MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f
SHA3-384 hash: ca03302eb6c42f624f906b5fa820b8ba9f95795ca718d092c08c355601d9232411f4e532d16bce535de106f681708782
SHA1 hash: 430701c31c9b99fca416f10a3762d3b6715553bf
MD5 hash: 7fc5324fac4dc1bb8d40e5e2b28266b6
humanhash: green-fix-seven-kansas
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:706 bytes
First seen:2025-06-25 19:10:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:lp4KX/NIl5Tk0LKIX3DObvpXxIKSTztN2tO3Djv:LlNI7LKIjOpBbGtsqjv
TLSH T19101F8CE64229641052DDE10F3678E775405EAC522600F69A9560CF69CDE7203E77FC7
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.69.96.221/arma39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139 Miraielf mirai ua-wget
http://103.69.96.221/arm581cec79087ebb457756d9cfb5ffa8a822c6644f0e4aa04006d36bd7d16bae8ee Miraielf mirai ua-wget
http://103.69.96.221/arm62d8e58cb12af842552eb436da561952d27cb1a88681e3b0ceb7b1550c75de064 Miraielf mirai ua-wget
http://103.69.96.221/arm700eabaddd45ec2a5561dceba20946b21a4cb10e83265c18c7c817ea2cfeb3522 Miraielf mirai ua-wget
http://103.69.96.221/m68k804fa47f76786f0859d114609116ea76016af1c31180af810790902f99a4e79f Miraielf mirai ua-wget
http://103.69.96.221/mips856d04f62b520a17ebfb2d178600f7dbed8184cc361043ef2877365d1848b957 Miraielf mirai ua-wget
http://103.69.96.221/mpsl0df808e3fa32fe14334d6057de74b8dcc98a3947e8207d75faa2f7be67b06a0e Miraielf mirai ua-wget
http://103.69.96.221/ppc51f125abc6b45027dd851115caf240cd3bc6ed1a72bcbc66cfd19bdc640b2f89 Miraielf mirai ua-wget
http://103.69.96.221/sh42b69d8c7fd511e88c99ebaa889cf6f7fe4bf00beb8b6106e2b6ea73132128753 Miraielf mirai ua-wget
http://103.69.96.221/spc88c36968a455f9d060c299a047e40b4f8185e2f7808e1eb56e8d55e7c30407c8 Miraielf mirai ua-wget
http://103.69.96.221/x86de0567748097a8ba22759d2876355dfc2a46d4969b00047587a22f2c67ec0065 Miraielf mirai ua-wget
http://103.69.96.221/x86_64872d88be5ab68bd69614c99918a20bc165c3e55b1bbcfd4f75f2cf4bddf1b13c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685c4a6eb06783b9ebd79994linux22vpnfull_triage
Tags:
trojan mirai agent virus
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1f43b976-15b8-4a9a-93b9-e9feae9fefae
Behavior Graph:
Download SVG
%3 guuid=327a9c20-2100-0000-52a4-2f9c1d090000 pid=2333 /usr/bin/sudo guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343 /tmp/sample.bin guuid=327a9c20-2100-0000-52a4-2f9c1d090000 pid=2333->guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343 execve guuid=62debd24-2100-0000-52a4-2f9c28090000 pid=2344 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=62debd24-2100-0000-52a4-2f9c28090000 pid=2344 execve guuid=000d2f6c-2100-0000-52a4-2f9ccd090000 pid=2509 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=000d2f6c-2100-0000-52a4-2f9ccd090000 pid=2509 execve guuid=3bfb686c-2100-0000-52a4-2f9cce090000 pid=2510 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=3bfb686c-2100-0000-52a4-2f9cce090000 pid=2510 clone guuid=8e1c3d6d-2100-0000-52a4-2f9cd3090000 pid=2515 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=8e1c3d6d-2100-0000-52a4-2f9cd3090000 pid=2515 execve guuid=ee2a6197-2100-0000-52a4-2f9c510a0000 pid=2641 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=ee2a6197-2100-0000-52a4-2f9c510a0000 pid=2641 execve guuid=0369b197-2100-0000-52a4-2f9c530a0000 pid=2643 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=0369b197-2100-0000-52a4-2f9c530a0000 pid=2643 clone guuid=b526c098-2100-0000-52a4-2f9c580a0000 pid=2648 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=b526c098-2100-0000-52a4-2f9c580a0000 pid=2648 execve guuid=79f9eadd-2100-0000-52a4-2f9cfa0a0000 pid=2810 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=79f9eadd-2100-0000-52a4-2f9cfa0a0000 pid=2810 execve guuid=4a6131de-2100-0000-52a4-2f9cfb0a0000 pid=2811 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=4a6131de-2100-0000-52a4-2f9cfb0a0000 pid=2811 clone guuid=fccabede-2100-0000-52a4-2f9cfe0a0000 pid=2814 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=fccabede-2100-0000-52a4-2f9cfe0a0000 pid=2814 execve guuid=2223d022-2200-0000-52a4-2f9c880b0000 pid=2952 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=2223d022-2200-0000-52a4-2f9c880b0000 pid=2952 execve guuid=8d6b3623-2200-0000-52a4-2f9c8a0b0000 pid=2954 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=8d6b3623-2200-0000-52a4-2f9c8a0b0000 pid=2954 clone guuid=ee2d142e-2200-0000-52a4-2f9c930b0000 pid=2963 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=ee2d142e-2200-0000-52a4-2f9c930b0000 pid=2963 execve guuid=7b797777-2200-0000-52a4-2f9c380c0000 pid=3128 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=7b797777-2200-0000-52a4-2f9c380c0000 pid=3128 execve guuid=df34b677-2200-0000-52a4-2f9c3a0c0000 pid=3130 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=df34b677-2200-0000-52a4-2f9c3a0c0000 pid=3130 clone guuid=63785378-2200-0000-52a4-2f9c3e0c0000 pid=3134 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=63785378-2200-0000-52a4-2f9c3e0c0000 pid=3134 execve guuid=c34a9abd-2200-0000-52a4-2f9c9f0c0000 pid=3231 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=c34a9abd-2200-0000-52a4-2f9c9f0c0000 pid=3231 execve guuid=082216be-2200-0000-52a4-2f9ca00c0000 pid=3232 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=082216be-2200-0000-52a4-2f9ca00c0000 pid=3232 clone guuid=c6b4d1be-2200-0000-52a4-2f9ca20c0000 pid=3234 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=c6b4d1be-2200-0000-52a4-2f9ca20c0000 pid=3234 execve guuid=ebbd1a05-2300-0000-52a4-2f9c060d0000 pid=3334 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=ebbd1a05-2300-0000-52a4-2f9c060d0000 pid=3334 execve guuid=84526c05-2300-0000-52a4-2f9c070d0000 pid=3335 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=84526c05-2300-0000-52a4-2f9c070d0000 pid=3335 clone guuid=11b51206-2300-0000-52a4-2f9c0b0d0000 pid=3339 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=11b51206-2300-0000-52a4-2f9c0b0d0000 pid=3339 execve guuid=ae99414a-2300-0000-52a4-2f9cb60d0000 pid=3510 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=ae99414a-2300-0000-52a4-2f9cb60d0000 pid=3510 execve guuid=37708c4a-2300-0000-52a4-2f9cb80d0000 pid=3512 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=37708c4a-2300-0000-52a4-2f9cb80d0000 pid=3512 clone guuid=42f0514b-2300-0000-52a4-2f9cbe0d0000 pid=3518 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=42f0514b-2300-0000-52a4-2f9cbe0d0000 pid=3518 execve guuid=84bafd93-2300-0000-52a4-2f9c3c0e0000 pid=3644 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=84bafd93-2300-0000-52a4-2f9c3c0e0000 pid=3644 execve guuid=15836394-2300-0000-52a4-2f9c3f0e0000 pid=3647 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=15836394-2300-0000-52a4-2f9c3f0e0000 pid=3647 clone guuid=5e5f4295-2300-0000-52a4-2f9c450e0000 pid=3653 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=5e5f4295-2300-0000-52a4-2f9c450e0000 pid=3653 execve guuid=bff210db-2300-0000-52a4-2f9ce80e0000 pid=3816 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=bff210db-2300-0000-52a4-2f9ce80e0000 pid=3816 execve guuid=bac8cbdb-2300-0000-52a4-2f9cec0e0000 pid=3820 /usr/bin/dash guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=bac8cbdb-2300-0000-52a4-2f9cec0e0000 pid=3820 clone guuid=2a73d6dd-2300-0000-52a4-2f9cf30e0000 pid=3827 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=2a73d6dd-2300-0000-52a4-2f9cf30e0000 pid=3827 execve guuid=991b0b15-2400-0000-52a4-2f9c6c0f0000 pid=3948 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=991b0b15-2400-0000-52a4-2f9c6c0f0000 pid=3948 execve guuid=415a5a16-2400-0000-52a4-2f9c700f0000 pid=3952 /home/sandbox/x86 net guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=415a5a16-2400-0000-52a4-2f9c700f0000 pid=3952 execve guuid=beec3a17-2400-0000-52a4-2f9c750f0000 pid=3957 /usr/bin/wget net send-data write-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=beec3a17-2400-0000-52a4-2f9c750f0000 pid=3957 execve guuid=f445bc60-2400-0000-52a4-2f9c54100000 pid=4180 /usr/bin/chmod guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=f445bc60-2400-0000-52a4-2f9c54100000 pid=4180 execve guuid=93fa2c61-2400-0000-52a4-2f9c56100000 pid=4182 /home/sandbox/x86_64 net guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=93fa2c61-2400-0000-52a4-2f9c56100000 pid=4182 execve guuid=323b5261-2400-0000-52a4-2f9c58100000 pid=4184 /usr/bin/rm delete-file guuid=c4ab4b24-2100-0000-52a4-2f9c27090000 pid=2343->guuid=323b5261-2400-0000-52a4-2f9c58100000 pid=4184 execve 0b3ec34b-8d28-57e8-8182-63c0d711508a 103.69.96.221:80 guuid=62debd24-2100-0000-52a4-2f9c28090000 pid=2344->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 131B guuid=8e1c3d6d-2100-0000-52a4-2f9cd3090000 pid=2515->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=b526c098-2100-0000-52a4-2f9c580a0000 pid=2648->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=fccabede-2100-0000-52a4-2f9cfe0a0000 pid=2814->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=ee2d142e-2200-0000-52a4-2f9c930b0000 pid=2963->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=63785378-2200-0000-52a4-2f9c3e0c0000 pid=3134->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=c6b4d1be-2200-0000-52a4-2f9ca20c0000 pid=3234->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 132B guuid=11b51206-2300-0000-52a4-2f9c0b0d0000 pid=3339->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 131B guuid=42f0514b-2300-0000-52a4-2f9cbe0d0000 pid=3518->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 131B guuid=5e5f4295-2300-0000-52a4-2f9c450e0000 pid=3653->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 131B guuid=2a73d6dd-2300-0000-52a4-2f9cf30e0000 pid=3827->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 131B e22a25d0-6c98-5792-9e9c-b205c3cd098e 46.3.112.9:53 guuid=415a5a16-2400-0000-52a4-2f9c700f0000 pid=3952->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=0ea59f16-2400-0000-52a4-2f9c710f0000 pid=3953 /home/sandbox/x86 dns net send-data zombie guuid=415a5a16-2400-0000-52a4-2f9c700f0000 pid=3952->guuid=0ea59f16-2400-0000-52a4-2f9c710f0000 pid=3953 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0ea59f16-2400-0000-52a4-2f9c710f0000 pid=3953->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 1900B 5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 0.0.0.0:0 guuid=0ea59f16-2400-0000-52a4-2f9c710f0000 pid=3953->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 con guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954 /home/sandbox/x86 guuid=0ea59f16-2400-0000-52a4-2f9c710f0000 pid=3953->guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954 clone guuid=acfbdb16-2400-0000-52a4-2f9c730f0000 pid=3955 /home/sandbox/x86 guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954->guuid=acfbdb16-2400-0000-52a4-2f9c730f0000 pid=3955 clone guuid=4f78eb97-2700-0000-52a4-2f9ca2140000 pid=5282 /home/sandbox/x86 guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954->guuid=4f78eb97-2700-0000-52a4-2f9ca2140000 pid=5282 clone guuid=f6325118-2b00-0000-52a4-2f9cc4140000 pid=5316 /home/sandbox/x86 guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954->guuid=f6325118-2b00-0000-52a4-2f9cc4140000 pid=5316 clone guuid=08fd9099-2e00-0000-52a4-2f9cc6140000 pid=5318 /home/sandbox/x86 guuid=7ab5b616-2400-0000-52a4-2f9c720f0000 pid=3954->guuid=08fd9099-2e00-0000-52a4-2f9cc6140000 pid=5318 clone guuid=beec3a17-2400-0000-52a4-2f9c750f0000 pid=3957->0b3ec34b-8d28-57e8-8182-63c0d711508a send: 134B guuid=93fa2c61-2400-0000-52a4-2f9c56100000 pid=4182->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=1a384461-2400-0000-52a4-2f9c57100000 pid=4183 /home/sandbox/x86_64 dns net send-data zombie guuid=93fa2c61-2400-0000-52a4-2f9c56100000 pid=4182->guuid=1a384461-2400-0000-52a4-2f9c57100000 pid=4183 clone guuid=1a384461-2400-0000-52a4-2f9c57100000 pid=4183->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 1710B guuid=1a384461-2400-0000-52a4-2f9c57100000 pid=4183->5a1eed8a-85fe-5cc9-b13b-21dc70289ae4 con guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185 /home/sandbox/x86_64 guuid=1a384461-2400-0000-52a4-2f9c57100000 pid=4183->guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185 clone guuid=e9957d61-2400-0000-52a4-2f9c5a100000 pid=4186 /home/sandbox/x86_64 guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185->guuid=e9957d61-2400-0000-52a4-2f9c5a100000 pid=4186 clone guuid=dc7a39e0-2700-0000-52a4-2f9ca4140000 pid=5284 /home/sandbox/x86_64 guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185->guuid=dc7a39e0-2700-0000-52a4-2f9ca4140000 pid=5284 clone guuid=a45db35e-2b00-0000-52a4-2f9cc5140000 pid=5317 /home/sandbox/x86_64 guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185->guuid=a45db35e-2b00-0000-52a4-2f9cc5140000 pid=5317 clone guuid=86d374dd-2e00-0000-52a4-2f9cc7140000 pid=5319 /home/sandbox/x86_64 guuid=bf1f5761-2400-0000-52a4-2f9c59100000 pid=4185->guuid=86d374dd-2e00-0000-52a4-2f9cc7140000 pid=5319 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-25 18:10:28 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kgw6xci7bzs3yq2gu3epygat2qjrxa7edewp2zoj4bvcgjy2nvpq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250625-xymxls11d1/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 51adeb891f0e65bc4346a6c8fc1813d4131b83e4192cfd65c9e06a23271a6d5f

(this sample)

Mirai

elf a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139

  
URLhaus
https://urlhaus.abuse.ch/url/3570125/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5ace74d08c6a4d3f9e1d2d49d27dcbda
  
Dropping
SHA256 a39d12ac29f27497f06651e771b7b6e0b4add4f6e69980677e47c50509374139
  
URLhaus
https://urlhaus.abuse.ch/url/3568990/
  
URLhaus
https://urlhaus.abuse.ch/url/3570322/
  
URLhaus
https://urlhaus.abuse.ch/url/3570341/

Comments