MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d
SHA3-384 hash: aafdf0e644d77a186c032395456cdcc412e318cd18f8cb90bc9ca8a36a1670e7f82d0dd3775c4cc3092fa5bddfea3f4a
SHA1 hash: 1ab5e1876f1cabe7951334d0912fd16032233d93
MD5 hash: 584fdf7275e49c3801b0606ef0f1fc17
humanhash: bakerloo-johnny-leopard-fillet
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:943 bytes
First seen:2025-10-07 05:03:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:H8u83YEA88NI7+8EKu89+382jV8OTt8Hlq8atB8rq8gT8cR:HliYTK+r5/3Xh9tjD4q5Z
TLSH T18C118FCF2265633A06498DE9A063942DB02FD9C431950F9F9DCC2CF2E9D5D25B326E6C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://147.93.182.114/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf geofenced m68k mirai ua-wget USA
http://147.93.182.114/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf geofenced mips mirai ua-wget USA
http://147.93.182.114/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf geofenced mips mirai ua-wget USA
http://147.93.182.114/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf geofenced mirai PowerPC ua-wget USA
http://147.93.182.114/systemcl/sh4n/an/aelf ua-wget
http://147.93.182.114/systemcl/spcn/an/aelf ua-wget
http://147.93.182.114/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86
http://147.93.182.114/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/68e49f27d4a0085473c24e69/reports/921868bd-3924-4116-a43e-ad7ea3ece5e3/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/dee00c14-3b25-412b-9ef7-737f3e3e97a8
Behavior Graph:
Download SVG
%3 guuid=0ad6c1e7-1900-0000-09f5-1ef1ca0d0000 pid=3530 /usr/bin/sudo guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538 /tmp/sample.bin guuid=0ad6c1e7-1900-0000-09f5-1ef1ca0d0000 pid=3530->guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538 execve guuid=7f1dd7e9-1900-0000-09f5-1ef1d40d0000 pid=3540 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=7f1dd7e9-1900-0000-09f5-1ef1d40d0000 pid=3540 execve guuid=ab5ae2fa-1900-0000-09f5-1ef1090e0000 pid=3593 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=ab5ae2fa-1900-0000-09f5-1ef1090e0000 pid=3593 execve guuid=d89633fb-1900-0000-09f5-1ef10a0e0000 pid=3594 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d89633fb-1900-0000-09f5-1ef10a0e0000 pid=3594 clone guuid=dfcaf0fc-1900-0000-09f5-1ef1110e0000 pid=3601 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=dfcaf0fc-1900-0000-09f5-1ef1110e0000 pid=3601 execve guuid=d7ba690d-1a00-0000-09f5-1ef1430e0000 pid=3651 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d7ba690d-1a00-0000-09f5-1ef1430e0000 pid=3651 execve guuid=59e8ad0d-1a00-0000-09f5-1ef1440e0000 pid=3652 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=59e8ad0d-1a00-0000-09f5-1ef1440e0000 pid=3652 clone guuid=4e7e420e-1a00-0000-09f5-1ef1470e0000 pid=3655 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=4e7e420e-1a00-0000-09f5-1ef1470e0000 pid=3655 execve guuid=7dad561f-1a00-0000-09f5-1ef15f0e0000 pid=3679 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=7dad561f-1a00-0000-09f5-1ef15f0e0000 pid=3679 execve guuid=454ea31f-1a00-0000-09f5-1ef1610e0000 pid=3681 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=454ea31f-1a00-0000-09f5-1ef1610e0000 pid=3681 clone guuid=0e142d21-1a00-0000-09f5-1ef1630e0000 pid=3683 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=0e142d21-1a00-0000-09f5-1ef1630e0000 pid=3683 execve guuid=d9614637-1a00-0000-09f5-1ef1a70e0000 pid=3751 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d9614637-1a00-0000-09f5-1ef1a70e0000 pid=3751 execve guuid=e8538837-1a00-0000-09f5-1ef1a90e0000 pid=3753 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=e8538837-1a00-0000-09f5-1ef1a90e0000 pid=3753 clone guuid=4dcf4b38-1a00-0000-09f5-1ef1ad0e0000 pid=3757 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=4dcf4b38-1a00-0000-09f5-1ef1ad0e0000 pid=3757 execve guuid=0fe3924e-1a00-0000-09f5-1ef1e50e0000 pid=3813 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=0fe3924e-1a00-0000-09f5-1ef1e50e0000 pid=3813 execve guuid=f209fc4e-1a00-0000-09f5-1ef1e90e0000 pid=3817 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=f209fc4e-1a00-0000-09f5-1ef1e90e0000 pid=3817 clone guuid=b7d34050-1a00-0000-09f5-1ef1f00e0000 pid=3824 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=b7d34050-1a00-0000-09f5-1ef1f00e0000 pid=3824 execve guuid=30427161-1a00-0000-09f5-1ef11c0f0000 pid=3868 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=30427161-1a00-0000-09f5-1ef11c0f0000 pid=3868 execve guuid=cf922f62-1a00-0000-09f5-1ef1200f0000 pid=3872 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=cf922f62-1a00-0000-09f5-1ef1200f0000 pid=3872 clone guuid=d9baa263-1a00-0000-09f5-1ef1250f0000 pid=3877 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d9baa263-1a00-0000-09f5-1ef1250f0000 pid=3877 execve guuid=6002e879-1a00-0000-09f5-1ef15e0f0000 pid=3934 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=6002e879-1a00-0000-09f5-1ef15e0f0000 pid=3934 execve guuid=2b195c7a-1a00-0000-09f5-1ef15f0f0000 pid=3935 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=2b195c7a-1a00-0000-09f5-1ef15f0f0000 pid=3935 clone guuid=b12e3a7c-1a00-0000-09f5-1ef1610f0000 pid=3937 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=b12e3a7c-1a00-0000-09f5-1ef1610f0000 pid=3937 execve guuid=6c8b1d8e-1a00-0000-09f5-1ef1980f0000 pid=3992 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=6c8b1d8e-1a00-0000-09f5-1ef1980f0000 pid=3992 execve guuid=4af0578e-1a00-0000-09f5-1ef19a0f0000 pid=3994 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=4af0578e-1a00-0000-09f5-1ef19a0f0000 pid=3994 clone guuid=040b288f-1a00-0000-09f5-1ef19e0f0000 pid=3998 /usr/bin/busybox net send-data guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=040b288f-1a00-0000-09f5-1ef19e0f0000 pid=3998 execve guuid=4421599a-1a00-0000-09f5-1ef1c00f0000 pid=4032 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=4421599a-1a00-0000-09f5-1ef1c00f0000 pid=4032 execve guuid=f87fcb9a-1a00-0000-09f5-1ef1c20f0000 pid=4034 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=f87fcb9a-1a00-0000-09f5-1ef1c20f0000 pid=4034 clone guuid=7d79e09a-1a00-0000-09f5-1ef1c30f0000 pid=4035 /usr/bin/busybox net send-data guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=7d79e09a-1a00-0000-09f5-1ef1c30f0000 pid=4035 execve guuid=c2d41ba6-1a00-0000-09f5-1ef1ee0f0000 pid=4078 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=c2d41ba6-1a00-0000-09f5-1ef1ee0f0000 pid=4078 execve guuid=a9b2e9a6-1a00-0000-09f5-1ef1ef0f0000 pid=4079 /usr/bin/dash guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=a9b2e9a6-1a00-0000-09f5-1ef1ef0f0000 pid=4079 clone guuid=dfb8f6a6-1a00-0000-09f5-1ef1f00f0000 pid=4080 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=dfb8f6a6-1a00-0000-09f5-1ef1f00f0000 pid=4080 execve guuid=6fd8c6b7-1a00-0000-09f5-1ef121100000 pid=4129 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=6fd8c6b7-1a00-0000-09f5-1ef121100000 pid=4129 execve guuid=44be08b8-1a00-0000-09f5-1ef122100000 pid=4130 /home/sandbox/x86 net guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=44be08b8-1a00-0000-09f5-1ef122100000 pid=4130 execve guuid=e07436c7-1a00-0000-09f5-1ef15e100000 pid=4190 /usr/bin/busybox net send-data write-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=e07436c7-1a00-0000-09f5-1ef15e100000 pid=4190 execve guuid=d53507d8-1a00-0000-09f5-1ef199100000 pid=4249 /usr/bin/chmod guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d53507d8-1a00-0000-09f5-1ef199100000 pid=4249 execve guuid=bdaa3fd8-1a00-0000-09f5-1ef19b100000 pid=4251 /home/sandbox/x86_64 net guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=bdaa3fd8-1a00-0000-09f5-1ef19b100000 pid=4251 execve guuid=d22f20e7-1a00-0000-09f5-1ef1e1100000 pid=4321 /usr/bin/rm delete-file guuid=7c7f8ae9-1900-0000-09f5-1ef1d20d0000 pid=3538->guuid=d22f20e7-1a00-0000-09f5-1ef1e1100000 pid=4321 execve 622faed3-a990-5288-9206-6e7be819b1b5 147.93.182.114:80 guuid=7f1dd7e9-1900-0000-09f5-1ef1d40d0000 pid=3540->622faed3-a990-5288-9206-6e7be819b1b5 send: 89B guuid=dfcaf0fc-1900-0000-09f5-1ef1110e0000 pid=3601->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=4e7e420e-1a00-0000-09f5-1ef1470e0000 pid=3655->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=0e142d21-1a00-0000-09f5-1ef1630e0000 pid=3683->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=4dcf4b38-1a00-0000-09f5-1ef1ad0e0000 pid=3757->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=b7d34050-1a00-0000-09f5-1ef1f00e0000 pid=3824->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=d9baa263-1a00-0000-09f5-1ef1250f0000 pid=3877->622faed3-a990-5288-9206-6e7be819b1b5 send: 90B guuid=b12e3a7c-1a00-0000-09f5-1ef1610f0000 pid=3937->622faed3-a990-5288-9206-6e7be819b1b5 send: 89B guuid=040b288f-1a00-0000-09f5-1ef19e0f0000 pid=3998->622faed3-a990-5288-9206-6e7be819b1b5 send: 89B guuid=7d79e09a-1a00-0000-09f5-1ef1c30f0000 pid=4035->622faed3-a990-5288-9206-6e7be819b1b5 send: 89B guuid=dfb8f6a6-1a00-0000-09f5-1ef1f00f0000 pid=4080->622faed3-a990-5288-9206-6e7be819b1b5 send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=44be08b8-1a00-0000-09f5-1ef122100000 pid=4130->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=60a02ac7-1a00-0000-09f5-1ef15c100000 pid=4188 /home/sandbox/x86 guuid=44be08b8-1a00-0000-09f5-1ef122100000 pid=4130->guuid=60a02ac7-1a00-0000-09f5-1ef15c100000 pid=4188 clone guuid=3d012fc7-1a00-0000-09f5-1ef15d100000 pid=4189 /home/sandbox/x86 net send-data zombie guuid=44be08b8-1a00-0000-09f5-1ef122100000 pid=4130->guuid=3d012fc7-1a00-0000-09f5-1ef15d100000 pid=4189 clone guuid=3d012fc7-1a00-0000-09f5-1ef15d100000 pid=4189->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=3d012fc7-1a00-0000-09f5-1ef15d100000 pid=4189->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=e07436c7-1a00-0000-09f5-1ef15e100000 pid=4190->622faed3-a990-5288-9206-6e7be819b1b5 send: 92B guuid=bdaa3fd8-1a00-0000-09f5-1ef19b100000 pid=4251->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9cf710e7-1a00-0000-09f5-1ef1df100000 pid=4319 /home/sandbox/x86_64 guuid=bdaa3fd8-1a00-0000-09f5-1ef19b100000 pid=4251->guuid=9cf710e7-1a00-0000-09f5-1ef1df100000 pid=4319 clone guuid=dfba14e7-1a00-0000-09f5-1ef1e0100000 pid=4320 /home/sandbox/x86_64 net send-data zombie guuid=bdaa3fd8-1a00-0000-09f5-1ef19b100000 pid=4251->guuid=dfba14e7-1a00-0000-09f5-1ef1e0100000 pid=4320 clone guuid=dfba14e7-1a00-0000-09f5-1ef1e0100000 pid=4320->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dfba14e7-1a00-0000-09f5-1ef1e0100000 pid=4320->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-07 05:04:19 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnhzf3toavqrxkbrpmpgeeqr637hhx6xankuzz55y46xlekhvugq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251007-fpzflshr8z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 334f92ee6e05611ba8317b1e621211f6fe73dfd703554ce7bdc73d759147ad0d

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3661074/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3661093/
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments