MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53
SHA3-384 hash: 594897f8ba2530b5c38da2ed6c92502bda0fc865824ac68d5d695b8469a235d2a06f6ddffbba47f98e23981e83676282
SHA1 hash: c6f9e66646c8b45821f623edd0c67a2a6fba2fab
MD5 hash: ffa560bb93c5a1c2004ba98ddab59445
humanhash: earth-high-burger-yankee
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'065 bytes
First seen:2025-10-10 18:20:23 UTC
Last seen:2025-10-11 18:15:31 UTC
File type: sh
MIME type:text/plain
ssdeep 24:Ew9wQw6NIxwPKpwMLwCwywkSwMswEYwcLwNdv:/a7qj+t
TLSH T1931103D92260515550086B30349B093A9FDFF3CAA0366AF4547ED827A0CF980BB28F3F
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.144.20.51/UnHAnaAW.armcadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm52cc1630fc7c1f37a336e74fbbf81294467d1eb49c1121a459a7f8436be2e1a60 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm6a98d31417dd74c71c34e84e28f7269bc7b882622fbdf0183bfa48520b98a1f52 Miraielf mirai
http://89.144.20.51/UnHAnaAW.arm764cecc3ddcde57c504d5d4f50c68ec2f8dc9182ffbbd84542fcd4cfbd116942c Miraielf mirai
http://89.144.20.51/UnHAnaAW.sh4b99efc2f0d9968e8b8d246af1f7e68a8a8bc2bf31db01259d4c29f955642736a Miraielf mirai
http://89.144.20.51/UnHAnaAW.ppc8986d574f66c38aa730786281cd37fa332b6bc7834eaed64f060a386f79cb5c0 Miraielf mirai
http://89.144.20.51/UnHAnaAW.mipsca619232e424f47aa37e9681930de71499648516dd842054ca84f29e03f470f6 Miraielf mirai
http://89.144.20.51/UnHAnaAW.mpsl9a6f1800f6b8114b95c7c58a892651c79ea9cd2563d4df721dc87e00b464ebbe Miraielf mirai
http://89.144.20.51/UnHAnaAW.spc8122b636fe0eca6db90e4ae02ca55ee5b391c8cc1472f2445ec25833fddcdef4 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x861c8dab7f3654222eb46bf54de4854895d2e7f8faaca9e4362f7a9ac3e9afea88 Miraielf mirai
http://89.144.20.51/UnHAnaAW.x86_64n/an/an/a
http://89.144.20.51/UnHAnaAW.i586n/an/an/a

Intelligence

File Origin
# of uploads :
3
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68e94e9371883144ef30d3ff/reports/0c1ef9a9-d229-42a7-9841-c86e08d8955b/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-19T10:34:00Z UTC
Last seen:
2025-10-10T15:49:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/00fc5708-3ae4-4012-807a-ed2fab03747c
Behavior Graph:
Download SVG
%3 guuid=577f6992-1800-0000-fc6b-6598a40a0000 pid=2724 /usr/bin/sudo guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732 /tmp/sample.bin guuid=577f6992-1800-0000-fc6b-6598a40a0000 pid=2724->guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732 execve guuid=41b38c94-1800-0000-fc6b-6598ae0a0000 pid=2734 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=41b38c94-1800-0000-fc6b-6598ae0a0000 pid=2734 execve guuid=be216ea4-1800-0000-fc6b-6598c70a0000 pid=2759 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=be216ea4-1800-0000-fc6b-6598c70a0000 pid=2759 execve guuid=1406caa4-1800-0000-fc6b-6598c90a0000 pid=2761 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=1406caa4-1800-0000-fc6b-6598c90a0000 pid=2761 clone guuid=d3fb6ca5-1800-0000-fc6b-6598cd0a0000 pid=2765 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=d3fb6ca5-1800-0000-fc6b-6598cd0a0000 pid=2765 execve guuid=34a3d8b3-1800-0000-fc6b-6598eb0a0000 pid=2795 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=34a3d8b3-1800-0000-fc6b-6598eb0a0000 pid=2795 execve guuid=3fbc5db4-1800-0000-fc6b-6598ec0a0000 pid=2796 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=3fbc5db4-1800-0000-fc6b-6598ec0a0000 pid=2796 clone guuid=63f7e4b4-1800-0000-fc6b-6598f00a0000 pid=2800 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=63f7e4b4-1800-0000-fc6b-6598f00a0000 pid=2800 execve guuid=6810ddc3-1800-0000-fc6b-65980a0b0000 pid=2826 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=6810ddc3-1800-0000-fc6b-65980a0b0000 pid=2826 execve guuid=fcc964c4-1800-0000-fc6b-65980c0b0000 pid=2828 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=fcc964c4-1800-0000-fc6b-65980c0b0000 pid=2828 clone guuid=9d7c26c5-1800-0000-fc6b-6598100b0000 pid=2832 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=9d7c26c5-1800-0000-fc6b-6598100b0000 pid=2832 execve guuid=e41532d6-1800-0000-fc6b-6598340b0000 pid=2868 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=e41532d6-1800-0000-fc6b-6598340b0000 pid=2868 execve guuid=6f2c76d6-1800-0000-fc6b-6598360b0000 pid=2870 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=6f2c76d6-1800-0000-fc6b-6598360b0000 pid=2870 clone guuid=15da17d7-1800-0000-fc6b-6598390b0000 pid=2873 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=15da17d7-1800-0000-fc6b-6598390b0000 pid=2873 execve guuid=3a6ca6e3-1800-0000-fc6b-65985f0b0000 pid=2911 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=3a6ca6e3-1800-0000-fc6b-65985f0b0000 pid=2911 execve guuid=6272ece3-1800-0000-fc6b-6598600b0000 pid=2912 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=6272ece3-1800-0000-fc6b-6598600b0000 pid=2912 clone guuid=d5d36be4-1800-0000-fc6b-6598630b0000 pid=2915 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=d5d36be4-1800-0000-fc6b-6598630b0000 pid=2915 execve guuid=4a6cf5f1-1800-0000-fc6b-65987b0b0000 pid=2939 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=4a6cf5f1-1800-0000-fc6b-65987b0b0000 pid=2939 execve guuid=6a3e0bf3-1800-0000-fc6b-65987c0b0000 pid=2940 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=6a3e0bf3-1800-0000-fc6b-65987c0b0000 pid=2940 clone guuid=1d0220f3-1800-0000-fc6b-65987d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=1d0220f3-1800-0000-fc6b-65987d0b0000 pid=2941 execve guuid=259c1b04-1900-0000-fc6b-65989c0b0000 pid=2972 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=259c1b04-1900-0000-fc6b-65989c0b0000 pid=2972 execve guuid=06d96804-1900-0000-fc6b-65989e0b0000 pid=2974 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=06d96804-1900-0000-fc6b-65989e0b0000 pid=2974 clone guuid=e3b71105-1900-0000-fc6b-6598a10b0000 pid=2977 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=e3b71105-1900-0000-fc6b-6598a10b0000 pid=2977 execve guuid=788fe714-1900-0000-fc6b-6598c60b0000 pid=3014 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=788fe714-1900-0000-fc6b-6598c60b0000 pid=3014 execve guuid=0bd25915-1900-0000-fc6b-6598c70b0000 pid=3015 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=0bd25915-1900-0000-fc6b-6598c70b0000 pid=3015 clone guuid=123b2616-1900-0000-fc6b-6598c90b0000 pid=3017 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=123b2616-1900-0000-fc6b-6598c90b0000 pid=3017 execve guuid=8d88b422-1900-0000-fc6b-6598e00b0000 pid=3040 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=8d88b422-1900-0000-fc6b-6598e00b0000 pid=3040 execve guuid=7902fb22-1900-0000-fc6b-6598e10b0000 pid=3041 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=7902fb22-1900-0000-fc6b-6598e10b0000 pid=3041 clone guuid=3a74b824-1900-0000-fc6b-6598e60b0000 pid=3046 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=3a74b824-1900-0000-fc6b-6598e60b0000 pid=3046 execve guuid=a891f031-1900-0000-fc6b-6598090c0000 pid=3081 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=a891f031-1900-0000-fc6b-6598090c0000 pid=3081 execve guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083 /home/sandbox/UnHAnaAW.x86 net guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083 execve guuid=e7ce6232-1900-0000-fc6b-6598100c0000 pid=3088 /usr/bin/wget net send-data write-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=e7ce6232-1900-0000-fc6b-6598100c0000 pid=3088 execve guuid=e75a964a-1900-0000-fc6b-6598480c0000 pid=3144 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=e75a964a-1900-0000-fc6b-6598480c0000 pid=3144 execve guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147 /home/sandbox/UnHAnaAW.x86_64 net guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147 execve guuid=96d08cb6-1a00-0000-fc6b-6598a40e0000 pid=3748 /usr/bin/wget net guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=96d08cb6-1a00-0000-fc6b-6598a40e0000 pid=3748 execve guuid=0cbeb1bb-1a00-0000-fc6b-6598b20e0000 pid=3762 /usr/bin/chmod guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=0cbeb1bb-1a00-0000-fc6b-6598b20e0000 pid=3762 execve guuid=065440bc-1a00-0000-fc6b-6598b30e0000 pid=3763 /usr/bin/dash guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=065440bc-1a00-0000-fc6b-6598b30e0000 pid=3763 clone guuid=0ebe54bc-1a00-0000-fc6b-6598b40e0000 pid=3764 /usr/bin/rm delete-file guuid=e7805594-1800-0000-fc6b-6598ac0a0000 pid=2732->guuid=0ebe54bc-1a00-0000-fc6b-6598b40e0000 pid=3764 execve c52c8c68-d8b7-50e7-8387-bf4eaaab6eab 89.144.20.51:80 guuid=41b38c94-1800-0000-fc6b-6598ae0a0000 pid=2734->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 139B guuid=d3fb6ca5-1800-0000-fc6b-6598cd0a0000 pid=2765->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 140B guuid=63f7e4b4-1800-0000-fc6b-6598f00a0000 pid=2800->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 140B guuid=9d7c26c5-1800-0000-fc6b-6598100b0000 pid=2832->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 140B guuid=15da17d7-1800-0000-fc6b-6598390b0000 pid=2873->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 139B guuid=d5d36be4-1800-0000-fc6b-6598630b0000 pid=2915->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 139B guuid=1d0220f3-1800-0000-fc6b-65987d0b0000 pid=2941->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 140B guuid=e3b71105-1900-0000-fc6b-6598a10b0000 pid=2977->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 140B guuid=123b2616-1900-0000-fc6b-6598c90b0000 pid=3017->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 139B guuid=3a74b824-1900-0000-fc6b-6598e60b0000 pid=3046->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 139B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f0c05332-1900-0000-fc6b-65980d0c0000 pid=3085 /home/sandbox/UnHAnaAW.x86 guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083->guuid=f0c05332-1900-0000-fc6b-65980d0c0000 pid=3085 clone guuid=2d305932-1900-0000-fc6b-65980e0c0000 pid=3086 /home/sandbox/UnHAnaAW.x86 guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083->guuid=2d305932-1900-0000-fc6b-65980e0c0000 pid=3086 clone guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=823a3032-1900-0000-fc6b-65980b0c0000 pid=3083->guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087 clone guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1cf72457-578c-5abd-9392-ac1c39cddaa1 89.144.20.51:1024 guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->1cf72457-578c-5abd-9392-ac1c39cddaa1 send: 12B guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089 clone guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090 clone guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091 clone guuid=e8bd7f32-1900-0000-fc6b-6598140c0000 pid=3092 /home/sandbox/UnHAnaAW.x86 guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=e8bd7f32-1900-0000-fc6b-6598140c0000 pid=3092 clone guuid=34e28432-1900-0000-fc6b-6598150c0000 pid=3093 /home/sandbox/UnHAnaAW.x86 guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=34e28432-1900-0000-fc6b-6598150c0000 pid=3093 clone guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=4c065e32-1900-0000-fc6b-65980f0c0000 pid=3087->guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094 clone guuid=e7ce6232-1900-0000-fc6b-6598100c0000 pid=3088->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab send: 142B guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089|send-data send-data to 160 IP addresses review logs to see them all guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089->guuid=874c6f32-1900-0000-fc6b-6598110c0000 pid=3089|send-data send guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090|send-data send-data to 160 IP addresses review logs to see them all guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090->guuid=30e97332-1900-0000-fc6b-6598120c0000 pid=3090|send-data send guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 8fe0d08f-075d-5a37-abb5-8d17e101bec6 94.123.39.0:8080 guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->8fe0d08f-075d-5a37-abb5-8d17e101bec6 send: 351B 7c0a6921-ce79-50d6-83ff-43478062af1e 85.158.8.23:8080 guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->7c0a6921-ce79-50d6-83ff-43478062af1e send: 40B 3c693ce5-bc5f-59d2-bf03-feecbd9f8bfa 94.120.249.234:8080 guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->3c693ce5-bc5f-59d2-bf03-feecbd9f8bfa send: 40B cf1ce193-6468-59c8-addd-2d420275ecb1 94.140.47.163:8080 guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->cf1ce193-6468-59c8-addd-2d420275ecb1 send: 351B guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091|send-data send-data to 1024 IP addresses review logs to see them all guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091->guuid=98fc7a32-1900-0000-fc6b-6598130c0000 pid=3091|send-data send guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094|send-data send-data to 384 IP addresses review logs to see them all guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094->guuid=f0b68832-1900-0000-fc6b-6598160c0000 pid=3094|send-data send guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=9da166b6-1a00-0000-fc6b-6598a10e0000 pid=3745 /home/sandbox/UnHAnaAW.x86_64 guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147->guuid=9da166b6-1a00-0000-fc6b-6598a10e0000 pid=3745 clone guuid=0ebe6fb6-1a00-0000-fc6b-6598a20e0000 pid=3746 /home/sandbox/UnHAnaAW.x86_64 guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147->guuid=0ebe6fb6-1a00-0000-fc6b-6598a20e0000 pid=3746 clone guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=607dec4a-1900-0000-fc6b-65984b0c0000 pid=3147->guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747 clone guuid=5de1355c-2400-0000-fc6b-6598e7140000 pid=5351 /home/sandbox/UnHAnaAW.x86_64 guuid=9da166b6-1a00-0000-fc6b-6598a10e0000 pid=3745->guuid=5de1355c-2400-0000-fc6b-6598e7140000 pid=5351 clone guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=9da166b6-1a00-0000-fc6b-6598a10e0000 pid=3745->guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352 clone guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->1cf72457-578c-5abd-9392-ac1c39cddaa1 send: 14B guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749 clone guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750 clone guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751 clone guuid=6490b9b6-1a00-0000-fc6b-6598a80e0000 pid=3752 /home/sandbox/UnHAnaAW.x86_64 net guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=6490b9b6-1a00-0000-fc6b-6598a80e0000 pid=3752 clone guuid=bc12c4b6-1a00-0000-fc6b-6598aa0e0000 pid=3754 /home/sandbox/UnHAnaAW.x86_64 guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=bc12c4b6-1a00-0000-fc6b-6598aa0e0000 pid=3754 clone guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=57147ab6-1a00-0000-fc6b-6598a30e0000 pid=3747->guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755 clone guuid=96d08cb6-1a00-0000-fc6b-6598a40e0000 pid=3748->c52c8c68-d8b7-50e7-8387-bf4eaaab6eab con guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749|send-data send-data to 4096 IP addresses review logs to see them all guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749->guuid=5f539ab6-1a00-0000-fc6b-6598a50e0000 pid=3749|send-data send guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 2ec30361-5d48-5589-9c76-50b1d727ebed 88.97.105.233:80 guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750->2ec30361-5d48-5589-9c76-50b1d727ebed send: 40B 5937ed75-fa4c-52fb-890c-8d136fdf8fea 88.151.90.28:80 guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750->5937ed75-fa4c-52fb-890c-8d136fdf8fea send: 40B guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750|send-data send-data to 4097 IP addresses review logs to see them all guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750->guuid=598ca5b6-1a00-0000-fc6b-6598a60e0000 pid=3750|send-data send guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751|send-data send-data to 4097 IP addresses review logs to see them all guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751->guuid=2538adb6-1a00-0000-fc6b-6598a70e0000 pid=3751|send-data send guuid=6490b9b6-1a00-0000-fc6b-6598a80e0000 pid=3752->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=ba3e0f60-2400-0000-fc6b-6598ef140000 pid=5359 /home/sandbox/UnHAnaAW.x86_64 guuid=6490b9b6-1a00-0000-fc6b-6598a80e0000 pid=3752->guuid=ba3e0f60-2400-0000-fc6b-6598ef140000 pid=5359 clone guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=6490b9b6-1a00-0000-fc6b-6598a80e0000 pid=3752->guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360 clone guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755|send-data send-data to 4097 IP addresses review logs to see them all guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755->guuid=ff0352b7-1a00-0000-fc6b-6598ab0e0000 pid=3755|send-data send guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353 clone guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354 clone guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355 clone guuid=961c535c-2400-0000-fc6b-6598ec140000 pid=5356 /home/sandbox/UnHAnaAW.x86_64 net guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=961c535c-2400-0000-fc6b-6598ec140000 pid=5356 clone guuid=964a565c-2400-0000-fc6b-6598ed140000 pid=5357 /home/sandbox/UnHAnaAW.x86_64 guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=964a565c-2400-0000-fc6b-6598ed140000 pid=5357 clone guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=07a03a5c-2400-0000-fc6b-6598e8140000 pid=5352->guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358 clone guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353|send-data send-data to 2240 IP addresses review logs to see them all guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353->guuid=5543475c-2400-0000-fc6b-6598e9140000 pid=5353|send-data send guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354|send-data send-data to 2080 IP addresses review logs to see them all guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354->guuid=59f54a5c-2400-0000-fc6b-6598ea140000 pid=5354|send-data send guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355|send-data send-data to 4097 IP addresses review logs to see them all guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355->guuid=23304e5c-2400-0000-fc6b-6598eb140000 pid=5355|send-data send guuid=961c535c-2400-0000-fc6b-6598ec140000 pid=5356->1cf72457-578c-5abd-9392-ac1c39cddaa1 con guuid=8aa5ee86-2500-0000-fc6b-6598f1140000 pid=5361 /home/sandbox/UnHAnaAW.x86_64 guuid=961c535c-2400-0000-fc6b-6598ec140000 pid=5356->guuid=8aa5ee86-2500-0000-fc6b-6598f1140000 pid=5361 clone guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=961c535c-2400-0000-fc6b-6598ec140000 pid=5356->guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362 clone guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358|send-data send-data to 4097 IP addresses review logs to see them all guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358->guuid=b3af5b5c-2400-0000-fc6b-6598ee140000 pid=5358|send-data send guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360|send-data send-data to 4097 IP addresses review logs to see them all guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360->guuid=13071860-2400-0000-fc6b-6598f0140000 pid=5360|send-data send guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362|send-data send-data to 3072 IP addresses review logs to see them all guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362->guuid=d5b7f486-2500-0000-fc6b-6598f2140000 pid=5362|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53/
Verdict:
Malicious
Threat:
Document-HTML.Downloader.Heuristic
Link:
https://tip.neiki.dev/file/50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-19 15:56:20 UTC
File Type:
Text (Shell)
AV detection:
16 of 36 (44.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcupmcq3pnrtbhtxdlrxptksuvsdkptpfhkxxgz6ulkfp75u7njq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251010-wy8nmstvds/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 50a8f60a1b7b63309e771ae377cd52a564353e6f29d57b9b3ea2d457ffb4fb53

(this sample)

Mirai

elf cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

  
URLhaus
https://urlhaus.abuse.ch/url/3667550/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d7aa17420b4e793ecbfd7fd19a4ca174
  
Dropping
SHA256 cadb9b2627a454702fbe4355d109f5a528751dc00982d3a091320c93e098a4fa

Comments