MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3
SHA3-384 hash: b37f6a447d9ce17b6b05c393c4ce7e64485cffa595a141298b71a97548147664da0f755f7a4b8bf97a415ef22201fba7
SHA1 hash: 96331732e32d42fe467f5f63cf6cebae70d70941
MD5 hash: da5f3c133cc05ee9e4f6c47cfee2e581
humanhash: texas-pasta-wolfram-jupiter
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'017 bytes
First seen:2025-07-09 08:50:35 UTC
Last seen:2025-07-09 20:34:42 UTC
File type: sh
MIME type:text/plain
ssdeep 12:BBx+y5cArE+y5NI+3BEA+yiTKRiH+yFNZIq+y8Qi+yDTNPcw+yHg+yZB0KA+ylzP:B9y5NI67oKkFN+y8rXhUbU733Vxxn
TLSH T12411AAFF9391250B00B88FC634A94605E645C2DBE46E4B3DBE8C8DAB56CDA047058F8F
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.138.16.35/bins/morte.arm0366f0ad2dbe401e6eb8bfe94197b68feb50555ea7f18580edaefb10d2217be1 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm5ae45041ed0905f227e9c0cf60caaa85442ae2a2d50b3deb981669032a4969b4a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm6a92987877b39d6c9c89b355009924e00594871b1fd95ff0b3fdac40538476f91 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.arm79a0dc5cbb09dcb13f3168afa62ab90422904df9857e8648ac0a6dc446ded3c9c Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.m68kc9f49bb9be7a2de4496fe53b9e7aeeb481eb0675d35db07aec012e5d93430ec4 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.mips2abfda331a0d2578720099a5e419e16fa54cf72f5e2f07ba5d50101815d535f6 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.mpsl44896c535e200ce8b71196b0413d8660e541586a272bd430e1579337281bc34a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.ppca462773601a873b72af5e8590f08d66fb1ca53c906b0593401448cbca0c42c22 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.sh49c264aee96aa8937d2b7d8accada27b5dbb4c3eac257fb055f8b13c8a16d06be Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.spcf6293cce1ed1fe65837e30ecb24e4687b85ac03e0c0920788266cd4a3f8a0a3a Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.x86491501ada8e776460fee2439203f5d607de9094202f32fa549f3a4fbaabaa9c1 Miraielf mirai ua-wget
http://45.138.16.35/bins/morte.x86_64454ec3218663dcc6a0c43a96d6a487b3a8288e34bca3f7c8768e0c44a17b040d Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686e2d9e900df8e7f868eed8linux22vpnfull_triage
Tags:
downloader trojan agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a0177d18-7b53-4669-aeeb-70108d69c1c3
Behavior Graph:
Download SVG
%3 guuid=61d32663-1a00-0000-239c-2875e30b0000 pid=3043 /usr/bin/sudo guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051 /tmp/sample.bin guuid=61d32663-1a00-0000-239c-2875e30b0000 pid=3043->guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051 execve guuid=a0452266-1a00-0000-239c-2875ed0b0000 pid=3053 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=a0452266-1a00-0000-239c-2875ed0b0000 pid=3053 execve guuid=83978a6d-1a00-0000-239c-2875030c0000 pid=3075 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=83978a6d-1a00-0000-239c-2875030c0000 pid=3075 execve guuid=d914f46d-1a00-0000-239c-2875040c0000 pid=3076 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=d914f46d-1a00-0000-239c-2875040c0000 pid=3076 clone guuid=c2ddbb6e-1a00-0000-239c-2875090c0000 pid=3081 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c2ddbb6e-1a00-0000-239c-2875090c0000 pid=3081 execve guuid=6b89f574-1a00-0000-239c-2875160c0000 pid=3094 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=6b89f574-1a00-0000-239c-2875160c0000 pid=3094 execve guuid=57868d75-1a00-0000-239c-2875190c0000 pid=3097 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=57868d75-1a00-0000-239c-2875190c0000 pid=3097 clone guuid=e7802776-1a00-0000-239c-28751d0c0000 pid=3101 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=e7802776-1a00-0000-239c-28751d0c0000 pid=3101 execve guuid=aabd2a7c-1a00-0000-239c-28752f0c0000 pid=3119 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=aabd2a7c-1a00-0000-239c-28752f0c0000 pid=3119 execve guuid=c877af7c-1a00-0000-239c-2875310c0000 pid=3121 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c877af7c-1a00-0000-239c-2875310c0000 pid=3121 clone guuid=9092327d-1a00-0000-239c-2875340c0000 pid=3124 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=9092327d-1a00-0000-239c-2875340c0000 pid=3124 execve guuid=c354b484-1a00-0000-239c-2875490c0000 pid=3145 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c354b484-1a00-0000-239c-2875490c0000 pid=3145 execve guuid=d5420685-1a00-0000-239c-28754b0c0000 pid=3147 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=d5420685-1a00-0000-239c-28754b0c0000 pid=3147 clone guuid=c4e69785-1a00-0000-239c-28754f0c0000 pid=3151 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c4e69785-1a00-0000-239c-28754f0c0000 pid=3151 execve guuid=964f4b8d-1a00-0000-239c-2875640c0000 pid=3172 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=964f4b8d-1a00-0000-239c-2875640c0000 pid=3172 execve guuid=69d5888d-1a00-0000-239c-2875660c0000 pid=3174 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=69d5888d-1a00-0000-239c-2875660c0000 pid=3174 clone guuid=221b058e-1a00-0000-239c-2875690c0000 pid=3177 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=221b058e-1a00-0000-239c-2875690c0000 pid=3177 execve guuid=463bba93-1a00-0000-239c-2875720c0000 pid=3186 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=463bba93-1a00-0000-239c-2875720c0000 pid=3186 execve guuid=61453494-1a00-0000-239c-2875740c0000 pid=3188 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=61453494-1a00-0000-239c-2875740c0000 pid=3188 clone guuid=336a2895-1a00-0000-239c-2875780c0000 pid=3192 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=336a2895-1a00-0000-239c-2875780c0000 pid=3192 execve guuid=3168659b-1a00-0000-239c-2875810c0000 pid=3201 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=3168659b-1a00-0000-239c-2875810c0000 pid=3201 execve guuid=6da2b19b-1a00-0000-239c-2875830c0000 pid=3203 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=6da2b19b-1a00-0000-239c-2875830c0000 pid=3203 clone guuid=0081609c-1a00-0000-239c-2875850c0000 pid=3205 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=0081609c-1a00-0000-239c-2875850c0000 pid=3205 execve guuid=066ca9a2-1a00-0000-239c-28758c0c0000 pid=3212 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=066ca9a2-1a00-0000-239c-28758c0c0000 pid=3212 execve guuid=40f0f1a2-1a00-0000-239c-28758d0c0000 pid=3213 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=40f0f1a2-1a00-0000-239c-28758d0c0000 pid=3213 clone guuid=c655fea4-1a00-0000-239c-28758f0c0000 pid=3215 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c655fea4-1a00-0000-239c-28758f0c0000 pid=3215 execve guuid=18bb58ad-1a00-0000-239c-2875900c0000 pid=3216 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=18bb58ad-1a00-0000-239c-2875900c0000 pid=3216 execve guuid=bdc5b8ad-1a00-0000-239c-2875910c0000 pid=3217 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=bdc5b8ad-1a00-0000-239c-2875910c0000 pid=3217 clone guuid=215970ae-1a00-0000-239c-2875930c0000 pid=3219 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=215970ae-1a00-0000-239c-2875930c0000 pid=3219 execve guuid=47a23db6-1a00-0000-239c-28759c0c0000 pid=3228 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=47a23db6-1a00-0000-239c-28759c0c0000 pid=3228 execve guuid=39b584b6-1a00-0000-239c-28759e0c0000 pid=3230 /usr/bin/dash guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=39b584b6-1a00-0000-239c-28759e0c0000 pid=3230 clone guuid=c6b792b8-1a00-0000-239c-2875a50c0000 pid=3237 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c6b792b8-1a00-0000-239c-2875a50c0000 pid=3237 execve guuid=5399c8be-1a00-0000-239c-2875b20c0000 pid=3250 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=5399c8be-1a00-0000-239c-2875b20c0000 pid=3250 execve guuid=f3550fbf-1a00-0000-239c-2875b30c0000 pid=3251 /home/sandbox/morte.x86 net guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=f3550fbf-1a00-0000-239c-2875b30c0000 pid=3251 execve guuid=2a67c2bf-1a00-0000-239c-2875b80c0000 pid=3256 /usr/bin/wget net send-data write-file guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=2a67c2bf-1a00-0000-239c-2875b80c0000 pid=3256 execve guuid=c427b6c5-1a00-0000-239c-2875c20c0000 pid=3266 /usr/bin/chmod guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=c427b6c5-1a00-0000-239c-2875c20c0000 pid=3266 execve guuid=d9b501c6-1a00-0000-239c-2875c30c0000 pid=3267 /home/sandbox/morte.x86_64 mprotect-exec net guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=d9b501c6-1a00-0000-239c-2875c30c0000 pid=3267 execve guuid=7913d53d-1b00-0000-239c-2875750d0000 pid=3445 /usr/bin/rm guuid=b657a165-1a00-0000-239c-2875eb0b0000 pid=3051->guuid=7913d53d-1b00-0000-239c-2875750d0000 pid=3445 execve e4e03298-99ea-5528-be32-6d1c712fc916 45.138.16.35:80 guuid=a0452266-1a00-0000-239c-2875ed0b0000 pid=3053->e4e03298-99ea-5528-be32-6d1c712fc916 send: 141B guuid=c2ddbb6e-1a00-0000-239c-2875090c0000 pid=3081->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=e7802776-1a00-0000-239c-28751d0c0000 pid=3101->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=9092327d-1a00-0000-239c-2875340c0000 pid=3124->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=c4e69785-1a00-0000-239c-28754f0c0000 pid=3151->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=221b058e-1a00-0000-239c-2875690c0000 pid=3177->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=336a2895-1a00-0000-239c-2875780c0000 pid=3192->e4e03298-99ea-5528-be32-6d1c712fc916 send: 142B guuid=0081609c-1a00-0000-239c-2875850c0000 pid=3205->e4e03298-99ea-5528-be32-6d1c712fc916 send: 141B guuid=c655fea4-1a00-0000-239c-28758f0c0000 pid=3215->e4e03298-99ea-5528-be32-6d1c712fc916 send: 141B guuid=215970ae-1a00-0000-239c-2875930c0000 pid=3219->e4e03298-99ea-5528-be32-6d1c712fc916 send: 141B guuid=c6b792b8-1a00-0000-239c-2875a50c0000 pid=3237->e4e03298-99ea-5528-be32-6d1c712fc916 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f3550fbf-1a00-0000-239c-2875b30c0000 pid=3251->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=57c9b5bf-1a00-0000-239c-2875b60c0000 pid=3254 /home/sandbox/morte.x86 guuid=f3550fbf-1a00-0000-239c-2875b30c0000 pid=3251->guuid=57c9b5bf-1a00-0000-239c-2875b60c0000 pid=3254 clone guuid=4f7fbbbf-1a00-0000-239c-2875b70c0000 pid=3255 /home/sandbox/morte.x86 delete-file dns net send-data zombie guuid=f3550fbf-1a00-0000-239c-2875b30c0000 pid=3251->guuid=4f7fbbbf-1a00-0000-239c-2875b70c0000 pid=3255 clone guuid=4f7fbbbf-1a00-0000-239c-2875b70c0000 pid=3255->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 30B 96fddf7d-a0d8-5efa-9fe5-4b09baec8f67 cnnetwork.uk:12121 guuid=4f7fbbbf-1a00-0000-239c-2875b70c0000 pid=3255->96fddf7d-a0d8-5efa-9fe5-4b09baec8f67 con guuid=5d4fc9bf-1a00-0000-239c-2875b90c0000 pid=3257 /home/sandbox/morte.x86 guuid=4f7fbbbf-1a00-0000-239c-2875b70c0000 pid=3255->guuid=5d4fc9bf-1a00-0000-239c-2875b90c0000 pid=3257 clone guuid=2a67c2bf-1a00-0000-239c-2875b80c0000 pid=3256->e4e03298-99ea-5528-be32-6d1c712fc916 send: 144B guuid=d9b501c6-1a00-0000-239c-2875c30c0000 pid=3267->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=d9b501c6-1a00-0000-239c-2875c30c0000 pid=3267->f77ebf5e-2af7-5b09-86f4-388588a8b445 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-09 06:31:07 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hea2xmkettu44t4yjkqekfbr6bvpmoq7z53rvyswafqoz5tz3hrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250709-ksdqjawthz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3901abb1449ce9ce4f984aa0451431f06af63a1fcf771ae2560160ecf679d9e3

(this sample)

Mirai

elf dab1bcac38e12cdeb1901afdc0d783d4e37ee4985bad95b2b2a1b1a93876bf20

Mirai

elf 05831bc25d19d0a78fc6572a0143dcadc70a22d9d2a1184ac0f4a2bde23c8b7a

  
URLhaus
https://urlhaus.abuse.ch/url/3579498/
  
Delivery method
Distributed via web download
  
Dropping
MD5 25f074af50202002ce65b03ad532e859
  
Dropping
SHA256 05831bc25d19d0a78fc6572a0143dcadc70a22d9d2a1184ac0f4a2bde23c8b7a

Comments