MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd
SHA3-384 hash: 1816aa9a6a3673a1a4e53a85386e9e655edaf366fc5f3e718e35f5042c16311835db425d643edd2d79dee73a275973bf
SHA1 hash: 51249176399a4df223c6071c6376842c8a6e9b1b
MD5 hash: 7cb13c60ffd8d43405189cd6f3471ce6
humanhash: lamp-ten-triple-comet
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:834 bytes
First seen:2025-10-07 05:03:24 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:h8d83Yq88NI7N8EKd89+Ih82jA8OT5m8HlZ8ats8rZ8gq8sn:hwiYqKNr0/IhXM95ma64Z0Z
TLSH T13C0156DF2235637606098DE9E063544DB02FD1C832B50F5BDDC42CF2D8D5D01B125E69
Magika asm
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://147.93.182.114/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraiarm elf geofenced mirai ua-wget USA
http://147.93.182.114/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf geofenced m68k mirai ua-wget USA
http://147.93.182.114/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf geofenced mips mirai ua-wget USA
http://147.93.182.114/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf geofenced mips mirai ua-wget USA
http://147.93.182.114/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf geofenced mirai PowerPC ua-wget USA
http://147.93.182.114/systemcl/sh4n/an/aelf ua-wget
http://147.93.182.114/systemcl/spcn/an/aelf ua-wget
http://147.93.182.114/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86
http://147.93.182.114/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68e49f3ef679cead12bc28b1/reports/2212ec86-ecb8-480d-af5a-a938448af34b/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-07T01:21:00Z UTC
Last seen:
2025-10-07T01:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/38aec579-d7ee-47d5-b02f-37bd47323d10
Behavior Graph:
Download SVG
%3 guuid=cfd125e1-1900-0000-8089-a7216d0d0000 pid=3437 /usr/bin/sudo guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445 /tmp/sample.bin guuid=cfd125e1-1900-0000-8089-a7216d0d0000 pid=3437->guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445 execve guuid=be3524e3-1900-0000-8089-a721770d0000 pid=3447 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=be3524e3-1900-0000-8089-a721770d0000 pid=3447 execve guuid=b6f6c5f6-1900-0000-8089-a721a50d0000 pid=3493 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=b6f6c5f6-1900-0000-8089-a721a50d0000 pid=3493 execve guuid=9554faf6-1900-0000-8089-a721a70d0000 pid=3495 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=9554faf6-1900-0000-8089-a721a70d0000 pid=3495 clone guuid=32ed6bf7-1900-0000-8089-a721aa0d0000 pid=3498 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=32ed6bf7-1900-0000-8089-a721aa0d0000 pid=3498 execve guuid=f948be08-1a00-0000-8089-a721c90d0000 pid=3529 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=f948be08-1a00-0000-8089-a721c90d0000 pid=3529 execve guuid=a27d0f09-1a00-0000-8089-a721ca0d0000 pid=3530 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=a27d0f09-1a00-0000-8089-a721ca0d0000 pid=3530 clone guuid=baaa520a-1a00-0000-8089-a721d00d0000 pid=3536 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=baaa520a-1a00-0000-8089-a721d00d0000 pid=3536 execve guuid=d4564921-1a00-0000-8089-a721140e0000 pid=3604 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=d4564921-1a00-0000-8089-a721140e0000 pid=3604 execve guuid=bed88721-1a00-0000-8089-a721160e0000 pid=3606 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=bed88721-1a00-0000-8089-a721160e0000 pid=3606 clone guuid=11830a23-1a00-0000-8089-a7211a0e0000 pid=3610 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=11830a23-1a00-0000-8089-a7211a0e0000 pid=3610 execve guuid=65abae3a-1a00-0000-8089-a721570e0000 pid=3671 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=65abae3a-1a00-0000-8089-a721570e0000 pid=3671 