MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a
SHA3-384 hash: c67281bb4ccc55b3201319bc614a77d81cb7ebe9a4918494860a308979b1cd7f1edb94ed60f65a4a5d1e2817ae56a641
SHA1 hash: 06e2ac7b05052bd0b8d2e3dda6d718121bdc1c6c
MD5 hash: a083be4d216e8f2b8f8a3b31cd2267d0
humanhash: alabama-mobile-five-equal
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:822 bytes
First seen:2025-10-18 05:53:24 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:X1FYayNI7DKKzH+IXQjcYT5WFl/Yt49/GaWn:X1FYarDKQeIXQYs5W339/pW
TLSH T1620156DFA2F1627204E48F7470A38D4C946AD3C0369CCF1ADCC8047AC4D5550B12DEA9
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.60.218.192/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf geofenced m68k mirai ua-wget USA
http://72.60.218.192/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf geofenced mirai PowerPC ua-wget USA
http://72.60.218.192/systemcl/sh4n/an/an/a
http://72.60.218.192/systemcl/spcn/an/an/a
http://72.60.218.192/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86
http://72.60.218.192/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68f32c3511ff3db29f636a31/reports/6d28c300-ae39-4cf6-9d04-bb88fcdeb9c3/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-18T01:29:00Z UTC
Last seen:
2025-10-18T05:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/48435315-b3e1-4fea-ae75-cef8a445c3b4
Behavior Graph:
Download SVG
%3 guuid=274481cf-1a00-0000-3923-4f4c100c0000 pid=3088 /usr/bin/sudo guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097 /tmp/sample.bin guuid=274481cf-1a00-0000-3923-4f4c100c0000 pid=3088->guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097 execve guuid=a7a002d2-1a00-0000-3923-4f4c1a0c0000 pid=3098 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=a7a002d2-1a00-0000-3923-4f4c1a0c0000 pid=3098 execve guuid=ca3334ee-1a00-0000-3923-4f4c5c0c0000 pid=3164 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=ca3334ee-1a00-0000-3923-4f4c5c0c0000 pid=3164 execve guuid=dc3c7fee-1a00-0000-3923-4f4c5d0c0000 pid=3165 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=dc3c7fee-1a00-0000-3923-4f4c5d0c0000 pid=3165 clone guuid=c0cc06ef-1a00-0000-3923-4f4c600c0000 pid=3168 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=c0cc06ef-1a00-0000-3923-4f4c600c0000 pid=3168 execve guuid=ef900507-1b00-0000-3923-4f4c750c0000 pid=3189 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=ef900507-1b00-0000-3923-4f4c750c0000 pid=3189 execve guuid=b26d5b07-1b00-0000-3923-4f4c760c0000 pid=3190 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=b26d5b07-1b00-0000-3923-4f4c760c0000 pid=3190 clone guuid=ea791408-1b00-0000-3923-4f4c780c0000 pid=3192 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=ea791408-1b00-0000-3923-4f4c780c0000 pid=3192 execve guuid=76808f2a-1b00-0000-3923-4f4c9d0c0000 pid=3229 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=76808f2a-1b00-0000-3923-4f4c9d0c0000 pid=3229 execve guuid=1426ed2a-1b00-0000-3923-4f4c9e0c0000 pid=3230 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=1426ed2a-1b00-0000-3923-4f4c9e0c0000 pid=3230 clone guuid=03f7d12b-1b00-0000-3923-4f4ca10c0000 pid=3233 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=03f7d12b-1b00-0000-3923-4f4ca10c0000 pid=3233 execve guuid=3385914c-1b00-0000-3923-4f4ccb0c0000 pid=3275 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=3385914c-1b00-0000-3923-4f4ccb0c0000 pid=3275 execve guuid=fad60e4d-1b00-0000-3923-4f4ccc0c0000 pid=3276 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=fad60e4d-1b00-0000-3923-4f4ccc0c0000 pid=3276 clone guuid=64cfe54d-1b00-0000-3923-4f4cce0c0000 pid=3278 