MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd
SHA3-384 hash: 06c19500838cf13e7fbd22b6ab9c1b33e5bd32437f113bd4bb36a56163dfd0193220162b6fee3155606ce1e4a11459a3
SHA1 hash: c1b59cb3807aa5d20a21ffde5cf49e0e0a9fe8c8
MD5 hash: 2f12d4a10903d926082f51dbca0fa68a
humanhash: leopard-texas-batman-moon
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:822 bytes
First seen:2025-08-23 06:14:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:CLh3CYbrNIl5e40LKuK+OFC3jMKZTtjneSOZMXt9YKRb7Vn:7YvNI7sKV+ICjTT5el2tOsVn
TLSH T1F90103DE6A32777686088F69B3674C449026B9D032F50F1AFEC61C72CCD55003135E79
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://149.102.155.8/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Mirai32-bit elf mirai Mozi
http://149.102.155.8/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraiarm elf geofenced mirai ua-wget USA
http://149.102.155.8/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraiarm elf geofenced mirai ua-wget USA
http://149.102.155.8/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraiarm elf geofenced mirai ua-wget USA
http://149.102.155.8/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced m68k mirai ua-wget USA
http://149.102.155.8/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Mirai32-bit elf mirai Mozi
http://149.102.155.8/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mips mirai ua-wget USA
http://149.102.155.8/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai PowerPC ua-wget USA
http://149.102.155.8/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai SuperH ua-wget USA
http://149.102.155.8/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai sparc ua-wget USA
http://149.102.155.8/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Mirai32-bit elf mirai Mozi
http://149.102.155.8/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraiarc elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
23
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a95c877137d6845838f1dc/reports/e5b3d11b-078f-4f6b-8f68-c400061243e7/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-08-23T01:33:00Z UTC
Last seen:
2025-08-23T01:33:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/bd82d3ab-e8fd-4f39-99a9-2c404a164e3c
Behavior Graph:
Download SVG
%3 guuid=aa873c01-1700-0000-0ef6-32cd5f0a0000 pid=2655 /usr/bin/sudo guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665 /tmp/sample.bin guuid=aa873c01-1700-0000-0ef6-32cd5f0a0000 pid=2655->guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665 execve guuid=518aef03-1700-0000-0ef6-32cd6a0a0000 pid=2666 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=518aef03-1700-0000-0ef6-32cd6a0a0000 pid=2666 execve guuid=fc711f0b-1700-0000-0ef6-32cd830a0000 pid=2691 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=fc711f0b-1700-0000-0ef6-32cd830a0000 pid=2691 execve guuid=24b39a0b-1700-0000-0ef6-32cd850a0000 pid=2693 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=24b39a0b-1700-0000-0ef6-32cd850a0000 pid=2693 clone guuid=e3ac450e-1700-0000-0ef6-32cd8d0a0000 pid=2701 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=e3ac450e-1700-0000-0ef6-32cd8d0a0000 pid=2701 execve guuid=fb26f113-1700-0000-0ef6-32cd9d0a0000 pid=2717 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=fb26f113-1700-0000-0ef6-32cd9d0a0000 pid=2717 execve guuid=3b3b4514-1700-0000-0ef6-32cd9e0a0000 pid=2718 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=3b3b4514-1700-0000-0ef6-32cd9e0a0000 pid=2718 clone guuid=0b20f615-1700-0000-0ef6-32cda00a0000 pid=2720 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=0b20f615-1700-0000-0ef6-32cda00a0000 pid=2720 execve guuid=35fcef1c-1700-0000-0ef6-32cda10a0000 pid=2721 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=35fcef1c-1700-0000-0ef6-32cda10a0000 pid=2721 execve guuid=d657891d-1700-0000-0ef6-32cda20a0000 pid=2722 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=d657891d-1700-0000-0ef6-32cda20a0000 pid=2722 clone guuid=95dd8f1e-1700-0000-0ef6-32cda40a0000 pid=2724 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=95dd8f1e-1700-0000-0ef6-32cda40a0000 pid=2724 execve guuid=77b58725-1700-0000-0ef6-32cdb20a0000 pid=2738 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=77b58725-1700-0000-0ef6-32cdb20a0000 pid=2738 execve guuid=777c2e26-1700-0000-0ef6-32cdb40a0000 pid=2740 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=777c2e26-1700-0000-0ef6-32cdb40a0000 pid=2740 clone guuid=f1c39927-1700-0000-0ef6-32cdba0a0000 pid=2746 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=f1c39927-1700-0000-0ef6-32cdba0a0000 pid=2746 execve guuid=c367d130-1700-0000-0ef6-32cdd20a0000 pid=2770 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=c367d130-1700-0000-0ef6-32cdd20a0000 pid=2770 execve guuid=88230c31-1700-0000-0ef6-32cdd40a0000 pid=2772 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=88230c31-1700-0000-0ef6-32cdd40a0000 pid=2772 clone guuid=38018b31-1700-0000-0ef6-32cdd70a0000 pid=2775 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=38018b31-1700-0000-0ef6-32cdd70a0000 pid=2775 execve guuid=26c0e337-1700-0000-0ef6-32cdee0a0000 pid=2798 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=26c0e337-1700-0000-0ef6-32cdee0a0000 pid=2798 execve guuid=67491738-1700-0000-0ef6-32cdf00a0000 pid=2800 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=67491738-1700-0000-0ef6-32cdf00a0000 pid=2800 clone guuid=25c18a38-1700-0000-0ef6-32cdf30a0000 pid=2803 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=25c18a38-1700-0000-0ef6-32cdf30a0000 pid=2803 execve guuid=67250f3f-1700-0000-0ef6-32cd050b0000 pid=2821 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=67250f3f-1700-0000-0ef6-32cd050b0000 pid=2821 execve guuid=f7724c3f-1700-0000-0ef6-32cd070b0000 pid=2823 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=f7724c3f-1700-0000-0ef6-32cd070b0000 pid=2823 clone guuid=7dc0f33f-1700-0000-0ef6-32cd0b0b0000 pid=2827 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=7dc0f33f-1700-0000-0ef6-32cd0b0b0000 pid=2827 execve guuid=2d634745-1700-0000-0ef6-32cd1d0b0000 pid=2845 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=2d634745-1700-0000-0ef6-32cd1d0b0000 pid=2845 execve guuid=05979f45-1700-0000-0ef6-32cd1e0b0000 pid=2846 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=05979f45-1700-0000-0ef6-32cd1e0b0000 pid=2846 clone guuid=95a01146-1700-0000-0ef6-32cd210b0000 pid=2849 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=95a01146-1700-0000-0ef6-32cd210b0000 pid=2849 execve guuid=2a09954c-1700-0000-0ef6-32cd330b0000 pid=2867 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=2a09954c-1700-0000-0ef6-32cd330b0000 pid=2867 execve guuid=c921c64c-1700-0000-0ef6-32cd350b0000 pid=2869 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=c921c64c-1700-0000-0ef6-32cd350b0000 pid=2869 clone guuid=ad9f4c4d-1700-0000-0ef6-32cd390b0000 pid=2873 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=ad9f4c4d-1700-0000-0ef6-32cd390b0000 pid=2873 execve guuid=a8cde253-1700-0000-0ef6-32cd520b0000 pid=2898 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=a8cde253-1700-0000-0ef6-32cd520b0000 pid=2898 execve guuid=5cad2354-1700-0000-0ef6-32cd540b0000 pid=2900 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=5cad2354-1700-0000-0ef6-32cd540b0000 pid=2900 clone guuid=582de954-1700-0000-0ef6-32cd590b0000 pid=2905 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=582de954-1700-0000-0ef6-32cd590b0000 pid=2905 execve guuid=b8e6a25a-1700-0000-0ef6-32cd6f0b0000 pid=2927 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=b8e6a25a-1700-0000-0ef6-32cd6f0b0000 pid=2927 execve guuid=14c3d75a-1700-0000-0ef6-32cd710b0000 pid=2929 /home/sandbox/x86 net guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=14c3d75a-1700-0000-0ef6-32cd710b0000 pid=2929 execve guuid=dd798a69-1700-0000-0ef6-32cd9e0b0000 pid=2974 /usr/bin/wget net send-data write-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=dd798a69-1700-0000-0ef6-32cd9e0b0000 pid=2974 execve guuid=3aeff571-1700-0000-0ef6-32cdb40b0000 pid=2996 /usr/bin/chmod guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=3aeff571-1700-0000-0ef6-32cdb40b0000 pid=2996 execve guuid=28dd2a72-1700-0000-0ef6-32cdb60b0000 pid=2998 /usr/bin/dash guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=28dd2a72-1700-0000-0ef6-32cdb60b0000 pid=2998 clone guuid=569bba72-1700-0000-0ef6-32cdba0b0000 pid=3002 /usr/bin/rm delete-file guuid=9a09a803-1700-0000-0ef6-32cd690a0000 pid=2665->guuid=569bba72-1700-0000-0ef6-32cdba0b0000 pid=3002 execve 9026545a-c041-53c3-ac12-3fe8657bbe73 149.102.155.8:80 guuid=518aef03-1700-0000-0ef6-32cd6a0a0000 pid=2666->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 140B guuid=e3ac450e-1700-0000-0ef6-32cd8d0a0000 pid=2701->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=0b20f615-1700-0000-0ef6-32cda00a0000 pid=2720->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=95dd8f1e-1700-0000-0ef6-32cda40a0000 pid=2724->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=f1c39927-1700-0000-0ef6-32cdba0a0000 pid=2746->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=38018b31-1700-0000-0ef6-32cdd70a0000 pid=2775->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=25c18a38-1700-0000-0ef6-32cdf30a0000 pid=2803->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 141B guuid=7dc0f33f-1700-0000-0ef6-32cd0b0b0000 pid=2827->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 140B guuid=95a01146-1700-0000-0ef6-32cd210b0000 pid=2849->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 140B guuid=ad9f4c4d-1700-0000-0ef6-32cd390b0000 pid=2873->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 140B guuid=582de954-1700-0000-0ef6-32cd590b0000 pid=2905->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=14c3d75a-1700-0000-0ef6-32cd710b0000 pid=2929->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=63a68069-1700-0000-0ef6-32cd9c0b0000 pid=2972 /home/sandbox/x86 guuid=14c3d75a-1700-0000-0ef6-32cd710b0000 pid=2929->guuid=63a68069-1700-0000-0ef6-32cd9c0b0000 pid=2972 clone guuid=c3db8569-1700-0000-0ef6-32cd9d0b0000 pid=2973 /home/sandbox/x86 net send-data zombie guuid=14c3d75a-1700-0000-0ef6-32cd710b0000 pid=2929->guuid=c3db8569-1700-0000-0ef6-32cd9d0b0000 pid=2973 clone guuid=c3db8569-1700-0000-0ef6-32cd9d0b0000 pid=2973->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b 87.121.84.220:61459 guuid=c3db8569-1700-0000-0ef6-32cd9d0b0000 pid=2973->dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b send: 43B guuid=dd798a69-1700-0000-0ef6-32cd9e0b0000 pid=2974->9026545a-c041-53c3-ac12-3fe8657bbe73 send: 143B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-08-23 06:16:00 UTC
File Type:
Text (Shell)
AV detection:
20 of 38 (52.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hldbz7f7ja2kpwt6fcxy77n7gmui36cnj2xjy7xsjllzml3qrc6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250823-gz9vrsssdv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3ac61cfcbf4834a7da7e28af8ffdbf33288df84d4eae9c7ef24ad7962f7088bd

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3609683/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3609689/
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments