MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039
SHA3-384 hash: e96991b56561324c39015ebe1cc01d186ff1296fa8158731d0a50e9b64ea6a4fd0cfcd75eb48e4962db3be1e547dca4a
SHA1 hash: 73266fbfd95962339a3a5f513b897c30bf2e25f9
MD5 hash: 267140c11a4f037cec8dbd632a984b16
humanhash: utah-beryllium-red-lamp
File name:wget2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'053 bytes
First seen:2025-09-30 05:32:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:A+q+pas+JNIQo+SvK/+uK+l+vE14+ny+5K+a+tl+WoUv:oNIDKR57toUv
TLSH T1E6118EF9001991091801AF1070DA08396DBBF7E65137DEF6547FE423A9DB9E03B25E35
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget
http://213.209.143.44/UnHAnaAW.i5863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68db6bac74e5a2898999879f/reports/f09bde9c-09ab-4503-b345-3e23569873c9/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-30T02:52:00Z UTC
Last seen:
2025-09-30T02:52:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl HEUR:Exploit.Linux.CVE-2017-17215.a HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Mirai.au
Link:
https://opentip.kaspersky.com/3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4a325f8a-64da-4a13-b5ce-6fc4111b17de
Behavior Graph:
Download SVG
%3 guuid=e908ebce-1900-0000-0f04-d8de980c0000 pid=3224 /usr/bin/sudo guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231 /tmp/sample.bin guuid=e908ebce-1900-0000-0f04-d8de980c0000 pid=3224->guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231 execve guuid=d9a971d2-1900-0000-0f04-d8dea00c0000 pid=3232 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=d9a971d2-1900-0000-0f04-d8dea00c0000 pid=3232 execve guuid=9b69add9-1900-0000-0f04-d8dea40c0000 pid=3236 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=9b69add9-1900-0000-0f04-d8dea40c0000 pid=3236 execve guuid=721005da-1900-0000-0f04-d8dea60c0000 pid=3238 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=721005da-1900-0000-0f04-d8dea60c0000 pid=3238 clone guuid=d6adb6db-1900-0000-0f04-d8deac0c0000 pid=3244 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=d6adb6db-1900-0000-0f04-d8deac0c0000 pid=3244 execve guuid=4c310de0-1900-0000-0f04-d8deb40c0000 pid=3252 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=4c310de0-1900-0000-0f04-d8deb40c0000 pid=3252 execve guuid=20a450e0-1900-0000-0f04-d8deb50c0000 pid=3253 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=20a450e0-1900-0000-0f04-d8deb50c0000 pid=3253 clone guuid=1ea5cee0-1900-0000-0f04-d8deb90c0000 pid=3257 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=1ea5cee0-1900-0000-0f04-d8deb90c0000 pid=3257 execve guuid=8ac9a9e9-1900-0000-0f04-d8dec40c0000 pid=3268 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=8ac9a9e9-1900-0000-0f04-d8dec40c0000 pid=3268 execve guuid=5ed7e7e9-1900-0000-0f04-d8dec60c0000 pid=3270 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=5ed7e7e9-1900-0000-0f04-d8dec60c0000 pid=3270 clone guuid=965535eb-1900-0000-0f04-d8decc0c0000 pid=3276 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=965535eb-1900-0000-0f04-d8decc0c0000 pid=3276 execve guuid=0fbd84f6-1900-0000-0f04-d8dee90c0000 pid=3305 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=0fbd84f6-1900-0000-0f04-d8dee90c0000 pid=3305 execve guuid=ea5accf6-1900-0000-0f04-d8deea0c0000 pid=3306 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=ea5accf6-1900-0000-0f04-d8deea0c0000 pid=3306 clone guuid=eedd58f7-1900-0000-0f04-d8deed0c0000 pid=3309 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=eedd58f7-1900-0000-0f04-d8deed0c0000 pid=3309 execve guuid=9dd9f200-1a00-0000-0f04-d8de060d0000 pid=3334 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=9dd9f200-1a00-0000-0f04-d8de060d0000 pid=3334 execve guuid=0f0b3301-1a00-0000-0f04-d8de070d0000 pid=3335 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=0f0b3301-1a00-0000-0f04-d8de070d0000 pid=3335 clone guuid=acacbf01-1a00-0000-0f04-d8de0a0d0000 pid=3338 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=acacbf01-1a00-0000-0f04-d8de0a0d0000 pid=3338 execve guuid=c0761106-1a00-0000-0f04-d8de110d0000 pid=3345 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=c0761106-1a00-0000-0f04-d8de110d0000 pid=3345 execve guuid=67dd7106-1a00-0000-0f04-d8de120d0000 pid=3346 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=67dd7106-1a00-0000-0f04-d8de120d0000 pid=3346 clone guuid=643c8006-1a00-0000-0f04-d8de130d0000 pid=3347 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=643c8006-1a00-0000-0f04-d8de130d0000 pid=3347 execve guuid=2026af0b-1a00-0000-0f04-d8de140d0000 pid=3348 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=2026af0b-1a00-0000-0f04-d8de140d0000 pid=3348 execve guuid=93ff000c-1a00-0000-0f04-d8de150d0000 pid=3349 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=93ff000c-1a00-0000-0f04-d8de150d0000 pid=3349 clone guuid=6e37930c-1a00-0000-0f04-d8de180d0000 pid=3352 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=6e37930c-1a00-0000-0f04-d8de180d0000 pid=3352 execve guuid=679eda11-1a00-0000-0f04-d8de250d0000 pid=3365 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=679eda11-1a00-0000-0f04-d8de250d0000 pid=3365 execve guuid=f6322a12-1a00-0000-0f04-d8de270d0000 pid=3367 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=f6322a12-1a00-0000-0f04-d8de270d0000 pid=3367 clone guuid=8874a712-1a00-0000-0f04-d8de2b0d0000 pid=3371 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=8874a712-1a00-0000-0f04-d8de2b0d0000 pid=3371 execve guuid=b123b51b-1a00-0000-0f04-d8de410d0000 pid=3393 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=b123b51b-1a00-0000-0f04-d8de410d0000 pid=3393 execve guuid=3595301c-1a00-0000-0f04-d8de440d0000 pid=3396 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=3595301c-1a00-0000-0f04-d8de440d0000 pid=3396 clone guuid=0818c11c-1a00-0000-0f04-d8de480d0000 pid=3400 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=0818c11c-1a00-0000-0f04-d8de480d0000 pid=3400 execve guuid=6bb7d625-1a00-0000-0f04-d8de630d0000 pid=3427 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=6bb7d625-1a00-0000-0f04-d8de630d0000 pid=3427 execve guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429 /home/sandbox/UnHAnaAW.x86 net guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429 execve guuid=31da4726-1a00-0000-0f04-d8de6a0d0000 pid=3434 /usr/bin/wget net send-data write-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=31da4726-1a00-0000-0f04-d8de6a0d0000 pid=3434 execve guuid=0a196b3b-1a00-0000-0f04-d8deb10d0000 pid=3505 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=0a196b3b-1a00-0000-0f04-d8deb10d0000 pid=3505 execve guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507 /home/sandbox/UnHAnaAW.x86_64 net guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507 execve guuid=521ebfa6-1b00-0000-0f04-d8debc110000 pid=4540 /usr/bin/wget net guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=521ebfa6-1b00-0000-0f04-d8debc110000 pid=4540 execve guuid=2f2404ad-1b00-0000-0f04-d8dec3110000 pid=4547 /usr/bin/chmod guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=2f2404ad-1b00-0000-0f04-d8dec3110000 pid=4547 execve guuid=314abbad-1b00-0000-0f04-d8dec4110000 pid=4548 /usr/bin/dash guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=314abbad-1b00-0000-0f04-d8dec4110000 pid=4548 clone guuid=8a31cbad-1b00-0000-0f04-d8dec5110000 pid=4549 /usr/bin/rm delete-file guuid=8b1506d2-1900-0000-0f04-d8de9f0c0000 pid=3231->guuid=8a31cbad-1b00-0000-0f04-d8dec5110000 pid=4549 execve 9a5bfd7d-6ca1-5e69-b1de-790583636c52 213.209.143.44:80 guuid=d9a971d2-1900-0000-0f04-d8dea00c0000 pid=3232->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=d6adb6db-1900-0000-0f04-d8deac0c0000 pid=3244->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=1ea5cee0-1900-0000-0f04-d8deb90c0000 pid=3257->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=965535eb-1900-0000-0f04-d8decc0c0000 pid=3276->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=eedd58f7-1900-0000-0f04-d8deed0c0000 pid=3309->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=acacbf01-1a00-0000-0f04-d8de0a0d0000 pid=3338->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=643c8006-1a00-0000-0f04-d8de130d0000 pid=3347->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=6e37930c-1a00-0000-0f04-d8de180d0000 pid=3352->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=8874a712-1a00-0000-0f04-d8de2b0d0000 pid=3371->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=0818c11c-1a00-0000-0f04-d8de480d0000 pid=3400->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a2053926-1a00-0000-0f04-d8de670d0000 pid=3431 /home/sandbox/UnHAnaAW.x86 guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429->guuid=a2053926-1a00-0000-0f04-d8de670d0000 pid=3431 clone guuid=a5013c26-1a00-0000-0f04-d8de680d0000 pid=3432 /home/sandbox/UnHAnaAW.x86 guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429->guuid=a5013c26-1a00-0000-0f04-d8de680d0000 pid=3432 clone guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=33891826-1a00-0000-0f04-d8de650d0000 