MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a
SHA3-384 hash: 8992e559d11e34d0420b6a385c9dc8111873d6d571b2b8c2e469dbebae96d66c921ded88a77504e1f2de7563429e81a0
SHA1 hash: f65927b6eb1a83febed67d8e69bc16692eb46fa1
MD5 hash: 382181ff6ae1d69566f517347e5b3bc9
humanhash: single-diet-salami-massachusetts
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:846 bytes
First seen:2025-08-15 21:30:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:60/0GYR0HNI7m0vK202+I60zjL0tT5d0yli07tH0Ui0VR09n:1cGYKmJvcLI1z0p5eGmUNY9
TLSH T1240133EEBB3168A6CA09CF25A0634444902499E176744F1A5DE60CFADCE670131BDE6D
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://138.201.154.194/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai opendir ua-wget USA
http://138.201.154.194/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Mirai32-bit elf mirai Mozi
http://138.201.154.194/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraielf geofenced mirai opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/689fa706004f5721cb81198d/reports/22c788a1-329b-477d-a21d-7b287eb8cd6d/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9e4032b5-fd4e-48e5-88de-888f2ac83666
Behavior Graph:
Download SVG
%3 guuid=64b43e2b-1a00-0000-eafd-f5d576090000 pid=2422 /usr/bin/sudo guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431 /tmp/sample.bin guuid=64b43e2b-1a00-0000-eafd-f5d576090000 pid=2422->guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431 execve guuid=62d8f72d-1a00-0000-eafd-f5d581090000 pid=2433 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=62d8f72d-1a00-0000-eafd-f5d581090000 pid=2433 execve guuid=d52e8637-1a00-0000-eafd-f5d595090000 pid=2453 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=d52e8637-1a00-0000-eafd-f5d595090000 pid=2453 execve guuid=1a79d937-1a00-0000-eafd-f5d597090000 pid=2455 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=1a79d937-1a00-0000-eafd-f5d597090000 pid=2455 clone guuid=a0fe233a-1a00-0000-eafd-f5d59a090000 pid=2458 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=a0fe233a-1a00-0000-eafd-f5d59a090000 pid=2458 execve guuid=51671540-1a00-0000-eafd-f5d5a5090000 pid=2469 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=51671540-1a00-0000-eafd-f5d5a5090000 pid=2469 execve guuid=35fe9d40-1a00-0000-eafd-f5d5a6090000 pid=2470 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=35fe9d40-1a00-0000-eafd-f5d5a6090000 pid=2470 clone guuid=fce0a441-1a00-0000-eafd-f5d5a9090000 pid=2473 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=fce0a441-1a00-0000-eafd-f5d5a9090000 pid=2473 execve guuid=b27be447-1a00-0000-eafd-f5d5bc090000 pid=2492 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=b27be447-1a00-0000-eafd-f5d5bc090000 pid=2492 execve guuid=45833e48-1a00-0000-eafd-f5d5be090000 pid=2494 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=45833e48-1a00-0000-eafd-f5d5be090000 pid=2494 clone guuid=8b6b1149-1a00-0000-eafd-f5d5c2090000 pid=2498 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=8b6b1149-1a00-0000-eafd-f5d5c2090000 pid=2498 execve guuid=11b26450-1a00-0000-eafd-f5d5d1090000 pid=2513 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=11b26450-1a00-0000-eafd-f5d5d1090000 pid=2513 execve guuid=26ecae50-1a00-0000-eafd-f5d5d2090000 pid=2514 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=26ecae50-1a00-0000-eafd-f5d5d2090000 pid=2514 clone guuid=3de18451-1a00-0000-eafd-f5d5d6090000 pid=2518 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=3de18451-1a00-0000-eafd-f5d5d6090000 pid=2518 execve guuid=57c32b58-1a00-0000-eafd-f5d5e4090000 pid=2532 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=57c32b58-1a00-0000-eafd-f5d5e4090000 pid=2532 execve guuid=849b8258-1a00-0000-eafd-f5d5e7090000 pid=2535 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=849b8258-1a00-0000-eafd-f5d5e7090000 pid=2535 clone guuid=6f482559-1a00-0000-eafd-f5d5ea090000 pid=2538 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=6f482559-1a00-0000-eafd-f5d5ea090000 pid=2538 execve guuid=3e07a55f-1a00-0000-eafd-f5d5f7090000 pid=2551 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=3e07a55f-1a00-0000-eafd-f5d5f7090000 pid=2551 execve guuid=2909fa5f-1a00-0000-eafd-f5d5f9090000 pid=2553 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=2909fa5f-1a00-0000-eafd-f5d5f9090000 pid=2553 clone guuid=f4388760-1a00-0000-eafd-f5d5fc090000 pid=2556 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=f4388760-1a00-0000-eafd-f5d5fc090000 pid=2556 execve guuid=f3bc3867-1a00-0000-eafd-f5d5090a0000 pid=2569 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=f3bc3867-1a00-0000-eafd-f5d5090a0000 pid=2569 execve guuid=bb049967-1a00-0000-eafd-f5d50b0a0000 pid=2571 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=bb049967-1a00-0000-eafd-f5d50b0a0000 pid=2571 clone guuid=5da02c68-1a00-0000-eafd-f5d50f0a0000 pid=2575 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=5da02c68-1a00-0000-eafd-f5d50f0a0000 pid=2575 execve guuid=d2d6066f-1a00-0000-eafd-f5d51e0a0000 pid=2590 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=d2d6066f-1a00-0000-eafd-f5d51e0a0000 pid=2590 execve guuid=f602516f-1a00-0000-eafd-f5d51f0a0000 pid=2591 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=f602516f-1a00-0000-eafd-f5d51f0a0000 pid=2591 clone guuid=629dfa6f-1a00-0000-eafd-f5d5230a0000 pid=2595 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=629dfa6f-1a00-0000-eafd-f5d5230a0000 pid=2595 execve guuid=94247476-1a00-0000-eafd-f5d5320a0000 pid=2610 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=94247476-1a00-0000-eafd-f5d5320a0000 pid=2610 execve guuid=2e4bb076-1a00-0000-eafd-f5d5340a0000 pid=2612 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=2e4bb076-1a00-0000-eafd-f5d5340a0000 pid=2612 clone guuid=de2c2f77-1a00-0000-eafd-f5d5380a0000 pid=2616 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=de2c2f77-1a00-0000-eafd-f5d5380a0000 pid=2616 execve guuid=5cabdb7d-1a00-0000-eafd-f5d5490a0000 pid=2633 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=5cabdb7d-1a00-0000-eafd-f5d5490a0000 pid=2633 execve guuid=69244f7e-1a00-0000-eafd-f5d54b0a0000 pid=2635 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=69244f7e-1a00-0000-eafd-f5d54b0a0000 pid=2635 clone guuid=47aa467f-1a00-0000-eafd-f5d54e0a0000 pid=2638 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=47aa467f-1a00-0000-eafd-f5d54e0a0000 pid=2638 execve guuid=d526b184-1a00-0000-eafd-f5d55b0a0000 pid=2651 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=d526b184-1a00-0000-eafd-f5d55b0a0000 pid=2651 execve guuid=4e472b85-1a00-0000-eafd-f5d55d0a0000 pid=2653 /home/sandbox/x86 net guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=4e472b85-1a00-0000-eafd-f5d55d0a0000 pid=2653 execve guuid=abf18b98-1a00-0000-eafd-f5d5950a0000 pid=2709 /usr/bin/wget net send-data write-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=abf18b98-1a00-0000-eafd-f5d5950a0000 pid=2709 execve guuid=60d1eea1-1a00-0000-eafd-f5d5ae0a0000 pid=2734 /usr/bin/chmod guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=60d1eea1-1a00-0000-eafd-f5d5ae0a0000 pid=2734 execve guuid=72d034a2-1a00-0000-eafd-f5d5b00a0000 pid=2736 /usr/bin/dash guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=72d034a2-1a00-0000-eafd-f5d5b00a0000 pid=2736 clone guuid=6439d9a2-1a00-0000-eafd-f5d5b40a0000 pid=2740 /usr/bin/rm delete-file guuid=1f7fa42d-1a00-0000-eafd-f5d57f090000 pid=2431->guuid=6439d9a2-1a00-0000-eafd-f5d5b40a0000 pid=2740 execve 0d8bcf72-e418-554e-aa94-b31d69d8ccca 138.201.154.194:80 guuid=62d8f72d-1a00-0000-eafd-f5d581090000 pid=2433->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 142B guuid=a0fe233a-1a00-0000-eafd-f5d59a090000 pid=2458->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=fce0a441-1a00-0000-eafd-f5d5a9090000 pid=2473->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=8b6b1149-1a00-0000-eafd-f5d5c2090000 pid=2498->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=3de18451-1a00-0000-eafd-f5d5d6090000 pid=2518->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=6f482559-1a00-0000-eafd-f5d5ea090000 pid=2538->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=f4388760-1a00-0000-eafd-f5d5fc090000 pid=2556->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 143B guuid=5da02c68-1a00-0000-eafd-f5d50f0a0000 pid=2575->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 142B guuid=629dfa6f-1a00-0000-eafd-f5d5230a0000 pid=2595->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 142B guuid=de2c2f77-1a00-0000-eafd-f5d5380a0000 pid=2616->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 142B guuid=47aa467f-1a00-0000-eafd-f5d54e0a0000 pid=2638->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 142B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4e472b85-1a00-0000-eafd-f5d55d0a0000 pid=2653->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fcd07c98-1a00-0000-eafd-f5d5930a0000 pid=2707 /home/sandbox/x86 guuid=4e472b85-1a00-0000-eafd-f5d55d0a0000 pid=2653->guuid=fcd07c98-1a00-0000-eafd-f5d5930a0000 pid=2707 clone guuid=ea518298-1a00-0000-eafd-f5d5940a0000 pid=2708 /home/sandbox/x86 net send-data zombie guuid=4e472b85-1a00-0000-eafd-f5d55d0a0000 pid=2653->guuid=ea518298-1a00-0000-eafd-f5d5940a0000 pid=2708 clone guuid=ea518298-1a00-0000-eafd-f5d5940a0000 pid=2708->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b 87.121.84.220:61459 guuid=ea518298-1a00-0000-eafd-f5d5940a0000 pid=2708->dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b send: 43B guuid=abf18b98-1a00-0000-eafd-f5d5950a0000 pid=2709->0d8bcf72-e418-554e-aa94-b31d69d8ccca send: 145B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-08-15 21:23:08 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvtqj4vyznkh2sxfflpdicolt3ptl3bifjvwxoye6rjqktx5rena._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250815-1cs4aaen7t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 0d6704f2b8cb547d4ae52ade3409cb9edf35ec282a6b6bbb04f453054efd891a

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3604318/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments