MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0
SHA3-384 hash: f262fd7453e0f3bef5571575153af04ac654627585dcfef1dcc1f182d10372a6ce85f771a63d3f0380cc314e2f4faf53
SHA1 hash: 97198c50b6e2c1ed653d5b30fcf35c3b9e2ed12e
MD5 hash: b2d4b9007f86f2893cd74e3e3641c87e
humanhash: arizona-fanta-arkansas-fifteen
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:880 bytes
First seen:2025-12-25 17:39:29 UTC
Last seen:2025-12-26 13:05:59 UTC
File type: sh
MIME type:text/plain
ssdeep 12:zD3XiNIBS+JoKSrSxHXjMdl9AXn9oaTxyTF6thyrQkn:z7iNIIXKSrQ3wdl9A3936WOQkn
TLSH T1FD11CEAD2190582988EACC0D32E90800A63FD58979619F38DDF9443740F7ABC7F6CE8D
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://190.123.46.72/bins/main_arm0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm55d94992dac0b6d592f86b0d59af84c52168f05d7aa1713a0c4fd62820be71630 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm65b1cf87888710837c0007fd20877644abec191d7fed82763a15b959d591444d4 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_arm7cf40305398ee234528ebd18bb54b13e1bb94f90a501636857e25ba114bb1c9c6 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_sh4fd893a3ee002cd623137b4f65fda5624232eb22e53f5fec40601bc26e7eed29a Miraielf mirai ua-wget
http://190.123.46.72/bins/main_m68k7cca33815eaccd864db722658cce4a234c32280e2ee7266c9fecd8601652c95f Miraielf mirai ua-wget
http://190.123.46.72/bins/main_mips261cbea15e9c316a7a13d6ee7c496feb4364d264355821dc03664c17f398bcd1 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_mpsl2322a5098627d113e939e6ac7ddb5c80ed5e253a650c6b6e1737baa4617db415 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_x86_646c22bec08f6ce62b43664b22028e033d496990b06a053c4aee5168b3af787c55 Miraielf mirai ua-wget
http://190.123.46.72/bins/main_ppcb1d611c59c43c5f2ae26da403ac6f4c59f721d91716cd5c07e3293351db8124c Miraielf mirai ua-wget
http://190.123.46.72/bins/main_x8605466e5727f528209cff95c2e7e2b197aa0fe4e312fd3709c13a1605c8cc2555 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
bash lolbin mirai
Link:
https://www.filescan.io/uploads/694d7703a7163552ba04e452/reports/8ece9282-b357-4e6f-a1fe-124556517923/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8a1b133e-c4a4-482f-b09c-76bdbfc895a1
Behavior Graph:
Download SVG
%3 guuid=6977675b-1500-0000-07ec-9fc1b10b0000 pid=2993 /usr/bin/sudo guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996 /tmp/sample.bin guuid=6977675b-1500-0000-07ec-9fc1b10b0000 pid=2993->guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996 execve guuid=18a08f5d-1500-0000-07ec-9fc1b60b0000 pid=2998 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=18a08f5d-1500-0000-07ec-9fc1b60b0000 pid=2998 execve guuid=00d8f68c-1500-0000-07ec-9fc1200c0000 pid=3104 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=00d8f68c-1500-0000-07ec-9fc1200c0000 pid=3104 execve guuid=4d2e498d-1500-0000-07ec-9fc1220c0000 pid=3106 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=4d2e498d-1500-0000-07ec-9fc1220c0000 pid=3106 clone guuid=9d5d9c8e-1500-0000-07ec-9fc1260c0000 pid=3110 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=9d5d9c8e-1500-0000-07ec-9fc1260c0000 pid=3110 execve guuid=54bd0ebe-1500-0000-07ec-9fc1610c0000 pid=3169 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=54bd0ebe-1500-0000-07ec-9fc1610c0000 pid=3169 execve guuid=3be755be-1500-0000-07ec-9fc1620c0000 pid=3170 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=3be755be-1500-0000-07ec-9fc1620c0000 pid=3170 clone guuid=adc6ddbe-1500-0000-07ec-9fc1640c0000 pid=3172 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=adc6ddbe-1500-0000-07ec-9fc1640c0000 pid=3172 execve guuid=d298a1ed-1500-0000-07ec-9fc19e0c0000 pid=3230 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=d298a1ed-1500-0000-07ec-9fc19e0c0000 pid=3230 execve guuid=c2e8f7ed-1500-0000-07ec-9fc19f0c0000 pid=3231 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=c2e8f7ed-1500-0000-07ec-9fc19f0c0000 pid=3231 clone guuid=de468fee-1500-0000-07ec-9fc1a20c0000 pid=3234 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=de468fee-1500-0000-07ec-9fc1a20c0000 pid=3234 execve guuid=96fa2c20-1600-0000-07ec-9fc1ff0c0000 pid=3327 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=96fa2c20-1600-0000-07ec-9fc1ff0c0000 pid=3327 execve guuid=49c4cc20-1600-0000-07ec-9fc1010d0000 pid=3329 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=49c4cc20-1600-0000-07ec-9fc1010d0000 pid=3329 clone guuid=aaf92422-1600-0000-07ec-9fc1060d0000 pid=3334 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=aaf92422-1600-0000-07ec-9fc1060d0000 pid=3334 execve guuid=695d8450-1600-0000-07ec-9fc15f0d0000 pid=3423 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=695d8450-1600-0000-07ec-9fc15f0d0000 pid=3423 execve guuid=5cdb0051-1600-0000-07ec-9fc1620d0000 pid=3426 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=5cdb0051-1600-0000-07ec-9fc1620d0000 pid=3426 clone guuid=f4f28152-1600-0000-07ec-9fc1690d0000 pid=3433 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=f4f28152-1600-0000-07ec-9fc1690d0000 pid=3433 execve guuid=a3ac3181-1600-0000-07ec-9fc1cf0d0000 pid=3535 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=a3ac3181-1600-0000-07ec-9fc1cf0d0000 pid=3535 execve guuid=0c556b81-1600-0000-07ec-9fc1d10d0000 pid=3537 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=0c556b81-1600-0000-07ec-9fc1d10d0000 pid=3537 clone guuid=ab102883-1600-0000-07ec-9fc1d90d0000 pid=3545 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=ab102883-1600-0000-07ec-9fc1d90d0000 pid=3545 execve guuid=d0bf7fb3-1600-0000-07ec-9fc1640e0000 pid=3684 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=d0bf7fb3-1600-0000-07ec-9fc1640e0000 pid=3684 execve guuid=6c14d8b3-1600-0000-07ec-9fc1650e0000 pid=3685 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=6c14d8b3-1600-0000-07ec-9fc1650e0000 pid=3685 clone guuid=d4338fb5-1600-0000-07ec-9fc1670e0000 pid=3687 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=d4338fb5-1600-0000-07ec-9fc1670e0000 pid=3687 execve guuid=32f6613d-1700-0000-07ec-9fc10b100000 pid=4107 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=32f6613d-1700-0000-07ec-9fc10b100000 pid=4107 execve guuid=004adf3d-1700-0000-07ec-9fc10d100000 pid=4109 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=004adf3d-1700-0000-07ec-9fc10d100000 pid=4109 clone guuid=530dd73e-1700-0000-07ec-9fc114100000 pid=4116 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=530dd73e-1700-0000-07ec-9fc114100000 pid=4116 execve guuid=266f6e9b-1700-0000-07ec-9fc120110000 pid=4384 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=266f6e9b-1700-0000-07ec-9fc120110000 pid=4384 execve guuid=ac82df9b-1700-0000-07ec-9fc122110000 pid=4386 /home/sandbox/main_x86_64 delete-file net guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=ac82df9b-1700-0000-07ec-9fc122110000 pid=4386 execve guuid=4ae5149c-1700-0000-07ec-9fc124110000 pid=4388 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=4ae5149c-1700-0000-07ec-9fc124110000 pid=4388 execve guuid=64273ccc-1700-0000-07ec-9fc1f6110000 pid=4598 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=64273ccc-1700-0000-07ec-9fc1f6110000 pid=4598 execve guuid=fd4574cc-1700-0000-07ec-9fc1f7110000 pid=4599 /usr/bin/dash guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=fd4574cc-1700-0000-07ec-9fc1f7110000 pid=4599 clone guuid=b705edcc-1700-0000-07ec-9fc1fc110000 pid=4604 /usr/bin/wget net send-data write-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=b705edcc-1700-0000-07ec-9fc1fc110000 pid=4604 execve guuid=0fb69df2-1700-0000-07ec-9fc1a9120000 pid=4777 /usr/bin/chmod guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=0fb69df2-1700-0000-07ec-9fc1a9120000 pid=4777 execve guuid=0b80d4f2-1700-0000-07ec-9fc1ab120000 pid=4779 /home/sandbox/main_x86 delete-file net guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=0b80d4f2-1700-0000-07ec-9fc1ab120000 pid=4779 execve guuid=808e0df3-1700-0000-07ec-9fc1ae120000 pid=4782 /usr/bin/rm delete-file guuid=c9e34f5d-1500-0000-07ec-9fc1b40b0000 pid=2996->guuid=808e0df3-1700-0000-07ec-9fc1ae120000 pid=4782 execve dafb67d5-df68-55a8-a871-37e37b4e86bd 190.123.46.72:80 guuid=18a08f5d-1500-0000-07ec-9fc1b60b0000 pid=2998->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=9d5d9c8e-1500-0000-07ec-9fc1260c0000 pid=3110->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=adc6ddbe-1500-0000-07ec-9fc1640c0000 pid=3172->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=de468fee-1500-0000-07ec-9fc1a20c0000 pid=3234->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=aaf92422-1600-0000-07ec-9fc1060d0000 pid=3334->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 141B guuid=f4f28152-1600-0000-07ec-9fc1690d0000 pid=3433->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=ab102883-1600-0000-07ec-9fc1d90d0000 pid=3545->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=d4338fb5-1600-0000-07ec-9fc1670e0000 pid=3687->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 142B guuid=530dd73e-1700-0000-07ec-9fc114100000 pid=4116->dafb67d5-df68-55a8-a871-37e37b4e86bd send: 144B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=ac82df9b-1700-0000-07ec-9fc122110000 pid=4386->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=16b2069c-1700-0000-07ec-9fc123110000 pid=4387 /home/sandbox/main_x86_64 dns net send-data zombie guuid=ac82df9b-1700-0000-07ec-9fc122110000 pid=4386->guuid=16b2069c-1700-0000-07ec-9fc123110000 pid=4387 clone guuid=16b2069c-1700-0000-07ec-9fc123110000 pid=4387->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 33B b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 chmod0777kk.com:1995 guuid=16b2069c-1700-0000-07ec-9fc123110000 pid=4387->b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 send: 11B guuid=8319229c-1700-0000-07ec-9fc125110000 pid=4389 /home/sandbox/main_x86_64 guuid=16b2069c-1700-0000-07ec-9fc123110000 pid=4387->guuid=8319229c-1700-0000-07ec-9fc125110000 pid=4389 clone 3f1e71b3-a182-5ac2-81e8-a43db939d069 chmod0777kk.com:80 guuid=4ae5149c-1700-0000-07ec-9fc124110000 pid=4388->3f1e71b3-a182-5ac2-81e8-a43db939d069 send: 141B guuid=b705edcc-1700-0000-07ec-9fc1fc110000 pid=4604->3f1e71b3-a182-5ac2-81e8-a43db939d069 send: 141B guuid=0b80d4f2-1700-0000-07ec-9fc1ab120000 pid=4779->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0eb604f3-1700-0000-07ec-9fc1ac120000 pid=4780 /home/sandbox/main_x86 dns net send-data zombie guuid=0b80d4f2-1700-0000-07ec-9fc1ab120000 pid=4779->guuid=0eb604f3-1700-0000-07ec-9fc1ac120000 pid=4780 clone guuid=0eb604f3-1700-0000-07ec-9fc1ac120000 pid=4780->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 33B guuid=0eb604f3-1700-0000-07ec-9fc1ac120000 pid=4780->b5fc0f9c-0bf2-54e3-b5e0-f32b946dd7e8 send: 11B guuid=5aea14f3-1700-0000-07ec-9fc1af120000 pid=4783 /home/sandbox/main_x86 guuid=0eb604f3-1700-0000-07ec-9fc1ac120000 pid=4780->guuid=5aea14f3-1700-0000-07ec-9fc1af120000 pid=4783 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-25 16:02:16 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2xoo7gpjpmv4upy62nwglpwh3oeo6sa5v5swfpe4fldmtwcnlaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251225-v8z9ksdj7y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 3eaee77ccf4bd95e51f8f69b632df63edc477a40ed7b2b15e4e156364ec26ac0

(this sample)

Mirai

elf 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

  
URLhaus
https://urlhaus.abuse.ch/url/3743194/
  
Delivery method
Distributed via web download
  
Dropping
MD5 994af88b29ff2e3d59e6f45a01cd710b
  
Dropping
SHA256 0b423d1b9e7a9e6719bf77dfa5363998d04f9edad2ee8e2de911c7ae995a391a

Comments