MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db
SHA3-384 hash: b90da9eee51d3a98c461ee887fee2e9fed7acf0cd2b5f7329074e786da0c338711410a242c901907b56b4793d34d8687
SHA1 hash: 16d19766ba50e3d5e1ddbad7ae8666812b2f6077
MD5 hash: 8cc9bcf3a3f205d80e3e05ce5690017d
humanhash: mango-two-nine-oscar
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'152 bytes
First seen:2025-10-10 18:20:24 UTC
Last seen:2025-10-11 08:07:05 UTC
File type: sh
MIME type:text/plain
ssdeep 24:qwrw2w6NIvwPKXwc50F9wgwkAwKwMZwMiwEOwdxn:/850BCJUx
TLSH T1DC2138D92290622450086B30349B493A8DDFF7C6602266F8547ED8B7A2CFD90FB25F3D
Magika csv
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.144.20.51/UnHAnaAW.armcadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm52cc1630fc7c1f37a336e74fbbf81294467d1eb49c1121a459a7f8436be2e1a60 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm6a98d31417dd74c71c34e84e28f7269bc7b882622fbdf0183bfa48520b98a1f52 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm764cecc3ddcde57c504d5d4f50c68ec2f8dc9182ffbbd84542fcd4cfbd116942c Miraielf mirai
http://89.144.20.51/UnHAnaAW.m68ke106dce94681de33490acbf2a9348a7eabd1b01978bf66862bb55975229b1e2e Miraielf mirai
http://89.144.20.51/UnHAnaAW.mipsca619232e424f47aa37e9681930de71499648516dd842054ca84f29e03f470f6 Miraielf mirai
http://89.144.20.51/UnHAnaAW.mpsl9a6f1800f6b8114b95c7c58a892651c79ea9cd2563d4df721dc87e00b464ebbe Miraielf mirai
http://89.144.20.51/UnHAnaAW.ppc8986d574f66c38aa730786281cd37fa332b6bc7834eaed64f060a386f79cb5c0 Miraielf mirai
http://89.144.20.51/UnHAnaAW.sh4b99efc2f0d9968e8b8d246af1f7e68a8a8bc2bf31db01259d4c29f955642736a Miraielf mirai
http://89.144.20.51/UnHAnaAW.spc8122b636fe0eca6db90e4ae02ca55ee5b391c8cc1472f2445ec25833fddcdef4 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x861c8dab7f3654222eb46bf54de4854895d2e7f8faaca9e4362f7a9ac3e9afea88 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x86_64n/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/68e94e9471883144ef30d401/reports/5b303bd1-5025-42fb-8dde-5e7f53c79b5d/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-24T16:04:00Z UTC
Last seen:
2025-09-24T20:16:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/be690023-c4b1-4dee-90f3-d55c8ae2580d
Behavior Graph:
Download SVG
%3 guuid=9f12a6f5-1800-0000-4629-e822fe0a0000 pid=2814 /usr/bin/sudo guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819 /tmp/sample.bin guuid=9f12a6f5-1800-0000-4629-e822fe0a0000 pid=2814->guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819 execve guuid=8f886ef8-1800-0000-4629-e822040b0000 pid=2820 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=8f886ef8-1800-0000-4629-e822040b0000 pid=2820 execve guuid=b1806305-1900-0000-4629-e8221e0b0000 pid=2846 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=b1806305-1900-0000-4629-e8221e0b0000 pid=2846 execve guuid=18509e05-1900-0000-4629-e822200b0000 pid=2848 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=18509e05-1900-0000-4629-e822200b0000 pid=2848 clone guuid=98042807-1900-0000-4629-e822250b0000 pid=2853 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=98042807-1900-0000-4629-e822250b0000 pid=2853 execve guuid=4be06013-1900-0000-4629-e822450b0000 pid=2885 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=4be06013-1900-0000-4629-e822450b0000 pid=2885 execve guuid=4af9c013-1900-0000-4629-e822470b0000 pid=2887 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=4af9c013-1900-0000-4629-e822470b0000 pid=2887 clone guuid=3ecb4314-1900-0000-4629-e8224a0b0000 pid=2890 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=3ecb4314-1900-0000-4629-e8224a0b0000 pid=2890 execve guuid=9156cf22-1900-0000-4629-e8226f0b0000 pid=2927 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=9156cf22-1900-0000-4629-e8226f0b0000 pid=2927 execve guuid=41861423-1900-0000-4629-e822700b0000 pid=2928 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=41861423-1900-0000-4629-e822700b0000 pid=2928 clone guuid=25024424-1900-0000-4629-e822720b0000 pid=2930 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=25024424-1900-0000-4629-e822720b0000 pid=2930 execve guuid=5a7c6f33-1900-0000-4629-e822890b0000 pid=2953 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=5a7c6f33-1900-0000-4629-e822890b0000 pid=2953 execve guuid=2c04ef33-1900-0000-4629-e8228a0b0000 pid=2954 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=2c04ef33-1900-0000-4629-e8228a0b0000 pid=2954 clone guuid=f1f78c35-1900-0000-4629-e8228e0b0000 pid=2958 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=f1f78c35-1900-0000-4629-e8228e0b0000 pid=2958 execve guuid=8534e041-1900-0000-4629-e822aa0b0000 pid=2986 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=8534e041-1900-0000-4629-e822aa0b0000 pid=2986 execve guuid=96791d42-1900-0000-4629-e822ac0b0000 pid=2988 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=96791d42-1900-0000-4629-e822ac0b0000 pid=2988 clone guuid=9f92bc43-1900-0000-4629-e822b20b0000 pid=2994 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=9f92bc43-1900-0000-4629-e822b20b0000 pid=2994 execve guuid=9fb93553-1900-0000-4629-e822da0b0000 pid=3034 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=9fb93553-1900-0000-4629-e822da0b0000 pid=3034 execve guuid=fb1cac53-1900-0000-4629-e822dd0b0000 pid=3037 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=fb1cac53-1900-0000-4629-e822dd0b0000 pid=3037 clone guuid=0e6f3654-1900-0000-4629-e822df0b0000 pid=3039 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=0e6f3654-1900-0000-4629-e822df0b0000 pid=3039 execve guuid=e39edd63-1900-0000-4629-e822000c0000 pid=3072 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=e39edd63-1900-0000-4629-e822000c0000 pid=3072 execve guuid=072b1c64-1900-0000-4629-e822010c0000 pid=3073 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=072b1c64-1900-0000-4629-e822010c0000 pid=3073 clone guuid=3255e264-1900-0000-4629-e822050c0000 pid=3077 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=3255e264-1900-0000-4629-e822050c0000 pid=3077 execve guuid=176c0471-1900-0000-4629-e822210c0000 pid=3105 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=176c0471-1900-0000-4629-e822210c0000 pid=3105 execve guuid=75a57371-1900-0000-4629-e822230c0000 pid=3107 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=75a57371-1900-0000-4629-e822230c0000 pid=3107 clone guuid=cd1fc573-1900-0000-4629-e822270c0000 pid=3111 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=cd1fc573-1900-0000-4629-e822270c0000 pid=3111 execve guuid=d6db2981-1900-0000-4629-e822340c0000 pid=3124 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=d6db2981-1900-0000-4629-e822340c0000 pid=3124 execve guuid=2f1b8b81-1900-0000-4629-e822350c0000 pid=3125 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=2f1b8b81-1900-0000-4629-e822350c0000 pid=3125 clone guuid=73321f83-1900-0000-4629-e822370c0000 pid=3127 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=73321f83-1900-0000-4629-e822370c0000 pid=3127 execve guuid=34ccfa8f-1900-0000-4629-e8224d0c0000 pid=3149 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=34ccfa8f-1900-0000-4629-e8224d0c0000 pid=3149 execve guuid=61c35d90-1900-0000-4629-e8224f0c0000 pid=3151 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=61c35d90-1900-0000-4629-e8224f0c0000 pid=3151 clone guuid=ec3a3c91-1900-0000-4629-e822530c0000 pid=3155 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=ec3a3c91-1900-0000-4629-e822530c0000 pid=3155 execve guuid=8d71ff9d-1900-0000-4629-e822730c0000 pid=3187 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=8d71ff9d-1900-0000-4629-e822730c0000 pid=3187 execve guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189 /home/sandbox/UnHAnaAW.x86 net guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189 execve guuid=af02669e-1900-0000-4629-e8227a0c0000 pid=3194 /usr/bin/busybox net send-data write-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=af02669e-1900-0000-4629-e8227a0c0000 pid=3194 execve guuid=b2b6f4b4-1900-0000-4629-e8228f0c0000 pid=3215 /usr/bin/chmod guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=b2b6f4b4-1900-0000-4629-e8228f0c0000 pid=3215 execve guuid=20a96fb5-1900-0000-4629-e822900c0000 pid=3216 /usr/bin/dash guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=20a96fb5-1900-0000-4629-e822900c0000 pid=3216 clone guuid=a3d283b5-1900-0000-4629-e822910c0000 pid=3217 /usr/bin/rm delete-file guuid=923123f8-1800-0000-4629-e822030b0000 pid=2819->guuid=a3d283b5-1900-0000-4629-e822910c0000 pid=3217 execve c52c8c68-d8b7-50e7-8387-bf4eaaab6eab 89.144.20.51:80 guuid=8f886ef8-1800-0000-4629-e822040b0000 pid=2820->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 87B guuid=98042807-1900-0000-4629-e822250b0000 pid=2853->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=3ecb4314-1900-0000-4629-e8224a0b0000 pid=2890->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=25024424-1900-0000-4629-e822720b0000 pid=2930->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=f1f78c35-1900-0000-4629-e8228e0b0000 pid=2958->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=9f92bc43-1900-0000-4629-e822b20b0000 pid=2994->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=0e6f3654-1900-0000-4629-e822df0b0000 pid=3039->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 88B guuid=3255e264-1900-0000-4629-e822050c0000 pid=3077->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 87B guuid=cd1fc573-1900-0000-4629-e822270c0000 pid=3111->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 87B guuid=73321f83-1900-0000-4629-e822370c0000 pid=3127->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 87B guuid=ec3a3c91-1900-0000-4629-e822530c0000 pid=3155->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=40595b9e-1900-0000-4629-e822770c0000 pid=3191 /home/sandbox/UnHAnaAW.x86 guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189->guuid=40595b9e-1900-0000-4629-e822770c0000 pid=3191 clone guuid=ebb45e9e-1900-0000-4629-e822780c0000 pid=3192 /home/sandbox/UnHAnaAW.x86 guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189->guuid=ebb45e9e-1900-0000-4629-e822780c0000 pid=3192 clone guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=9e1a369e-1900-0000-4629-e822750c0000 pid=3189->guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193 clone guuid=45184c69-1f00-0000-4629-e822b9140000 pid=5305 /home/sandbox/UnHAnaAW.x86 guuid=40595b9e-1900-0000-4629-e822770c0000 pid=3191->guuid=45184c69-1f00-0000-4629-e822b9140000 pid=5305 clone guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306 /home/sandbox/UnHAnaAW.x86 net zombie guuid=40595b9e-1900-0000-4629-e822770c0000 pid=3191->guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306 clone guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1cf72457-578c-5abd-9392-ac1c39cddaa1 89.144.20.51:1024 guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->1cf72457-578c-5abd-9392-ac1c39cddaa1 send: 16B guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195 clone guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196 clone guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197 clone guuid=16a6819e-1900-0000-4629-e8227e0c0000 pid=3198 /home/sandbox/UnHAnaAW.x86 net guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=16a6819e-1900-0000-4629-e8227e0c0000 pid=3198 clone guuid=0743869e-1900-0000-4629-e8227f0c0000 pid=3199 /home/sandbox/UnHAnaAW.x86 guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=0743869e-1900-0000-4629-e8227f0c0000 pid=3199 clone guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=8908629e-1900-0000-4629-e822790c0000 pid=3193->guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200 clone guuid=af02669e-1900-0000-4629-e8227a0c0000 pid=3194->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 90B guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195|send-data send-data to 4097 IP addresses review logs to see them all guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195->guuid=5f5e709e-1900-0000-4629-e8227b0c0000 pid=3195|send-data send guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con fb3379cc-1408-59c6-b444-9a004aa2d1c4 95.166.120.166:80 guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196->fb3379cc-1408-59c6-b444-9a004aa2d1c4 send: 40B guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196|send-data send-data to 4097 IP addresses review logs to see them all guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196->guuid=3b7f759e-1900-0000-4629-e8227c0c0000 pid=3196|send-data send guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con fbcb3210-d8d4-5a87-a511-bb7031737902 62.169.22.142:8080 guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197->fbcb3210-d8d4-5a87-a511-bb7031737902 send: 40B 0b030937-9093-5cd5-9b6d-474260458861 94.121.40.251:8080 guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197->0b030937-9093-5cd5-9b6d-474260458861 send: 40B 9217fc15-7bad-5d73-9c34-1c2150a629d1 95.165.153.244:8080 guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197->9217fc15-7bad-5d73-9c34-1c2150a629d1 send: 40B guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197|send-data send-data to 4097 IP addresses review logs to see them all guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197->guuid=4749799e-1900-0000-4629-e8227d0c0000 pid=3197|send-data send guuid=16a6819e-1900-0000-4629-e8227e0c0000 pid=3198->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=8c4f7946-1f00-0000-4629-e822b3140000 pid=5299 /home/sandbox/UnHAnaAW.x86 guuid=16a6819e-1900-0000-4629-e8227e0c0000 pid=3198->guuid=8c4f7946-1f00-0000-4629-e822b3140000 pid=5299 clone guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=16a6819e-1900-0000-4629-e8227e0c0000 pid=3198->guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300 clone guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200|send-data send-data to 4097 IP addresses review logs to see them all guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200->guuid=c2778c9e-1900-0000-4629-e822800c0000 pid=3200|send-data send guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300|send-data send-data to 4097 IP addresses review logs to see them all guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300->guuid=97238246-1f00-0000-4629-e822b4140000 pid=5300|send-data send guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307 clone guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308 clone guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309 clone guuid=55867169-1f00-0000-4629-e822be140000 pid=5310 /home/sandbox/UnHAnaAW.x86 net guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=55867169-1f00-0000-4629-e822be140000 pid=5310 clone guuid=6d097969-1f00-0000-4629-e822bf140000 pid=5311 /home/sandbox/UnHAnaAW.x86 guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=6d097969-1f00-0000-4629-e822bf140000 pid=5311 clone guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=42255169-1f00-0000-4629-e822ba140000 pid=5306->guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312 clone guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307|send-data send-data to 4097 IP addresses review logs to see them all guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307->guuid=6fe46069-1f00-0000-4629-e822bb140000 pid=5307|send-data send guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308|send-data send-data to 4097 IP addresses review logs to see them all guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308->guuid=25eb6669-1f00-0000-4629-e822bc140000 pid=5308|send-data send guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309|send-data send-data to 4097 IP addresses review logs to see them all guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309->guuid=eca76a69-1f00-0000-4629-e822bd140000 pid=5309|send-data send guuid=55867169-1f00-0000-4629-e822be140000 pid=5310->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=750b0152-2400-0000-4629-e822d0140000 pid=5328 /home/sandbox/UnHAnaAW.x86 guuid=55867169-1f00-0000-4629-e822be140000 pid=5310->guuid=750b0152-2400-0000-4629-e822d0140000 pid=5328 clone guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=55867169-1f00-0000-4629-e822be140000 pid=5310->guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329 clone guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312|send-data send-data to 4097 IP addresses review logs to see them all guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312->guuid=d5fc8169-1f00-0000-4629-e822c0140000 pid=5312|send-data send guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329|send-data send-data to 4097 IP addresses review logs to see them all guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329->guuid=30ec0652-2400-0000-4629-e822d1140000 pid=5329|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-09-22 22:55:14 UTC
File Type:
Text (Shell)
AV detection:
16 of 34 (47.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jla6vh5uguz45durowbqig4jtoor2zqdhrwcyaxsdn2wugi6qlnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251010-wy8nmszmx7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 4ac1ea9fb43533ce8e917583041b899b9d1d66033c6c2c02f21b756a191e82db

(this sample)

Mirai

elf cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

  
URLhaus
https://urlhaus.abuse.ch/url/3667551/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d7aa17420b4e793ecbfd7fd19a4ca174
  
Dropping
SHA256 cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

Comments