pid=3429->guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433 clone guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 795831f1-3652-5898-8295-aba18a81ec9e 213.209.143.44:1024 guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->795831f1-3652-5898-8295-aba18a81ec9e send: 9B guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435 clone guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436 clone guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437 clone guuid=49b45726-1a00-0000-0f04-d8de6e0d0000 pid=3438 /home/sandbox/UnHAnaAW.x86 guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=49b45726-1a00-0000-0f04-d8de6e0d0000 pid=3438 clone guuid=12eb5a26-1a00-0000-0f04-d8de6f0d0000 pid=3439 /home/sandbox/UnHAnaAW.x86 guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=12eb5a26-1a00-0000-0f04-d8de6f0d0000 pid=3439 clone guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=ac174026-1a00-0000-0f04-d8de690d0000 pid=3433->guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440 clone guuid=31da4726-1a00-0000-0f04-d8de6a0d0000 pid=3434->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 144B guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435|send-data send-data to 160 IP addresses review logs to see them all guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435->guuid=ba9d4a26-1a00-0000-0f04-d8de6b0d0000 pid=3435|send-data send guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436|send-data send-data to 160 IP addresses review logs to see them all guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436->guuid=a2964d26-1a00-0000-0f04-d8de6c0d0000 pid=3436|send-data send guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437|send-data send-data to 1024 IP addresses review logs to see them all guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437->guuid=1d225126-1a00-0000-0f04-d8de6d0d0000 pid=3437|send-data send guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440|send-data send-data to 384 IP addresses review logs to see them all guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440->guuid=c4175e26-1a00-0000-0f04-d8de700d0000 pid=3440|send-data send guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=9755a1a6-1b00-0000-0f04-d8deb9110000 pid=4537 /home/sandbox/UnHAnaAW.x86_64 guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507->guuid=9755a1a6-1b00-0000-0f04-d8deb9110000 pid=4537 clone guuid=44e7a9a6-1b00-0000-0f04-d8deba110000 pid=4538 /home/sandbox/UnHAnaAW.x86_64 guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507->guuid=44e7a9a6-1b00-0000-0f04-d8deba110000 pid=4538 clone guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=b3edb53b-1a00-0000-0f04-d8deb30d0000 pid=3507->guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539 clone guuid=90b46e0f-2500-0000-0f04-d8decd140000 pid=5325 /home/sandbox/UnHAnaAW.x86_64 guuid=9755a1a6-1b00-0000-0f04-d8deb9110000 pid=4537->guuid=90b46e0f-2500-0000-0f04-d8decd140000 pid=5325 clone guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=9755a1a6-1b00-0000-0f04-d8deb9110000 pid=4537->guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326 clone guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->795831f1-3652-5898-8295-aba18a81ec9e send: 11B guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541 clone guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542 clone guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543 clone guuid=ef9fd5a6-1b00-0000-0f04-d8dec0110000 pid=4544 /home/sandbox/UnHAnaAW.x86_64 net guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=ef9fd5a6-1b00-0000-0f04-d8dec0110000 pid=4544 clone guuid=e557daa6-1b00-0000-0f04-d8dec1110000 pid=4545 /home/sandbox/UnHAnaAW.x86_64 guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=e557daa6-1b00-0000-0f04-d8dec1110000 pid=4545 clone guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=6f00b2a6-1b00-0000-0f04-d8debb110000 pid=4539->guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546 clone guuid=521ebfa6-1b00-0000-0f04-d8debc110000 pid=4540->9a5bfd7d-6ca1-5e69-b1de-790583636c52 con guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541|send-data send-data to 4097 IP addresses review logs to see them all guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541->guuid=d387c5a6-1b00-0000-0f04-d8debd110000 pid=4541|send-data send guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542|send-data send-data to 4096 IP addresses review logs to see them all guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542->guuid=7d07caa6-1b00-0000-0f04-d8debe110000 pid=4542|send-data send guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543|send-data send-data to 4097 IP addresses review logs to see them all guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543->guuid=a457cfa6-1b00-0000-0f04-d8debf110000 pid=4543|send-data send guuid=ef9fd5a6-1b00-0000-0f04-d8dec0110000 pid=4544->795831f1-3652-5898-8295-aba18a81ec9e con guuid=92417d0f-2500-0000-0f04-d8decf140000 pid=5327 /home/sandbox/UnHAnaAW.x86_64 guuid=ef9fd5a6-1b00-0000-0f04-d8dec0110000 pid=4544->guuid=92417d0f-2500-0000-0f04-d8decf140000 pid=5327 clone guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=ef9fd5a6-1b00-0000-0f04-d8dec0110000 pid=4544->guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328 clone guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546|send-data send-data to 4097 IP addresses review logs to see them all guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546->guuid=0f45e1a6-1b00-0000-0f04-d8dec2110000 pid=4546|send-data send guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->795831f1-3652-5898-8295-aba18a81ec9e con guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329 clone guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330 clone guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331 clone guuid=01de920f-2500-0000-0f04-d8ded4140000 pid=5332 /home/sandbox/UnHAnaAW.x86_64 net guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=01de920f-2500-0000-0f04-d8ded4140000 pid=5332 clone guuid=bf5a960f-2500-0000-0f04-d8ded5140000 pid=5333 /home/sandbox/UnHAnaAW.x86_64 guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=bf5a960f-2500-0000-0f04-d8ded5140000 pid=5333 clone guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=1d82730f-2500-0000-0f04-d8dece140000 pid=5326->guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334 clone guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328|send-data send-data to 4097 IP addresses review logs to see them all guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328->guuid=6aea810f-2500-0000-0f04-d8ded0140000 pid=5328|send-data send guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329|send-data send-data to 3680 IP addresses review logs to see them all guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329->guuid=c07c870f-2500-0000-0f04-d8ded1140000 pid=5329|send-data send guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330|send-data send-data to 3679 IP addresses review logs to see them all guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330->guuid=38d98a0f-2500-0000-0f04-d8ded2140000 pid=5330|send-data send guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331|send-data send-data to 4097 IP addresses review logs to see them all guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331->guuid=3c9e8e0f-2500-0000-0f04-d8ded3140000 pid=5331|send-data send guuid=01de920f-2500-0000-0f04-d8ded4140000 pid=5332->795831f1-3652-5898-8295-aba18a81ec9e con guuid=7cd7033a-2600-0000-0f04-d8ded7140000 pid=5335 /home/sandbox/UnHAnaAW.x86_64 guuid=01de920f-2500-0000-0f04-d8ded4140000 pid=5332->guuid=7cd7033a-2600-0000-0f04-d8ded7140000 pid=5335 clone guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=01de920f-2500-0000-0f04-d8ded4140000 pid=5332->guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336 clone guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334|send-data send-data to 4097 IP addresses review logs to see them all guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334->guuid=5f62990f-2500-0000-0f04-d8ded6140000 pid=5334|send-data send guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336|send-data send-data to 4097 IP addresses review logs to see them all guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336->guuid=5cdb083a-2600-0000-0f04-d8ded8140000 pid=5336|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039/
Verdict:
Malicious
Threat:
Backdoor.Linux.Mirai
Link:
https://tip.neiki.dev/file/3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 05:33:31 UTC
File Type:
Text
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hrujwchw2j4hewfpo4zpvtlc6iij6ellmtm2eusepowggcch6a4q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250930-f83blstry5/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3c689b08f6d2787258af7732facd62f2109f116b64d9a252447bac630847f039

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3635413/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments