
SHA256 c395ceb8a4f4064e0671b8d6fdfb45e032c1664b7b2f573c800c3bd6072814d7

Comments