execve guuid=ffb0fe3a-1a00-0000-8089-a721580e0000 pid=3672 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=ffb0fe3a-1a00-0000-8089-a721580e0000 pid=3672 clone guuid=7d87ca3b-1a00-0000-8089-a7215a0e0000 pid=3674 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=7d87ca3b-1a00-0000-8089-a7215a0e0000 pid=3674 execve guuid=72492a55-1a00-0000-8089-a721940e0000 pid=3732 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=72492a55-1a00-0000-8089-a721940e0000 pid=3732 execve guuid=b3d69c55-1a00-0000-8089-a721980e0000 pid=3736 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=b3d69c55-1a00-0000-8089-a721980e0000 pid=3736 clone guuid=12ecaa57-1a00-0000-8089-a7219f0e0000 pid=3743 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=12ecaa57-1a00-0000-8089-a7219f0e0000 pid=3743 execve guuid=79165d6f-1a00-0000-8089-a721e30e0000 pid=3811 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=79165d6f-1a00-0000-8089-a721e30e0000 pid=3811 execve guuid=d1f2966f-1a00-0000-8089-a721e60e0000 pid=3814 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=d1f2966f-1a00-0000-8089-a721e60e0000 pid=3814 clone guuid=08a62671-1a00-0000-8089-a721f10e0000 pid=3825 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=08a62671-1a00-0000-8089-a721f10e0000 pid=3825 execve guuid=a3b3c487-1a00-0000-8089-a721300f0000 pid=3888 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=a3b3c487-1a00-0000-8089-a721300f0000 pid=3888 execve guuid=309e2888-1a00-0000-8089-a721310f0000 pid=3889 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=309e2888-1a00-0000-8089-a721310f0000 pid=3889 clone guuid=9789408a-1a00-0000-8089-a721380f0000 pid=3896 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=9789408a-1a00-0000-8089-a721380f0000 pid=3896 execve guuid=ebcb699e-1a00-0000-8089-a7217e0f0000 pid=3966 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=ebcb699e-1a00-0000-8089-a7217e0f0000 pid=3966 execve guuid=7444e09e-1a00-0000-8089-a721800f0000 pid=3968 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=7444e09e-1a00-0000-8089-a721800f0000 pid=3968 clone guuid=1b8071a0-1a00-0000-8089-a721860f0000 pid=3974 /usr/bin/wget net send-data guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=1b8071a0-1a00-0000-8089-a721860f0000 pid=3974 execve guuid=ba2fcead-1a00-0000-8089-a721a90f0000 pid=4009 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=ba2fcead-1a00-0000-8089-a721a90f0000 pid=4009 execve guuid=d5096aae-1a00-0000-8089-a721ab0f0000 pid=4011 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=d5096aae-1a00-0000-8089-a721ab0f0000 pid=4011 clone guuid=53fd72ae-1a00-0000-8089-a721ac0f0000 pid=4012 /usr/bin/wget net send-data guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=53fd72ae-1a00-0000-8089-a721ac0f0000 pid=4012 execve guuid=07dc01bb-1a00-0000-8089-a721de0f0000 pid=4062 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=07dc01bb-1a00-0000-8089-a721de0f0000 pid=4062 execve guuid=63635fbb-1a00-0000-8089-a721df0f0000 pid=4063 /usr/bin/dash guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=63635fbb-1a00-0000-8089-a721df0f0000 pid=4063 clone guuid=1fb067bb-1a00-0000-8089-a721e00f0000 pid=4064 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=1fb067bb-1a00-0000-8089-a721e00f0000 pid=4064 execve guuid=16e843cd-1a00-0000-8089-a72123100000 pid=4131 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=16e843cd-1a00-0000-8089-a72123100000 pid=4131 execve guuid=ac7593cd-1a00-0000-8089-a72124100000 pid=4132 /home/sandbox/x86 net guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=ac7593cd-1a00-0000-8089-a72124100000 pid=4132 execve guuid=b2587adf-1a00-0000-8089-a7216b100000 pid=4203 /usr/bin/wget net send-data write-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=b2587adf-1a00-0000-8089-a7216b100000 pid=4203 execve guuid=782331f1-1a00-0000-8089-a721b2100000 pid=4274 /usr/bin/chmod guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=782331f1-1a00-0000-8089-a721b2100000 pid=4274 execve guuid=f59f7bf1-1a00-0000-8089-a721b6100000 pid=4278 /home/sandbox/x86_64 net guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=f59f7bf1-1a00-0000-8089-a721b6100000 pid=4278 execve guuid=10352d00-1b00-0000-8089-a721f4100000 pid=4340 /usr/bin/rm delete-file guuid=02cbf3e2-1900-0000-8089-a721750d0000 pid=3445->guuid=10352d00-1b00-0000-8089-a721f4100000 pid=4340 execve 622faed3-a990-5288-9206-6e7be819b1b5 147.93.182.114:80 guuid=be3524e3-1900-0000-8089-a721770d0000 pid=3447->622faed3-a990-5288-9206-6e7be819b1b5 send: 141B guuid=32ed6bf7-1900-0000-8089-a721aa0d0000 pid=3498->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=baaa520a-1a00-0000-8089-a721d00d0000 pid=3536->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=11830a23-1a00-0000-8089-a7211a0e0000 pid=3610->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=7d87ca3b-1a00-0000-8089-a7215a0e0000 pid=3674->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=12ecaa57-1a00-0000-8089-a7219f0e0000 pid=3743->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=08a62671-1a00-0000-8089-a721f10e0000 pid=3825->622faed3-a990-5288-9206-6e7be819b1b5 send: 142B guuid=9789408a-1a00-0000-8089-a721380f0000 pid=3896->622faed3-a990-5288-9206-6e7be819b1b5 send: 141B guuid=1b8071a0-1a00-0000-8089-a721860f0000 pid=3974->622faed3-a990-5288-9206-6e7be819b1b5 send: 141B guuid=53fd72ae-1a00-0000-8089-a721ac0f0000 pid=4012->622faed3-a990-5288-9206-6e7be819b1b5 send: 141B guuid=1fb067bb-1a00-0000-8089-a721e00f0000 pid=4064->622faed3-a990-5288-9206-6e7be819b1b5 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=ac7593cd-1a00-0000-8089-a72124100000 pid=4132->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8a806cdf-1a00-0000-8089-a72169100000 pid=4201 /home/sandbox/x86 guuid=ac7593cd-1a00-0000-8089-a72124100000 pid=4132->guuid=8a806cdf-1a00-0000-8089-a72169100000 pid=4201 clone guuid=6f8370df-1a00-0000-8089-a7216a100000 pid=4202 /home/sandbox/x86 net send-data zombie guuid=ac7593cd-1a00-0000-8089-a72124100000 pid=4132->guuid=6f8370df-1a00-0000-8089-a7216a100000 pid=4202 clone guuid=6f8370df-1a00-0000-8089-a7216a100000 pid=4202->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=6f8370df-1a00-0000-8089-a7216a100000 pid=4202->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=b2587adf-1a00-0000-8089-a7216b100000 pid=4203->622faed3-a990-5288-9206-6e7be819b1b5 send: 144B guuid=f59f7bf1-1a00-0000-8089-a721b6100000 pid=4278->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=50762200-1b00-0000-8089-a721f2100000 pid=4338 /home/sandbox/x86_64 guuid=f59f7bf1-1a00-0000-8089-a721b6100000 pid=4278->guuid=50762200-1b00-0000-8089-a721f2100000 pid=4338 clone guuid=d6702600-1b00-0000-8089-a721f3100000 pid=4339 /home/sandbox/x86_64 net send-data zombie guuid=f59f7bf1-1a00-0000-8089-a721b6100000 pid=4278->guuid=d6702600-1b00-0000-8089-a721f3100000 pid=4339 clone guuid=d6702600-1b00-0000-8089-a721f3100000 pid=4339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d6702600-1b00-0000-8089-a721f3100000 pid=4339->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-07 05:04:20 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsk3iqnb7r7addwwzznxfr5xcwl77tibalpvdsi2xom4xft67xgq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251007-fp66fsyxcx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3495b441a1fc7e018ed6ce5b72c7b71597ffcd0102df51c91abb99cb967efdcd

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3661075/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3661081/
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments