MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5
SHA3-384 hash: 0375d9ecb759bd34dac06bbcc1e4e8a879a40329895169d89f478c6468092fdee6d700015c4215fcf12408c88a813a83
SHA1 hash: b2236942c08ef96664a2d9f534e666d6b5b08eeb
MD5 hash: 08ffa766f766eaee33dd922d147fd385
humanhash: missouri-fix-autumn-uncle
File name:mips.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'140 bytes
First seen:2025-10-04 09:20:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:64oaRmWNIQ37vK26w50FN61CgqaOGCk5CwuWv:vNImKe50FNGqs7Vv
TLSH T1F921BBFA2055512612446F11706688396CBBFBE260619EF854BFE47362CF9A07723E78
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.m68k267631b2edbac998aeea63a6867c1d121d1f27e3d9e601504148dabb56d40657 Miraielf geofenced m68k mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68e0e706d4a0085473c00e38/reports/33a82008-5996-4193-a93c-f748957a9133/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-10-04T07:02:00Z UTC
Last seen:
2025-10-05T10:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f89722fb-0cce-4c84-bf67-e72f337b24ed
Behavior Graph:
Download SVG
%3 guuid=b814dc5b-1a00-0000-66b4-34d4860c0000 pid=3206 /usr/bin/sudo guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216 /tmp/sample.bin guuid=b814dc5b-1a00-0000-66b4-34d4860c0000 pid=3206->guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216 execve guuid=843dd560-1a00-0000-66b4-34d4920c0000 pid=3218 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=843dd560-1a00-0000-66b4-34d4920c0000 pid=3218 execve guuid=822b0265-1a00-0000-66b4-34d49b0c0000 pid=3227 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=822b0265-1a00-0000-66b4-34d49b0c0000 pid=3227 execve guuid=c00e4065-1a00-0000-66b4-34d49d0c0000 pid=3229 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=c00e4065-1a00-0000-66b4-34d49d0c0000 pid=3229 clone guuid=2b72da65-1a00-0000-66b4-34d49f0c0000 pid=3231 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=2b72da65-1a00-0000-66b4-34d49f0c0000 pid=3231 execve guuid=8ff64d6e-1a00-0000-66b4-34d4ab0c0000 pid=3243 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=8ff64d6e-1a00-0000-66b4-34d4ab0c0000 pid=3243 execve guuid=328e9e6e-1a00-0000-66b4-34d4ac0c0000 pid=3244 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=328e9e6e-1a00-0000-66b4-34d4ac0c0000 pid=3244 clone guuid=67225f6f-1a00-0000-66b4-34d4ae0c0000 pid=3246 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=67225f6f-1a00-0000-66b4-34d4ae0c0000 pid=3246 execve guuid=428a4873-1a00-0000-66b4-34d4af0c0000 pid=3247 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=428a4873-1a00-0000-66b4-34d4af0c0000 pid=3247 execve guuid=d4d8d073-1a00-0000-66b4-34d4b00c0000 pid=3248 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d4d8d073-1a00-0000-66b4-34d4b00c0000 pid=3248 clone guuid=d1686e75-1a00-0000-66b4-34d4b20c0000 pid=3250 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d1686e75-1a00-0000-66b4-34d4b20c0000 pid=3250 execve guuid=d4f71b7a-1a00-0000-66b4-34d4b40c0000 pid=3252 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d4f71b7a-1a00-0000-66b4-34d4b40c0000 pid=3252 execve guuid=e51e5f7a-1a00-0000-66b4-34d4b50c0000 pid=3253 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=e51e5f7a-1a00-0000-66b4-34d4b50c0000 pid=3253 clone guuid=2a1fa67b-1a00-0000-66b4-34d4b70c0000 pid=3255 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=2a1fa67b-1a00-0000-66b4-34d4b70c0000 pid=3255 execve guuid=27525e84-1a00-0000-66b4-34d4c60c0000 pid=3270 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=27525e84-1a00-0000-66b4-34d4c60c0000 pid=3270 execve guuid=d4e0b984-1a00-0000-66b4-34d4c80c0000 pid=3272 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d4e0b984-1a00-0000-66b4-34d4c80c0000 pid=3272 clone guuid=3e080686-1a00-0000-66b4-34d4cd0c0000 pid=3277 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=3e080686-1a00-0000-66b4-34d4cd0c0000 pid=3277 execve guuid=1a51b68e-1a00-0000-66b4-34d4d80c0000 pid=3288 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=1a51b68e-1a00-0000-66b4-34d4d80c0000 pid=3288 execve guuid=9d780b8f-1a00-0000-66b4-34d4d90c0000 pid=3289 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=9d780b8f-1a00-0000-66b4-34d4d90c0000 pid=3289 clone guuid=5f434590-1a00-0000-66b4-34d4de0c0000 pid=3294 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=5f434590-1a00-0000-66b4-34d4de0c0000 pid=3294 execve guuid=5b2e6f99-1a00-0000-66b4-34d4e90c0000 pid=3305 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=5b2e6f99-1a00-0000-66b4-34d4e90c0000 pid=3305 execve guuid=f4c9b899-1a00-0000-66b4-34d4ea0c0000 pid=3306 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=f4c9b899-1a00-0000-66b4-34d4ea0c0000 pid=3306 clone guuid=d2d84b9a-1a00-0000-66b4-34d4ec0c0000 pid=3308 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d2d84b9a-1a00-0000-66b4-34d4ec0c0000 pid=3308 execve guuid=8030389e-1a00-0000-66b4-34d4ee0c0000 pid=3310 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=8030389e-1a00-0000-66b4-34d4ee0c0000 pid=3310 execve guuid=38a5af9e-1a00-0000-66b4-34d4ef0c0000 pid=3311 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=38a5af9e-1a00-0000-66b4-34d4ef0c0000 pid=3311 clone guuid=81fa86a0-1a00-0000-66b4-34d4f30c0000 pid=3315 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=81fa86a0-1a00-0000-66b4-34d4f30c0000 pid=3315 execve guuid=fd8516a9-1a00-0000-66b4-34d4080d0000 pid=3336 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=fd8516a9-1a00-0000-66b4-34d4080d0000 pid=3336 execve guuid=c2988da9-1a00-0000-66b4-34d40b0d0000 pid=3339 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=c2988da9-1a00-0000-66b4-34d40b0d0000 pid=3339 clone guuid=6e48adaa-1a00-0000-66b4-34d4110d0000 pid=3345 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=6e48adaa-1a00-0000-66b4-34d4110d0000 pid=3345 execve guuid=e51994b3-1a00-0000-66b4-34d4230d0000 pid=3363 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=e51994b3-1a00-0000-66b4-34d4230d0000 pid=3363 execve guuid=08fefab3-1a00-0000-66b4-34d4240d0000 pid=3364 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=08fefab3-1a00-0000-66b4-34d4240d0000 pid=3364 clone guuid=ca8a3bb5-1a00-0000-66b4-34d4270d0000 pid=3367 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=ca8a3bb5-1a00-0000-66b4-34d4270d0000 pid=3367 execve guuid=d49005b9-1a00-0000-66b4-34d4350d0000 pid=3381 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=d49005b9-1a00-0000-66b4-34d4350d0000 pid=3381 execve guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383 /home/sandbox/UnHAnaAW.x86 net guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383 execve guuid=751c96b9-1a00-0000-66b4-34d43c0d0000 pid=3388 /usr/bin/busybox net send-data write-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=751c96b9-1a00-0000-66b4-34d43c0d0000 pid=3388 execve guuid=3727bac6-1a00-0000-66b4-34d44c0d0000 pid=3404 /usr/bin/chmod guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=3727bac6-1a00-0000-66b4-34d44c0d0000 pid=3404 execve guuid=fcb015c7-1a00-0000-66b4-34d44d0d0000 pid=3405 /usr/bin/dash guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=fcb015c7-1a00-0000-66b4-34d44d0d0000 pid=3405 clone guuid=f0f324c7-1a00-0000-66b4-34d44e0d0000 pid=3406 /usr/bin/rm delete-file guuid=81688d60-1a00-0000-66b4-34d4900c0000 pid=3216->guuid=f0f324c7-1a00-0000-66b4-34d44e0d0000 pid=3406 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=843dd560-1a00-0000-66b4-34d4920c0000 pid=3218->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 89B guuid=2b72da65-1a00-0000-66b4-34d49f0c0000 pid=3231->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=67225f6f-1a00-0000-66b4-34d4ae0c0000 pid=3246->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=d1686e75-1a00-0000-66b4-34d4b20c0000 pid=3250->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=2a1fa67b-1a00-0000-66b4-34d4b70c0000 pid=3255->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=3e080686-1a00-0000-66b4-34d4cd0c0000 pid=3277->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=5f434590-1a00-0000-66b4-34d4de0c0000 pid=3294->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=d2d84b9a-1a00-0000-66b4-34d4ec0c0000 pid=3308->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 89B guuid=81fa86a0-1a00-0000-66b4-34d4f30c0000 pid=3315->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 89B guuid=6e48adaa-1a00-0000-66b4-34d4110d0000 pid=3345->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 89B guuid=ca8a3bb5-1a00-0000-66b4-34d4270d0000 pid=3367->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eac589b9-1a00-0000-66b4-34d4390d0000 pid=3385 /home/sandbox/UnHAnaAW.x86 zombie guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383->guuid=eac589b9-1a00-0000-66b4-34d4390d0000 pid=3385 clone guuid=75a18db9-1a00-0000-66b4-34d43a0d0000 pid=3386 /home/sandbox/UnHAnaAW.x86 guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383->guuid=75a18db9-1a00-0000-66b4-34d43a0d0000 pid=3386 clone guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=02c969b9-1a00-0000-66b4-34d4370d0000 pid=3383->guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387 clone guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 12B guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389 clone guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390 clone guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392 clone guuid=79f7acb9-1a00-0000-66b4-34d4410d0000 pid=3393 /home/sandbox/UnHAnaAW.x86 guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=79f7acb9-1a00-0000-66b4-34d4410d0000 pid=3393 clone guuid=feb6b0b9-1a00-0000-66b4-34d4420d0000 pid=3394 /home/sandbox/UnHAnaAW.x86 guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=feb6b0b9-1a00-0000-66b4-34d4420d0000 pid=3394 clone guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=7cc691b9-1a00-0000-66b4-34d43b0d0000 pid=3387->guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395 clone guuid=751c96b9-1a00-0000-66b4-34d43c0d0000 pid=3388->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 92B guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389|send-data send-data to 4097 IP addresses review logs to see them all guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389->guuid=e2c09fb9-1a00-0000-66b4-34d43d0d0000 pid=3389|send-data send guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1fb11054-83d7-57b2-97ff-be6e54954d61 88.119.171.218:80 guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390->1fb11054-83d7-57b2-97ff-be6e54954d61 con d955bd91-386c-59c8-b44f-febe7c84fda5 88.150.79.53:80 guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390->d955bd91-386c-59c8-b44f-febe7c84fda5 con guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390|send-data send-data to 4097 IP addresses review logs to see them all guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390->guuid=1c07a3b9-1a00-0000-66b4-34d43e0d0000 pid=3390|send-data send guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 6ca2c1ac-64db-5382-b52a-c302500f97df 94.30.116.35:8080 guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392->6ca2c1ac-64db-5382-b52a-c302500f97df send: 40B guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392|send-data send-data to 4097 IP addresses review logs to see them all guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392->guuid=5a8ca6b9-1a00-0000-66b4-34d4400d0000 pid=3392|send-data send guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9c6fce00-a24e-55ed-ae43-b1247e040222 147.127.197.211:23 guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395->9c6fce00-a24e-55ed-ae43-b1247e040222 send: 40B guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395|send-data send-data to 4097 IP addresses review logs to see them all guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395->guuid=26d7b4b9-1a00-0000-66b4-34d4430d0000 pid=3395|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-10-04 09:21:09 UTC
File Type:
Text (Shell)
AV detection:
18 of 37 (48.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cvwn74ucrwavi7cmupjhfrabx2sv6pl2r3nxffd7pyxxa555stsq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251004-lbcycazyd1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 156cdff2828d81547c4ca3d272c401bea55f3d7a8edb72947f7e2f7077bd94e5

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3656199/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3656883/

Comments