MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541
SHA3-384 hash: 72f9e9dce54099a47b78409e28533c37159728d8141606eceaf431c10077b1cb4d81df5b0c1a98093f9d3baddc3f3fa0
SHA1 hash: 1e74b6ba1bf90d7beb497b6574e61e0e0d1afde1
MD5 hash: 2a0bf730e281d6f984827b9b4dc19d45
humanhash: michigan-snake-table-orange
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'089 bytes
First seen:2025-10-02 05:37:08 UTC
Last seen:2025-10-04 19:44:49 UTC
File type: sh
MIME type:text/plain
ssdeep 12:Aq+5oaL+5WNIQQA+57vK2H+5tKA+5N+5V+5g5+5oH+5IcA+5u3A+5JzAUv:aNI5KmedBV5dv
TLSH T1F7113AF92015512A12086F11706A09396EFBF7E2A0369EF454BFE42361CB5D07726F3B
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
2
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68de10a074e5a289899d8bb3/reports/43230da5-0bf2-4657-ac73-823e85310f5f/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-10-01T19:37:00Z UTC
Last seen:
2025-10-03T06:14:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/65611ebb-c644-4597-94e0-8bdabf7f2425
Behavior Graph:
Download SVG
%3 guuid=c772c990-1700-0000-42ee-03872f0e0000 pid=3631 /usr/bin/sudo guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636 /tmp/sample.bin guuid=c772c990-1700-0000-42ee-03872f0e0000 pid=3631->guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636 execve guuid=1931eb92-1700-0000-42ee-0387350e0000 pid=3637 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=1931eb92-1700-0000-42ee-0387350e0000 pid=3637 execve guuid=03894f9e-1700-0000-42ee-0387490e0000 pid=3657 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=03894f9e-1700-0000-42ee-0387490e0000 pid=3657 execve guuid=71f3ad9e-1700-0000-42ee-03874a0e0000 pid=3658 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=71f3ad9e-1700-0000-42ee-03874a0e0000 pid=3658 clone guuid=f8378aa0-1700-0000-42ee-03874c0e0000 pid=3660 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=f8378aa0-1700-0000-42ee-03874c0e0000 pid=3660 execve guuid=aca011a6-1700-0000-42ee-03874d0e0000 pid=3661 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=aca011a6-1700-0000-42ee-03874d0e0000 pid=3661 execve guuid=f63ef3a6-1700-0000-42ee-03874e0e0000 pid=3662 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=f63ef3a6-1700-0000-42ee-03874e0e0000 pid=3662 clone guuid=ef937fa8-1700-0000-42ee-0387500e0000 pid=3664 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=ef937fa8-1700-0000-42ee-0387500e0000 pid=3664 execve guuid=807f66b2-1700-0000-42ee-0387650e0000 pid=3685 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=807f66b2-1700-0000-42ee-0387650e0000 pid=3685 execve guuid=0f079db2-1700-0000-42ee-0387670e0000 pid=3687 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=0f079db2-1700-0000-42ee-0387670e0000 pid=3687 clone guuid=4c6021b3-1700-0000-42ee-03876a0e0000 pid=3690 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=4c6021b3-1700-0000-42ee-03876a0e0000 pid=3690 execve guuid=74a18cbf-1700-0000-42ee-0387990e0000 pid=3737 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=74a18cbf-1700-0000-42ee-0387990e0000 pid=3737 execve guuid=4f18e5bf-1700-0000-42ee-03879d0e0000 pid=3741 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=4f18e5bf-1700-0000-42ee-03879d0e0000 pid=3741 clone guuid=504319c1-1700-0000-42ee-0387a10e0000 pid=3745 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=504319c1-1700-0000-42ee-0387a10e0000 pid=3745 execve guuid=7b3b2dc6-1700-0000-42ee-0387b00e0000 pid=3760 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=7b3b2dc6-1700-0000-42ee-0387b00e0000 pid=3760 execve guuid=7f8a91c6-1700-0000-42ee-0387b10e0000 pid=3761 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=7f8a91c6-1700-0000-42ee-0387b10e0000 pid=3761 clone guuid=6f5c66c7-1700-0000-42ee-0387b50e0000 pid=3765 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=6f5c66c7-1700-0000-42ee-0387b50e0000 pid=3765 execve guuid=9e0ad9cb-1700-0000-42ee-0387c00e0000 pid=3776 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=9e0ad9cb-1700-0000-42ee-0387c00e0000 pid=3776 execve guuid=9fd92ccc-1700-0000-42ee-0387c20e0000 pid=3778 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=9fd92ccc-1700-0000-42ee-0387c20e0000 pid=3778 clone guuid=703d3dcc-1700-0000-42ee-0387c30e0000 pid=3779 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=703d3dcc-1700-0000-42ee-0387c30e0000 pid=3779 execve guuid=820ebfd5-1700-0000-42ee-0387f00e0000 pid=3824 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=820ebfd5-1700-0000-42ee-0387f00e0000 pid=3824 execve guuid=66bf18d6-1700-0000-42ee-0387f30e0000 pid=3827 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=66bf18d6-1700-0000-42ee-0387f30e0000 pid=3827 clone guuid=9f5ae4d6-1700-0000-42ee-0387f80e0000 pid=3832 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=9f5ae4d6-1700-0000-42ee-0387f80e0000 pid=3832 execve guuid=979697dc-1700-0000-42ee-0387090f0000 pid=3849 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=979697dc-1700-0000-42ee-0387090f0000 pid=3849 execve guuid=acfe0bdd-1700-0000-42ee-03870d0f0000 pid=3853 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=acfe0bdd-1700-0000-42ee-03870d0f0000 pid=3853 clone guuid=c25f26de-1700-0000-42ee-0387100f0000 pid=3856 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=c25f26de-1700-0000-42ee-0387100f0000 pid=3856 execve guuid=f01a5be8-1700-0000-42ee-03872e0f0000 pid=3886 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=f01a5be8-1700-0000-42ee-03872e0f0000 pid=3886 execve guuid=3257d5e8-1700-0000-42ee-03872f0f0000 pid=3887 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=3257d5e8-1700-0000-42ee-03872f0f0000 pid=3887 clone guuid=1f56edee-1700-0000-42ee-0387340f0000 pid=3892 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=1f56edee-1700-0000-42ee-0387340f0000 pid=3892 execve guuid=afa0dff7-1700-0000-42ee-0387520f0000 pid=3922 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=afa0dff7-1700-0000-42ee-0387520f0000 pid=3922 execve guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926 /home/sandbox/UnHAnaAW.x86 net guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926 execve guuid=d7047ef8-1700-0000-42ee-03875c0f0000 pid=3932 /usr/bin/wget net send-data write-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=d7047ef8-1700-0000-42ee-03875c0f0000 pid=3932 execve guuid=1dbaff0f-1800-0000-42ee-0387930f0000 pid=3987 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=1dbaff0f-1800-0000-42ee-0387930f0000 pid=3987 execve guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988 /home/sandbox/UnHAnaAW.x86_64 net guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988 execve guuid=71be737b-1900-0000-42ee-0387a5130000 pid=5029 /usr/bin/wget net guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=71be737b-1900-0000-42ee-0387a5130000 pid=5029 execve guuid=50eadb85-1900-0000-42ee-0387c9130000 pid=5065 /usr/bin/chmod guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=50eadb85-1900-0000-42ee-0387c9130000 pid=5065 execve guuid=88181286-1900-0000-42ee-0387ca130000 pid=5066 /usr/bin/dash guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=88181286-1900-0000-42ee-0387ca130000 pid=5066 clone guuid=b2431f86-1900-0000-42ee-0387cb130000 pid=5067 /usr/bin/rm delete-file guuid=551ab392-1700-0000-42ee-0387340e0000 pid=3636->guuid=b2431f86-1900-0000-42ee-0387cb130000 pid=5067 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=1931eb92-1700-0000-42ee-0387350e0000 pid=3637->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=f8378aa0-1700-0000-42ee-03874c0e0000 pid=3660->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=ef937fa8-1700-0000-42ee-0387500e0000 pid=3664->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=4c6021b3-1700-0000-42ee-03876a0e0000 pid=3690->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=504319c1-1700-0000-42ee-0387a10e0000 pid=3745->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=6f5c66c7-1700-0000-42ee-0387b50e0000 pid=3765->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=703d3dcc-1700-0000-42ee-0387c30e0000 pid=3779->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=9f5ae4d6-1700-0000-42ee-0387f80e0000 pid=3832->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=c25f26de-1700-0000-42ee-0387100f0000 pid=3856->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=1f56edee-1700-0000-42ee-0387340f0000 pid=3892->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=023769f8-1700-0000-42ee-0387570f0000 pid=3927 /home/sandbox/UnHAnaAW.x86 guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926->guuid=023769f8-1700-0000-42ee-0387570f0000 pid=3927 clone guuid=92e86ff8-1700-0000-42ee-0387580f0000 pid=3928 /home/sandbox/UnHAnaAW.x86 guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926->guuid=92e86ff8-1700-0000-42ee-0387580f0000 pid=3928 clone guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=169245f8-1700-0000-42ee-0387560f0000 pid=3926->guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929 clone guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 12B guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934 clone guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935 clone guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936 clone guuid=095496f8-1700-0000-42ee-0387610f0000 pid=3937 /home/sandbox/UnHAnaAW.x86 guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=095496f8-1700-0000-42ee-0387610f0000 pid=3937 clone guuid=cf379bf8-1700-0000-42ee-0387620f0000 pid=3938 /home/sandbox/UnHAnaAW.x86 guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=cf379bf8-1700-0000-42ee-0387620f0000 pid=3938 clone guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=762075f8-1700-0000-42ee-0387590f0000 pid=3929->guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939 clone guuid=d7047ef8-1700-0000-42ee-03875c0f0000 pid=3932->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 144B guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934|send-data send-data to 160 IP addresses review logs to see them all guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934->guuid=7dc285f8-1700-0000-42ee-03875e0f0000 pid=3934|send-data send guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935|send-data send-data to 160 IP addresses review logs to see them all guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935->guuid=05788af8-1700-0000-42ee-03875f0f0000 pid=3935|send-data send guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936|send-data send-data to 1024 IP addresses review logs to see them all guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936->guuid=07b18ff8-1700-0000-42ee-0387600f0000 pid=3936|send-data send guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939|send-data send-data to 384 IP addresses review logs to see them all guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939->guuid=4963a1f8-1700-0000-42ee-0387630f0000 pid=3939|send-data send guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=cf20567b-1900-0000-42ee-0387a1130000 pid=5025 /home/sandbox/UnHAnaAW.x86_64 guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988->guuid=cf20567b-1900-0000-42ee-0387a1130000 pid=5025 clone guuid=e9a65c7b-1900-0000-42ee-0387a2130000 pid=5026 /home/sandbox/UnHAnaAW.x86_64 guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988->guuid=e9a65c7b-1900-0000-42ee-0387a2130000 pid=5026 clone guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=c0e95710-1800-0000-42ee-0387940f0000 pid=3988->guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028 clone guuid=170b6e43-2100-0000-42ee-0387cd140000 pid=5325 /home/sandbox/UnHAnaAW.x86_64 guuid=cf20567b-1900-0000-42ee-0387a1130000 pid=5025->guuid=170b6e43-2100-0000-42ee-0387cd140000 pid=5325 clone guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=cf20567b-1900-0000-42ee-0387a1130000 pid=5025->guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326 clone guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 14B guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030 clone guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031 clone guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032 clone guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033 /home/sandbox/UnHAnaAW.x86_64 net send-data guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033 clone guuid=58dfb37b-1900-0000-42ee-0387aa130000 pid=5034 /home/sandbox/UnHAnaAW.x86_64 guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=58dfb37b-1900-0000-42ee-0387aa130000 pid=5034 clone guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=3390687b-1900-0000-42ee-0387a4130000 pid=5028->guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035 clone guuid=71be737b-1900-0000-42ee-0387a5130000 pid=5029->eaaaaddb-f5f1-5090-9f4d-096f63c93adc con guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030|send-data send-data to 4097 IP addresses review logs to see them all guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030->guuid=d39b7d7b-1900-0000-42ee-0387a6130000 pid=5030|send-data send guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 362f4726-9857-5029-b351-1387ca1779e8 88.223.93.45:80 guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031->362f4726-9857-5029-b351-1387ca1779e8 send: 40B guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031|send-data