MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737
SHA3-384 hash: afac0ee6e1e79d66df171743fe93642dc6218da37fe41f5c0f0b475114ed62b0661258a56694787d064ec0c878df06d1
SHA1 hash: 1a4775093ea7ee596d3f36da5e062653486b5125
MD5 hash: cab1c1b457bb930fffe9cdf27e5fca81
humanhash: skylark-angel-india-iowa
File name:wget1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'078 bytes
First seen:2025-07-02 04:29:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:7UyUKtMUSNI7sUqKJUSiUuU0FnU4t6U/nU4OU4kvnSoSUeozUIt7ogUIQ+oVU6KY:ntNoJnn/t5QdR
TLSH T19C118AAD243269A64D2A5F57F4134668702FD5CDE5718F1C294F98BACDD77003920B49
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget
http://185.208.158.140/x86_327cc20c4f63b03aa33b99d2ad360b8b4697616676e3df8e6be4a8f49eb425e345 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
11
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6864b5a1900df8e7f8654e48linux22vpnfull_triage
Tags:
agent miner overt spam
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7f7ca6ef-2630-46f1-8669-d3c26415b7b4
Behavior Graph:
Download SVG
%3 guuid=f2aea250-1e00-0000-0847-32e54c0b0000 pid=2892 /usr/bin/sudo guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905 /tmp/sample.bin guuid=f2aea250-1e00-0000-0847-32e54c0b0000 pid=2892->guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905 execve guuid=bb745856-1e00-0000-0847-32e55b0b0000 pid=2907 /usr/bin/rm guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=bb745856-1e00-0000-0847-32e55b0b0000 pid=2907 execve guuid=d79f0957-1e00-0000-0847-32e55d0b0000 pid=2909 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d79f0957-1e00-0000-0847-32e55d0b0000 pid=2909 execve guuid=62425c60-1e00-0000-0847-32e56d0b0000 pid=2925 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=62425c60-1e00-0000-0847-32e56d0b0000 pid=2925 execve guuid=ecffa360-1e00-0000-0847-32e56f0b0000 pid=2927 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=ecffa360-1e00-0000-0847-32e56f0b0000 pid=2927 clone guuid=89683561-1e00-0000-0847-32e5720b0000 pid=2930 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=89683561-1e00-0000-0847-32e5720b0000 pid=2930 execve guuid=56381e68-1e00-0000-0847-32e5830b0000 pid=2947 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=56381e68-1e00-0000-0847-32e5830b0000 pid=2947 execve guuid=c2a96168-1e00-0000-0847-32e5840b0000 pid=2948 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=c2a96168-1e00-0000-0847-32e5840b0000 pid=2948 clone guuid=0fd82269-1e00-0000-0847-32e5890b0000 pid=2953 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=0fd82269-1e00-0000-0847-32e5890b0000 pid=2953 execve guuid=c6b6ed6f-1e00-0000-0847-32e59b0b0000 pid=2971 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=c6b6ed6f-1e00-0000-0847-32e59b0b0000 pid=2971 execve guuid=b82c4370-1e00-0000-0847-32e59d0b0000 pid=2973 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=b82c4370-1e00-0000-0847-32e59d0b0000 pid=2973 clone guuid=cdc4cd70-1e00-0000-0847-32e59f0b0000 pid=2975 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=cdc4cd70-1e00-0000-0847-32e59f0b0000 pid=2975 execve guuid=d53cd677-1e00-0000-0847-32e5b10b0000 pid=2993 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d53cd677-1e00-0000-0847-32e5b10b0000 pid=2993 execve guuid=d25d3878-1e00-0000-0847-32e5b30b0000 pid=2995 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d25d3878-1e00-0000-0847-32e5b30b0000 pid=2995 clone guuid=44360079-1e00-0000-0847-32e5b70b0000 pid=2999 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=44360079-1e00-0000-0847-32e5b70b0000 pid=2999 execve guuid=d60f0f80-1e00-0000-0847-32e5c60b0000 pid=3014 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d60f0f80-1e00-0000-0847-32e5c60b0000 pid=3014 execve guuid=53365b80-1e00-0000-0847-32e5c80b0000 pid=3016 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=53365b80-1e00-0000-0847-32e5c80b0000 pid=3016 clone guuid=d429e880-1e00-0000-0847-32e5ca0b0000 pid=3018 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d429e880-1e00-0000-0847-32e5ca0b0000 pid=3018 execve guuid=d8f4da87-1e00-0000-0847-32e5dc0b0000 pid=3036 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d8f4da87-1e00-0000-0847-32e5dc0b0000 pid=3036 execve guuid=cb972488-1e00-0000-0847-32e5de0b0000 pid=3038 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=cb972488-1e00-0000-0847-32e5de0b0000 pid=3038 clone guuid=c6e0bd88-1e00-0000-0847-32e5e20b0000 pid=3042 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=c6e0bd88-1e00-0000-0847-32e5e20b0000 pid=3042 execve guuid=a3639e8f-1e00-0000-0847-32e5f60b0000 pid=3062 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=a3639e8f-1e00-0000-0847-32e5f60b0000 pid=3062 execve guuid=e2980290-1e00-0000-0847-32e5f80b0000 pid=3064 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=e2980290-1e00-0000-0847-32e5f80b0000 pid=3064 clone guuid=f373c690-1e00-0000-0847-32e5fc0b0000 pid=3068 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=f373c690-1e00-0000-0847-32e5fc0b0000 pid=3068 execve guuid=d50a6d97-1e00-0000-0847-32e50e0c0000 pid=3086 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d50a6d97-1e00-0000-0847-32e50e0c0000 pid=3086 execve guuid=3a47af97-1e00-0000-0847-32e50f0c0000 pid=3087 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=3a47af97-1e00-0000-0847-32e50f0c0000 pid=3087 clone guuid=2e844d98-1e00-0000-0847-32e5130c0000 pid=3091 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=2e844d98-1e00-0000-0847-32e5130c0000 pid=3091 execve guuid=929a039f-1e00-0000-0847-32e5280c0000 pid=3112 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=929a039f-1e00-0000-0847-32e5280c0000 pid=3112 execve guuid=fa44569f-1e00-0000-0847-32e5290c0000 pid=3113 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=fa44569f-1e00-0000-0847-32e5290c0000 pid=3113 clone guuid=963510a0-1e00-0000-0847-32e52c0c0000 pid=3116 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=963510a0-1e00-0000-0847-32e52c0c0000 pid=3116 execve guuid=67579ea7-1e00-0000-0847-32e5420c0000 pid=3138 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=67579ea7-1e00-0000-0847-32e5420c0000 pid=3138 execve guuid=7d31dba7-1e00-0000-0847-32e5430c0000 pid=3139 /home/sandbox/x86_64 net guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=7d31dba7-1e00-0000-0847-32e5430c0000 pid=3139 execve guuid=8d22f9a7-1e00-0000-0847-32e5470c0000 pid=3143 /usr/bin/wget net send-data write-file guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=8d22f9a7-1e00-0000-0847-32e5470c0000 pid=3143 execve guuid=ae0449b6-1e00-0000-0847-32e5560c0000 pid=3158 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=ae0449b6-1e00-0000-0847-32e5560c0000 pid=3158 execve guuid=0bb3a0b6-1e00-0000-0847-32e5580c0000 pid=3160 /home/sandbox/x86_32 net guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=0bb3a0b6-1e00-0000-0847-32e5580c0000 pid=3160 execve guuid=a53307eb-1f00-0000-0847-32e59d0e0000 pid=3741 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=a53307eb-1f00-0000-0847-32e59d0e0000 pid=3741 execve guuid=625c55eb-1f00-0000-0847-32e5a10e0000 pid=3745 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=625c55eb-1f00-0000-0847-32e5a10e0000 pid=3745 clone guuid=d7def6ec-1f00-0000-0847-32e5a50e0000 pid=3749 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=d7def6ec-1f00-0000-0847-32e5a50e0000 pid=3749 execve guuid=02cb8ced-1f00-0000-0847-32e5a90e0000 pid=3753 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=02cb8ced-1f00-0000-0847-32e5a90e0000 pid=3753 clone guuid=859038ee-1f00-0000-0847-32e5ac0e0000 pid=3756 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=859038ee-1f00-0000-0847-32e5ac0e0000 pid=3756 execve guuid=8dce71ee-1f00-0000-0847-32e5ad0e0000 pid=3757 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=8dce71ee-1f00-0000-0847-32e5ad0e0000 pid=3757 clone guuid=5f1bf8ee-1f00-0000-0847-32e5b10e0000 pid=3761 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=5f1bf8ee-1f00-0000-0847-32e5b10e0000 pid=3761 execve guuid=bea940ef-1f00-0000-0847-32e5b30e0000 pid=3763 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=bea940ef-1f00-0000-0847-32e5b30e0000 pid=3763 clone guuid=c35cc5ef-1f00-0000-0847-32e5b50e0000 pid=3765 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=c35cc5ef-1f00-0000-0847-32e5b50e0000 pid=3765 execve guuid=ff4efeef-1f00-0000-0847-32e5b60e0000 pid=3766 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=ff4efeef-1f00-0000-0847-32e5b60e0000 pid=3766 clone guuid=7fa386f0-1f00-0000-0847-32e5b80e0000 pid=3768 /usr/bin/chmod guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=7fa386f0-1f00-0000-0847-32e5b80e0000 pid=3768 execve guuid=7dc6c0f0-1f00-0000-0847-32e5b90e0000 pid=3769 /usr/bin/dash guuid=c0ebe055-1e00-0000-0847-32e5590b0000 pid=2905->guuid=7dc6c0f0-1f00-0000-0847-32e5b90e0000 pid=3769 clone d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=d79f0957-1e00-0000-0847-32e55d0b0000 pid=2909->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=89683561-1e00-0000-0847-32e5720b0000 pid=2930->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=0fd82269-1e00-0000-0847-32e5890b0000 pid=2953->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=cdc4cd70-1e00-0000-0847-32e59f0b0000 pid=2975->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=44360079-1e00-0000-0847-32e5b70b0000 pid=2999->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=d429e880-1e00-0000-0847-32e5ca0b0000 pid=3018->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=c6e0bd88-1e00-0000-0847-32e5e20b0000 pid=3042->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=f373c690-1e00-0000-0847-32e5fc0b0000 pid=3068->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=2e844d98-1e00-0000-0847-32e5130c0000 pid=3091->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=963510a0-1e00-0000-0847-32e52c0c0000 pid=3116->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=7d31dba7-1e00-0000-0847-32e5430c0000 pid=3139->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140 /home/sandbox/x86_64 dns net send-data zombie guuid=7d31dba7-1e00-0000-0847-32e5430c0000 pid=3139->guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140 clone guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140->41eddc72-81b4-5704-b6ae-07075042401d con guuid=e60bf8a7-1e00-0000-0847-32e5460c0000 pid=3142 /home/sandbox/x86_64 guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140->guuid=e60bf8a7-1e00-0000-0847-32e5460c0000 pid=3142 clone guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144 /home/sandbox/x86_64 net net-scan send-data guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140->guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144 clone guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145 /home/sandbox/x86_64 net net-scan send-data guuid=0057efa7-1e00-0000-0847-32e5440c0000 pid=3140->guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145 clone guuid=8d22f9a7-1e00-0000-0847-32e5470c0000 pid=3143->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144|send-data send-data to 256 IP addresses review logs to see them all guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144->guuid=b1ecfba7-1e00-0000-0847-32e5480c0000 pid=3144|send-data send guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145|send-data send-data to 512 IP addresses review logs to see them all guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145->guuid=1fb000a8-1e00-0000-0847-32e5490c0000 pid=3145|send-data send guuid=0bb3a0b6-1e00-0000-0847-32e5580c0000 pid=3160->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 43a95818-0aa8-581a-825a-e5448b5aba94 0.0.0.0:34783 guuid=0bb3a0b6-1e00-0000-0847-32e5580c0000 pid=3160->43a95818-0aa8-581a-825a-e5448b5aba94 con guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740 /home/sandbox/x86_32 dns net send-data zombie guuid=0bb3a0b6-1e00-0000-0847-32e5580c0000 pid=3160->guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740 clone guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740->41eddc72-81b4-5704-b6ae-07075042401d send: 10B guuid=bfff1feb-1f00-0000-0847-32e59e0e0000 pid=3742 /home/sandbox/x86_32 guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740->guuid=bfff1feb-1f00-0000-0847-32e59e0e0000 pid=3742 clone guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743 /home/sandbox/x86_32 net net-scan send-data guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740->guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743 clone guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744 /home/sandbox/x86_32 net net-scan send-data guuid=5479fcea-1f00-0000-0847-32e59c0e0000 pid=3740->guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744 clone guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743|send-data send-data to 4097 IP addresses review logs to see them all guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743->guuid=dacb28eb-1f00-0000-0847-32e59f0e0000 pid=3743|send-data send guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744|send-data send-data to 4097 IP addresses review logs to see them all guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744->guuid=48bf32eb-1f00-0000-0847-32e5a00e0000 pid=3744|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-02 04:30:30 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iy4gfog2nooegmsogpbj43oiwnnkws4ylbsfel73blipfy3ga43q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250702-e4d8jssn19/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 463862b8da6b9c43324e33c29e6dc8b35aab4b985864522ffb0ad0f2e3660737

(this sample)

Mirai

elf 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

  
URLhaus
https://urlhaus.abuse.ch/url/3570298/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d835a1fc048ab94138f0c59cfce85682
  
Dropping
SHA256 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

Comments