MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc
SHA3-384 hash: 3f26975522750c6c4fcbbd83ea07528c3d28bca2b5f39b160a801d198ba7f1831289eb1d32658b785de6ecebf71145fe
SHA1 hash: 1e027d1ab65f513008aa81431773a2b084a520b7
MD5 hash: f82ed7df05f264814a642a2c620ccfee
humanhash: cup-washington-crazy-table
File name:g
Download: download sample
Signature Mirai
Create hunting rule
File size:1'111 bytes
First seen:2025-08-17 12:12:04 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:STqgKTa53mTubWFwkSSp7UB+ADwE3FRnF2dvR:S/KTu3Aw29SGMRwcdUR
TLSH T1A02162A813132C2F571BBD6E3676EBC87253CBA098A81769D4C76635CACCE157032B1D
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://207.167.64.12/bins/flow.x860208a5de2be5d261010cc8d475702926b6441c0704cfef91c9d6fff0e9f831e6 Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.spcdceb73de437137e751a85f1fc6f6549071e886d60e1eeaa0c60fc44d37a632ff Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.sh4407585d915dfd478d210997600903649c80eafdb0ff89e6427c3232eb985eaba Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.ppc2f4baaa5ed764952485b2d4e510470a0982bbe2b4673c095ad3daea2eb8f631d Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.mpsl0527fbf5694db013c808451fd46d95e8db18f892d205323a2ef77a7fa9664a2f Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.mipsabd7cb42168dcd234a920c326f8988f9a9058c5cff548509f8be4d29b669ba76 Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.m68kffa75d143387e91c79ff318dc116391d35698ace5b41bdbf5de810cbb99ab923 Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.arm726e3c095af347e794e9faa0ad67c4aeddae75b2d9109b3e70435b4e91d131875 Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.arm67457bc7f31345875644d55a9284816fd6e4c5e0ea5368b7fbba61da9dc46bc51 Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.arm55e4030d0afcda52db7f8f9523a1dcef9fc340900e3a009571ed6e2a121797e8d Miraicensys elf mirai ua-wget
http://207.167.64.12/bins/flow.armf6be0134987bbfb7c727939b5312383f863d9af11739acb3d3cb594bb733c48a Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/77e8a350-939f-4167-aaa1-5694fd6a978e
Behavior Graph:
Download SVG
%3 guuid=9cab63ed-1a00-0000-ac65-9b2d4a090000 pid=2378 /usr/bin/sudo guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385 /tmp/sample.bin guuid=9cab63ed-1a00-0000-ac65-9b2d4a090000 pid=2378->guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385 execve guuid=a56d66ef-1a00-0000-ac65-9b2d53090000 pid=2387 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=a56d66ef-1a00-0000-ac65-9b2d53090000 pid=2387 execve guuid=c74d5e0f-1b00-0000-ac65-9b2d5f090000 pid=2399 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=c74d5e0f-1b00-0000-ac65-9b2d5f090000 pid=2399 execve guuid=f7397a10-1b00-0000-ac65-9b2d60090000 pid=2400 /tmp/flow.x86 net guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=f7397a10-1b00-0000-ac65-9b2d60090000 pid=2400 execve guuid=2019d110-1b00-0000-ac65-9b2d62090000 pid=2402 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=2019d110-1b00-0000-ac65-9b2d62090000 pid=2402 execve guuid=48817b26-1b00-0000-ac65-9b2d79090000 pid=2425 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=48817b26-1b00-0000-ac65-9b2d79090000 pid=2425 execve guuid=8a7e1827-1b00-0000-ac65-9b2d7b090000 pid=2427 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=8a7e1827-1b00-0000-ac65-9b2d7b090000 pid=2427 clone guuid=1d62da28-1b00-0000-ac65-9b2d80090000 pid=2432 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=1d62da28-1b00-0000-ac65-9b2d80090000 pid=2432 execve guuid=6b9a5c3e-1b00-0000-ac65-9b2da3090000 pid=2467 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=6b9a5c3e-1b00-0000-ac65-9b2da3090000 pid=2467 execve guuid=123c973e-1b00-0000-ac65-9b2da5090000 pid=2469 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=123c973e-1b00-0000-ac65-9b2da5090000 pid=2469 clone guuid=08100e3f-1b00-0000-ac65-9b2da8090000 pid=2472 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=08100e3f-1b00-0000-ac65-9b2da8090000 pid=2472 execve guuid=558b5854-1b00-0000-ac65-9b2dcb090000 pid=2507 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=558b5854-1b00-0000-ac65-9b2dcb090000 pid=2507 execve guuid=470bb254-1b00-0000-ac65-9b2dcc090000 pid=2508 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=470bb254-1b00-0000-ac65-9b2dcc090000 pid=2508 clone guuid=e8346d55-1b00-0000-ac65-9b2dce090000 pid=2510 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=e8346d55-1b00-0000-ac65-9b2dce090000 pid=2510 execve guuid=0e663671-1b00-0000-ac65-9b2d0a0a0000 pid=2570 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=0e663671-1b00-0000-ac65-9b2d0a0a0000 pid=2570 execve guuid=65e1a471-1b00-0000-ac65-9b2d0b0a0000 pid=2571 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=65e1a471-1b00-0000-ac65-9b2d0b0a0000 pid=2571 clone guuid=7cb56772-1b00-0000-ac65-9b2d0f0a0000 pid=2575 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=7cb56772-1b00-0000-ac65-9b2d0f0a0000 pid=2575 execve guuid=381e4f8e-1b00-0000-ac65-9b2d650a0000 pid=2661 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=381e4f8e-1b00-0000-ac65-9b2d650a0000 pid=2661 execve guuid=8e48a88e-1b00-0000-ac65-9b2d660a0000 pid=2662 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=8e48a88e-1b00-0000-ac65-9b2d660a0000 pid=2662 clone guuid=079d598f-1b00-0000-ac65-9b2d6a0a0000 pid=2666 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=079d598f-1b00-0000-ac65-9b2d6a0a0000 pid=2666 execve guuid=d2a6dda5-1b00-0000-ac65-9b2dac0a0000 pid=2732 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=d2a6dda5-1b00-0000-ac65-9b2dac0a0000 pid=2732 execve guuid=e0241ba6-1b00-0000-ac65-9b2dae0a0000 pid=2734 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=e0241ba6-1b00-0000-ac65-9b2dae0a0000 pid=2734 clone guuid=7e2e9ea6-1b00-0000-ac65-9b2db20a0000 pid=2738 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=7e2e9ea6-1b00-0000-ac65-9b2db20a0000 pid=2738 execve guuid=098ae2c8-1b00-0000-ac65-9b2df20a0000 pid=2802 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=098ae2c8-1b00-0000-ac65-9b2df20a0000 pid=2802 execve guuid=151b51c9-1b00-0000-ac65-9b2df30a0000 pid=2803 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=151b51c9-1b00-0000-ac65-9b2df30a0000 pid=2803 clone guuid=590bccc9-1b00-0000-ac65-9b2df60a0000 pid=2806 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=590bccc9-1b00-0000-ac65-9b2df60a0000 pid=2806 execve guuid=e70719e5-1b00-0000-ac65-9b2d230b0000 pid=2851 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=e70719e5-1b00-0000-ac65-9b2d230b0000 pid=2851 execve guuid=22cc60e5-1b00-0000-ac65-9b2d250b0000 pid=2853 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=22cc60e5-1b00-0000-ac65-9b2d250b0000 pid=2853 clone guuid=3a5b18e6-1b00-0000-ac65-9b2d280b0000 pid=2856 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=3a5b18e6-1b00-0000-ac65-9b2d280b0000 pid=2856 execve guuid=90f45dfb-1b00-0000-ac65-9b2d470b0000 pid=2887 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=90f45dfb-1b00-0000-ac65-9b2d470b0000 pid=2887 execve guuid=cfcba2fb-1b00-0000-ac65-9b2d490b0000 pid=2889 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=cfcba2fb-1b00-0000-ac65-9b2d490b0000 pid=2889 clone guuid=37df72fc-1b00-0000-ac65-9b2d4d0b0000 pid=2893 /usr/bin/wget net send-data write-file guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=37df72fc-1b00-0000-ac65-9b2d4d0b0000 pid=2893 execve guuid=1f917311-1c00-0000-ac65-9b2d8d0b0000 pid=2957 /usr/bin/chmod guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=1f917311-1c00-0000-ac65-9b2d8d0b0000 pid=2957 execve guuid=d88ac311-1c00-0000-ac65-9b2d8f0b0000 pid=2959 /usr/bin/dash guuid=7a2529ef-1a00-0000-ac65-9b2d51090000 pid=2385->guuid=d88ac311-1c00-0000-ac65-9b2d8f0b0000 pid=2959 clone 454a936c-4915-58d9-8a55-485e12ecf4b4 207.167.64.12:80 guuid=a56d66ef-1a00-0000-ac65-9b2d53090000 pid=2387->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f7397a10-1b00-0000-ac65-9b2d60090000 pid=2400->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ed8cbf10-1b00-0000-ac65-9b2d61090000 pid=2401 /tmp/flow.x86 net send-data zombie guuid=f7397a10-1b00-0000-ac65-9b2d60090000 pid=2400->guuid=ed8cbf10-1b00-0000-ac65-9b2d61090000 pid=2401 clone guuid=ed8cbf10-1b00-0000-ac65-9b2d61090000 pid=2401->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con ebab1921-fe21-5dcd-bf44-4ed667bc3fad 207.167.64.12:1194 guuid=ed8cbf10-1b00-0000-ac65-9b2d61090000 pid=2401->ebab1921-fe21-5dcd-bf44-4ed667bc3fad send: 15B guuid=2019d110-1b00-0000-ac65-9b2d62090000 pid=2402->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 141B guuid=1d62da28-1b00-0000-ac65-9b2d80090000 pid=2432->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 141B guuid=08100e3f-1b00-0000-ac65-9b2da8090000 pid=2472->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 141B guuid=e8346d55-1b00-0000-ac65-9b2dce090000 pid=2510->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=7cb56772-1b00-0000-ac65-9b2d0f0a0000 pid=2575->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=079d598f-1b00-0000-ac65-9b2d6a0a0000 pid=2666->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=7e2e9ea6-1b00-0000-ac65-9b2db20a0000 pid=2738->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=590bccc9-1b00-0000-ac65-9b2df60a0000 pid=2806->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=3a5b18e6-1b00-0000-ac65-9b2d280b0000 pid=2856->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 142B guuid=37df72fc-1b00-0000-ac65-9b2d4d0b0000 pid=2893->454a936c-4915-58d9-8a55-485e12ecf4b4 send: 141B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-17 07:05:20 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=itz3ahbp3kfuwfl5eafdflnpqm7i6pbwunms2qoygfe5g44p5o6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250817-px5f9svzhv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 44f3b01c2fda8b4b157d200a32adaf833e8f3c36a3592d41d83149d3738febbc

(this sample)

Mirai

elf 0208a5de2be5d261010cc8d475702926b6441c0704cfef91c9d6fff0e9f831e6

  
URLhaus
https://urlhaus.abuse.ch/url/3603940/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1439c9a81930c4c8185f04292abbe0d7
  
Dropping
SHA256 0208a5de2be5d261010cc8d475702926b6441c0704cfef91c9d6fff0e9f831e6

Comments