send-data to 4097 IP addresses review logs to see them all guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031->guuid=233e867b-1900-0000-42ee-0387a7130000 pid=5031|send-data send guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032|send-data send-data to 4097 IP addresses review logs to see them all guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032->guuid=f0ba8f7b-1900-0000-42ee-0387a8130000 pid=5032|send-data send guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 12B guuid=e41f5943-2100-0000-42ee-0387cb140000 pid=5323 /home/sandbox/UnHAnaAW.x86_64 guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033->guuid=e41f5943-2100-0000-42ee-0387cb140000 pid=5323 clone guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=d15fa77b-1900-0000-42ee-0387a9130000 pid=5033->guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324 clone guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035|send-data send-data to 4097 IP addresses review logs to see them all guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035->guuid=12b8c27b-1900-0000-42ee-0387ab130000 pid=5035|send-data send guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324|send-data send-data to 4097 IP addresses review logs to see them all guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324->guuid=5c266143-2100-0000-42ee-0387cc140000 pid=5324|send-data send guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327 clone guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328 clone guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329 clone guuid=09038a43-2100-0000-42ee-0387d2140000 pid=5330 /home/sandbox/UnHAnaAW.x86_64 net guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=09038a43-2100-0000-42ee-0387d2140000 pid=5330 clone guuid=1a028d43-2100-0000-42ee-0387d3140000 pid=5331 /home/sandbox/UnHAnaAW.x86_64 guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=1a028d43-2100-0000-42ee-0387d3140000 pid=5331 clone guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=63da7243-2100-0000-42ee-0387ce140000 pid=5326->guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332 clone guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327|send-data send-data to 4097 IP addresses review logs to see them all guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327->guuid=4fbd7e43-2100-0000-42ee-0387cf140000 pid=5327|send-data send guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328|send-data send-data to 4097 IP addresses review logs to see them all guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328->guuid=20088243-2100-0000-42ee-0387d0140000 pid=5328|send-data send guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329|send-data send-data to 4097 IP addresses review logs to see them all guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329->guuid=0df18543-2100-0000-42ee-0387d1140000 pid=5329|send-data send guuid=09038a43-2100-0000-42ee-0387d2140000 pid=5330->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=389ac76d-2200-0000-42ee-0387d5140000 pid=5333 /home/sandbox/UnHAnaAW.x86_64 guuid=09038a43-2100-0000-42ee-0387d2140000 pid=5330->guuid=389ac76d-2200-0000-42ee-0387d5140000 pid=5333 clone guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=09038a43-2100-0000-42ee-0387d2140000 pid=5330->guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334 clone guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332|send-data send-data to 4097 IP addresses review logs to see them all guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332->guuid=91039043-2100-0000-42ee-0387d4140000 pid=5332|send-data send guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334|send-data send-data to 4097 IP addresses review logs to see them all guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334->guuid=5af1ce6d-2200-0000-42ee-0387d6140000 pid=5334|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 00:32:19 UTC
File Type:
Text (Shell)
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6hskhkc3xmu62a4kp3zzpy2eklvfgczy7mvpflde3vkxzgbyvaq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251002-gdspcssqw7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 378f251d42ddd94f681c53f79cbf1a2297529859c7d957956326eaabe4c1c541

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3639150/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3639180/

Comments