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=64cfe54d-1b00-0000-3923-4f4cce0c0000 pid=3278 execve guuid=a247bb6d-1b00-0000-3923-4f4c0b0d0000 pid=3339 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=a247bb6d-1b00-0000-3923-4f4c0b0d0000 pid=3339 execve guuid=41100b6e-1b00-0000-3923-4f4c0d0d0000 pid=3341 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=41100b6e-1b00-0000-3923-4f4c0d0d0000 pid=3341 clone guuid=2612bc6e-1b00-0000-3923-4f4c100d0000 pid=3344 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=2612bc6e-1b00-0000-3923-4f4c100d0000 pid=3344 execve guuid=ffb40f91-1b00-0000-3923-4f4c450d0000 pid=3397 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=ffb40f91-1b00-0000-3923-4f4c450d0000 pid=3397 execve guuid=39985a91-1b00-0000-3923-4f4c470d0000 pid=3399 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=39985a91-1b00-0000-3923-4f4c470d0000 pid=3399 clone guuid=3f653993-1b00-0000-3923-4f4c4b0d0000 pid=3403 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=3f653993-1b00-0000-3923-4f4c4b0d0000 pid=3403 execve guuid=61dd4bb3-1b00-0000-3923-4f4c900d0000 pid=3472 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=61dd4bb3-1b00-0000-3923-4f4c900d0000 pid=3472 execve guuid=f0538eb3-1b00-0000-3923-4f4c920d0000 pid=3474 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=f0538eb3-1b00-0000-3923-4f4c920d0000 pid=3474 clone guuid=784a2cb4-1b00-0000-3923-4f4c950d0000 pid=3477 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=784a2cb4-1b00-0000-3923-4f4c950d0000 pid=3477 execve guuid=eca4b3cd-1b00-0000-3923-4f4cc50d0000 pid=3525 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=eca4b3cd-1b00-0000-3923-4f4cc50d0000 pid=3525 execve guuid=fe145fce-1b00-0000-3923-4f4cc60d0000 pid=3526 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=fe145fce-1b00-0000-3923-4f4cc60d0000 pid=3526 clone guuid=8fef99cf-1b00-0000-3923-4f4cc80d0000 pid=3528 /usr/bin/wget net send-data guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=8fef99cf-1b00-0000-3923-4f4cc80d0000 pid=3528 execve guuid=da0e9fe0-1b00-0000-3923-4f4ce40d0000 pid=3556 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=da0e9fe0-1b00-0000-3923-4f4ce40d0000 pid=3556 execve guuid=20813ae1-1b00-0000-3923-4f4ce70d0000 pid=3559 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=20813ae1-1b00-0000-3923-4f4ce70d0000 pid=3559 clone guuid=206c54e1-1b00-0000-3923-4f4ce80d0000 pid=3560 /usr/bin/wget net send-data guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=206c54e1-1b00-0000-3923-4f4ce80d0000 pid=3560 execve guuid=11e998f1-1b00-0000-3923-4f4c130e0000 pid=3603 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=11e998f1-1b00-0000-3923-4f4c130e0000 pid=3603 execve guuid=8c0b0df2-1b00-0000-3923-4f4c150e0000 pid=3605 /usr/bin/dash guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=8c0b0df2-1b00-0000-3923-4f4c150e0000 pid=3605 clone guuid=fc641bf2-1b00-0000-3923-4f4c160e0000 pid=3606 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=fc641bf2-1b00-0000-3923-4f4c160e0000 pid=3606 execve guuid=dad7f40b-1c00-0000-3923-4f4c490e0000 pid=3657 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=dad7f40b-1c00-0000-3923-4f4c490e0000 pid=3657 execve guuid=d2d5480c-1c00-0000-3923-4f4c4d0e0000 pid=3661 /home/sandbox/x86 net guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=d2d5480c-1c00-0000-3923-4f4c4d0e0000 pid=3661 execve guuid=c51d271e-1c00-0000-3923-4f4c8d0e0000 pid=3725 /usr/bin/wget net send-data write-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=c51d271e-1c00-0000-3923-4f4c8d0e0000 pid=3725 execve guuid=cc52a937-1c00-0000-3923-4f4ce80e0000 pid=3816 /usr/bin/chmod guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=cc52a937-1c00-0000-3923-4f4ce80e0000 pid=3816 execve guuid=63bcfc37-1c00-0000-3923-4f4ced0e0000 pid=3821 /home/sandbox/x86_64 net guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=63bcfc37-1c00-0000-3923-4f4ced0e0000 pid=3821 execve guuid=157b8d4d-1c00-0000-3923-4f4c3a0f0000 pid=3898 /usr/bin/rm delete-file guuid=2269ccd1-1a00-0000-3923-4f4c190c0000 pid=3097->guuid=157b8d4d-1c00-0000-3923-4f4c3a0f0000 pid=3898 execve 54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 72.60.218.192:80 guuid=a7a002d2-1a00-0000-3923-4f4c1a0c0000 pid=3098->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 140B guuid=c0cc06ef-1a00-0000-3923-4f4c600c0000 pid=3168->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=ea791408-1b00-0000-3923-4f4c780c0000 pid=3192->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=03f7d12b-1b00-0000-3923-4f4ca10c0000 pid=3233->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=64cfe54d-1b00-0000-3923-4f4cce0c0000 pid=3278->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=2612bc6e-1b00-0000-3923-4f4c100d0000 pid=3344->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=3f653993-1b00-0000-3923-4f4c4b0d0000 pid=3403->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 141B guuid=784a2cb4-1b00-0000-3923-4f4c950d0000 pid=3477->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 140B guuid=8fef99cf-1b00-0000-3923-4f4cc80d0000 pid=3528->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 140B guuid=206c54e1-1b00-0000-3923-4f4ce80d0000 pid=3560->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 140B guuid=fc641bf2-1b00-0000-3923-4f4c160e0000 pid=3606->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=d2d5480c-1c00-0000-3923-4f4c4d0e0000 pid=3661->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=607e1d1e-1c00-0000-3923-4f4c8b0e0000 pid=3723 /home/sandbox/x86 guuid=d2d5480c-1c00-0000-3923-4f4c4d0e0000 pid=3661->guuid=607e1d1e-1c00-0000-3923-4f4c8b0e0000 pid=3723 clone guuid=dc32221e-1c00-0000-3923-4f4c8c0e0000 pid=3724 /home/sandbox/x86 net send-data zombie guuid=d2d5480c-1c00-0000-3923-4f4c4d0e0000 pid=3661->guuid=dc32221e-1c00-0000-3923-4f4c8c0e0000 pid=3724 clone guuid=dc32221e-1c00-0000-3923-4f4c8c0e0000 pid=3724->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=dc32221e-1c00-0000-3923-4f4c8c0e0000 pid=3724->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=c51d271e-1c00-0000-3923-4f4c8d0e0000 pid=3725->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 143B guuid=63bcfc37-1c00-0000-3923-4f4ced0e0000 pid=3821->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f2e5794d-1c00-0000-3923-4f4c380f0000 pid=3896 /home/sandbox/x86_64 guuid=63bcfc37-1c00-0000-3923-4f4ced0e0000 pid=3821->guuid=f2e5794d-1c00-0000-3923-4f4c380f0000 pid=3896 clone guuid=e759804d-1c00-0000-3923-4f4c390f0000 pid=3897 /home/sandbox/x86_64 net send-data zombie guuid=63bcfc37-1c00-0000-3923-4f4ced0e0000 pid=3821->guuid=e759804d-1c00-0000-3923-4f4c390f0000 pid=3897 clone guuid=e759804d-1c00-0000-3923-4f4c390f0000 pid=3897->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e759804d-1c00-0000-3923-4f4c390f0000 pid=3897->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-18 05:58:25 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5pumydi4wdcjhroexm3sd2fgbjcncj6sl5v3mcoj2t5su4r4yna._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-gnhbdayqdv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 575f466068e586249e2e25d9b90f45305226893e92fb5db04e4ea7d95391e61a

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3680758/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments