MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4
SHA3-384 hash: 2c90ba32364bd5a65ac8bea5ff62020547b441f7a0b216178277aa97c6d52b06d72dbe4cc6d601abfb85b0b923f84456
SHA1 hash: 8d1a68ea8873b0b69b9fab0cf0de1eb1d716ee67
MD5 hash: ef4f659b47d73a54ffedb140b519491c
humanhash: sodium-avocado-eleven-artist
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:931 bytes
First seen:2025-10-18 17:11:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:bHytHvYEaHUNIl5oH10LKmbH1+ObmH+jMMHWT5bH/SOMHSt1HzMHYfHAbR:IYEjNI71KI+ijQTVlVt5X8R
TLSH T17A110DCF23A161320481CDA46067C86C99249AD03147CF9FDDCC88BB9ED5964B626F6C
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.61.131.157/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://72.61.131.157/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://72.61.131.157/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://72.61.131.157/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://72.61.131.157/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://72.61.131.157/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://72.61.131.157/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://72.61.131.157/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://72.61.131.157/systemcl/sh4n/an/an/a
http://72.61.131.157/systemcl/spcn/an/an/a
http://72.61.131.157/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://72.61.131.157/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68f3ca863a79800405ea2080/reports/59eb0dc9-74a1-4407-90f4-b8a4b5ed6370/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0b2eb477-9288-4d21-8605-ab43daaf182f
Behavior Graph:
Download SVG
%3 guuid=167de833-1900-0000-6447-9a0bcd0b0000 pid=3021 /usr/bin/sudo guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029 /tmp/sample.bin guuid=167de833-1900-0000-6447-9a0bcd0b0000 pid=3021->guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029 execve guuid=f31cca36-1900-0000-6447-9a0bd60b0000 pid=3030 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=f31cca36-1900-0000-6447-9a0bd60b0000 pid=3030 execve guuid=8323e45c-1900-0000-6447-9a0b220c0000 pid=3106 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=8323e45c-1900-0000-6447-9a0b220c0000 pid=3106 execve guuid=f1414c5d-1900-0000-6447-9a0b230c0000 pid=3107 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=f1414c5d-1900-0000-6447-9a0b230c0000 pid=3107 clone guuid=06742e5e-1900-0000-6447-9a0b260c0000 pid=3110 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=06742e5e-1900-0000-6447-9a0b260c0000 pid=3110 execve guuid=bb248d83-1900-0000-6447-9a0b4e0c0000 pid=3150 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=bb248d83-1900-0000-6447-9a0b4e0c0000 pid=3150 execve guuid=fae3d783-1900-0000-6447-9a0b4f0c0000 pid=3151 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=fae3d783-1900-0000-6447-9a0b4f0c0000 pid=3151 clone guuid=50e36c84-1900-0000-6447-9a0b510c0000 pid=3153 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=50e36c84-1900-0000-6447-9a0b510c0000 pid=3153 execve guuid=a3d714ab-1900-0000-6447-9a0b7b0c0000 pid=3195 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=a3d714ab-1900-0000-6447-9a0b7b0c0000 pid=3195 execve guuid=f8af6dab-1900-0000-6447-9a0b7c0c0000 pid=3196 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=f8af6dab-1900-0000-6447-9a0b7c0c0000 pid=3196 clone guuid=e9a728ad-1900-0000-6447-9a0b820c0000 pid=3202 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=e9a728ad-1900-0000-6447-9a0b820c0000 pid=3202 execve guuid=c2dd4edf-1900-0000-6447-9a0bba0c0000 pid=3258 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=c2dd4edf-1900-0000-6447-9a0bba0c0000 pid=3258 execve guuid=4c2da9df-1900-0000-6447-9a0bbd0c0000 pid=3261 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=4c2da9df-1900-0000-6447-9a0bbd0c0000 pid=3261 clone guuid=321e2de1-1900-0000-6447-9a0bc00c0000 pid=3264 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=321e2de1-1900-0000-6447-9a0bc00c0000 pid=3264 execve guuid=f6d33816-1a00-0000-6447-9a0b0e0d0000 pid=3342 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=f6d33816-1a00-0000-6447-9a0b0e0d0000 pid=3342 execve guuid=6f390417-1a00-0000-6447-9a0b0f0d0000 pid=3343 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=6f390417-1a00-0000-6447-9a0b0f0d0000 pid=3343 clone guuid=7509a118-1a00-0000-6447-9a0b120d0000 pid=3346 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=7509a118-1a00-0000-6447-9a0b120d0000 pid=3346 execve guuid=1c210040-1a00-0000-6447-9a0b510d0000 pid=3409 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=1c210040-1a00-0000-6447-9a0b510d0000 pid=3409 execve guuid=47637840-1a00-0000-6447-9a0b520d0000 pid=3410 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=47637840-1a00-0000-6447-9a0b520d0000 pid=3410 clone guuid=2fe0e841-1a00-0000-6447-9a0b560d0000 pid=3414 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=2fe0e841-1a00-0000-6447-9a0b560d0000 pid=3414 execve guuid=6c1fdf73-1a00-0000-6447-9a0bb00d0000 pid=3504 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=6c1fdf73-1a00-0000-6447-9a0bb00d0000 pid=3504 execve guuid=e2144074-1a00-0000-6447-9a0bb20d0000 pid=3506 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=e2144074-1a00-0000-6447-9a0bb20d0000 pid=3506 clone guuid=9786a475-1a00-0000-6447-9a0bb80d0000 pid=3512 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=9786a475-1a00-0000-6447-9a0bb80d0000 pid=3512 execve guuid=88748fa2-1a00-0000-6447-9a0bdf0d0000 pid=3551 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=88748fa2-1a00-0000-6447-9a0bdf0d0000 pid=3551 execve guuid=86d910a3-1a00-0000-6447-9a0be10d0000 pid=3553 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=86d910a3-1a00-0000-6447-9a0be10d0000 pid=3553 clone guuid=9c6b88a4-1a00-0000-6447-9a0be50d0000 pid=3557 /usr/bin/busybox net send-data guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=9c6b88a4-1a00-0000-6447-9a0be50d0000 pid=3557 execve guuid=53ead5bd-1a00-0000-6447-9a0b0a0e0000 pid=3594 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=53ead5bd-1a00-0000-6447-9a0b0a0e0000 pid=3594 execve guuid=7c5829be-1a00-0000-6447-9a0b0d0e0000 pid=3597 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=7c5829be-1a00-0000-6447-9a0b0d0e0000 pid=3597 clone guuid=46524fbe-1a00-0000-6447-9a0b0e0e0000 pid=3598 /usr/bin/busybox net send-data guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=46524fbe-1a00-0000-6447-9a0b0e0e0000 pid=3598 execve guuid=605699d8-1a00-0000-6447-9a0b370e0000 pid=3639 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=605699d8-1a00-0000-6447-9a0b370e0000 pid=3639 execve guuid=230ba5d9-1a00-0000-6447-9a0b390e0000 pid=3641 /usr/bin/dash guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=230ba5d9-1a00-0000-6447-9a0b390e0000 pid=3641 clone guuid=c0a2bcd9-1a00-0000-6447-9a0b3a0e0000 pid=3642 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=c0a2bcd9-1a00-0000-6447-9a0b3a0e0000 pid=3642 execve guuid=1524f000-1b00-0000-6447-9a0b720e0000 pid=3698 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=1524f000-1b00-0000-6447-9a0b720e0000 pid=3698 execve guuid=1f334a01-1b00-0000-6447-9a0b730e0000 pid=3699 /home/sandbox/x86 net guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=1f334a01-1b00-0000-6447-9a0b730e0000 pid=3699 execve guuid=71acb110-1b00-0000-6447-9a0b970e0000 pid=3735 /usr/bin/busybox net send-data write-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=71acb110-1b00-0000-6447-9a0b970e0000 pid=3735 execve guuid=9f0e6237-1b00-0000-6447-9a0b130f0000 pid=3859 /usr/bin/chmod guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=9f0e6237-1b00-0000-6447-9a0b130f0000 pid=3859 execve guuid=afe7d537-1b00-0000-6447-9a0b140f0000 pid=3860 /home/sandbox/x86_64 net guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=afe7d537-1b00-0000-6447-9a0b140f0000 pid=3860 execve guuid=1cb3f747-1b00-0000-6447-9a0b4c0f0000 pid=3916 /usr/bin/rm delete-file guuid=7cb78336-1900-0000-6447-9a0bd50b0000 pid=3029->guuid=1cb3f747-1b00-0000-6447-9a0b4c0f0000 pid=3916 execve 5054920f-d720-5744-a2dc-e9fe3bd1ecc8 72.61.131.157:80 guuid=f31cca36-1900-0000-6447-9a0bd60b0000 pid=3030->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 88B guuid=06742e5e-1900-0000-6447-9a0b260c0000 pid=3110->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=50e36c84-1900-0000-6447-9a0b510c0000 pid=3153->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=e9a728ad-1900-0000-6447-9a0b820c0000 pid=3202->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=321e2de1-1900-0000-6447-9a0bc00c0000 pid=3264->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=7509a118-1a00-0000-6447-9a0b120d0000 pid=3346->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=2fe0e841-1a00-0000-6447-9a0b560d0000 pid=3414->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 89B guuid=9786a475-1a00-0000-6447-9a0bb80d0000 pid=3512->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 88B guuid=9c6b88a4-1a00-0000-6447-9a0be50d0000 pid=3557->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 88B guuid=46524fbe-1a00-0000-6447-9a0b0e0e0000 pid=3598->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 88B guuid=c0a2bcd9-1a00-0000-6447-9a0b3a0e0000 pid=3642->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 88B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=1f334a01-1b00-0000-6447-9a0b730e0000 pid=3699->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=286fa410-1b00-0000-6447-9a0b940e0000 pid=3732 /home/sandbox/x86 guuid=1f334a01-1b00-0000-6447-9a0b730e0000 pid=3699->guuid=286fa410-1b00-0000-6447-9a0b940e0000 pid=3732 clone guuid=8615a910-1b00-0000-6447-9a0b950e0000 pid=3733 /home/sandbox/x86 net send-data zombie guuid=1f334a01-1b00-0000-6447-9a0b730e0000 pid=3699->guuid=8615a910-1b00-0000-6447-9a0b950e0000 pid=3733 clone guuid=8615a910-1b00-0000-6447-9a0b950e0000 pid=3733->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=8615a910-1b00-0000-6447-9a0b950e0000 pid=3733->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=71acb110-1b00-0000-6447-9a0b970e0000 pid=3735->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 91B guuid=afe7d537-1b00-0000-6447-9a0b140f0000 pid=3860->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3bd8e847-1b00-0000-6447-9a0b4a0f0000 pid=3914 /home/sandbox/x86_64 guuid=afe7d537-1b00-0000-6447-9a0b140f0000 pid=3860->guuid=3bd8e847-1b00-0000-6447-9a0b4a0f0000 pid=3914 clone guuid=f154ed47-1b00-0000-6447-9a0b4b0f0000 pid=3915 /home/sandbox/x86_64 net send-data zombie guuid=afe7d537-1b00-0000-6447-9a0b140f0000 pid=3860->guuid=f154ed47-1b00-0000-6447-9a0b4b0f0000 pid=3915 clone guuid=f154ed47-1b00-0000-6447-9a0b4b0f0000 pid=3915->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f154ed47-1b00-0000-6447-9a0b4b0f0000 pid=3915->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-10-18 17:12:44 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcnil7rll4wu3ob3rbwrmg34dbrjyqwdf4uklygpauqpxpqjld2a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-vqyyssey7e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 389a85fe2b5f2d4db83b886d161b7c18629c42c32f28a5e0cf0520fbbe0958f4

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3681180/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments