MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250
SHA3-384 hash: 3ac01b66fe72f1e50fd3790e2136429fdfcaf47a51dc65121b3f29225cb0d1c389c27322b01a592a15fdc3f5221352b8
SHA1 hash: aadf7fca005059064c5c64e1220c2160bb741cd6
MD5 hash: b66ab5f9992e31ff21d1d6f641ca3860
humanhash: kitten-march-cardinal-seven
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:798 bytes
First seen:2025-10-19 06:34:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:J5O5CYA5rNI795LKt5K+IJ53je5ZT5k5elB5XtS5YB5RA55n:JcgYAs9B6ZIJxyf5ku26Bgj
TLSH T1900125FF6A3171638604CE2560659CA4D026EAC832500B3A5CC61CB2D4DB710BBF7E6B
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://69.62.73.46/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://69.62.73.46/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://69.62.73.46/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://69.62.73.46/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://69.62.73.46/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://69.62.73.46/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://69.62.73.46/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://69.62.73.46/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://69.62.73.46/systemcl/sh4n/an/an/a
http://69.62.73.46/systemcl/spcn/an/an/a
http://69.62.73.46/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://69.62.73.46/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68f486b911ff3db29f63c7d5/reports/f37d3081-5ae0-4228-bf5f-75be9c051c10/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-19T04:13:00Z UTC
Last seen:
2025-10-19T04:33:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b63f3c00-3c3a-422d-98b9-5a327dab32b1
Behavior Graph:
Download SVG
%3 guuid=9e1d3267-1900-0000-38ae-e35bb60f0000 pid=4022 /usr/bin/sudo guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032 /tmp/sample.bin guuid=9e1d3267-1900-0000-38ae-e35bb60f0000 pid=4022->guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032 execve guuid=ec9c446a-1900-0000-38ae-e35bc20f0000 pid=4034 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=ec9c446a-1900-0000-38ae-e35bc20f0000 pid=4034 execve guuid=2aba4e84-1900-0000-38ae-e35b1c100000 pid=4124 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=2aba4e84-1900-0000-38ae-e35b1c100000 pid=4124 execve guuid=a6aa9884-1900-0000-38ae-e35b1d100000 pid=4125 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=a6aa9884-1900-0000-38ae-e35b1d100000 pid=4125 clone guuid=b48ff585-1900-0000-38ae-e35b27100000 pid=4135 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=b48ff585-1900-0000-38ae-e35b27100000 pid=4135 execve guuid=0c93f29f-1900-0000-38ae-e35b6b100000 pid=4203 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=0c93f29f-1900-0000-38ae-e35b6b100000 pid=4203 execve guuid=ea2880a0-1900-0000-38ae-e35b6f100000 pid=4207 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=ea2880a0-1900-0000-38ae-e35b6f100000 pid=4207 clone guuid=36e644a2-1900-0000-38ae-e35b74100000 pid=4212 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=36e644a2-1900-0000-38ae-e35b74100000 pid=4212 execve guuid=5a43a5c3-1900-0000-38ae-e35bd4100000 pid=4308 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=5a43a5c3-1900-0000-38ae-e35bd4100000 pid=4308 execve guuid=6938e7c3-1900-0000-38ae-e35bd5100000 pid=4309 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=6938e7c3-1900-0000-38ae-e35bd5100000 pid=4309 clone guuid=ef70bbc4-1900-0000-38ae-e35bdb100000 pid=4315 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=ef70bbc4-1900-0000-38ae-e35bdb100000 pid=4315 execve guuid=c14555e4-1900-0000-38ae-e35b5d110000 pid=4445 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=c14555e4-1900-0000-38ae-e35b5d110000 pid=4445 execve guuid=bc6492e4-1900-0000-38ae-e35b61110000 pid=4449 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=bc6492e4-1900-0000-38ae-e35b61110000 pid=4449 clone guuid=f06e26e5-1900-0000-38ae-e35b64110000 pid=4452 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=f06e26e5-1900-0000-38ae-e35b64110000 pid=4452 execve guuid=3dacc804-1a00-0000-38ae-e35be6110000 pid=4582 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=3dacc804-1a00-0000-38ae-e35be6110000 pid=4582 execve guuid=c2a41505-1a00-0000-38ae-e35be8110000 pid=4584 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=c2a41505-1a00-0000-38ae-e35be8110000 pid=4584 clone guuid=d4d81106-1a00-0000-38ae-e35bf0110000 pid=4592 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=d4d81106-1a00-0000-38ae-e35bf0110000 pid=4592 execve guuid=5e2cf227-1a00-0000-38ae-e35b42120000 pid=4674 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=5e2cf227-1a00-0000-38ae-e35b42120000 pid=4674 execve guuid=ebc23728-1a00-0000-38ae-e35b43120000 pid=4675 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=ebc23728-1a00-0000-38ae-e35b43120000 pid=4675 clone guuid=9f047929-1a00-0000-38ae-e35b45120000 pid=4677 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=9f047929-1a00-0000-38ae-e35b45120000 pid=4677 execve guuid=64e05e4d-1a00-0000-38ae-e35b8d120000 pid=4749 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=64e05e4d-1a00-0000-38ae-e35b8d120000 pid=4749 execve guuid=e5e6974d-1a00-0000-38ae-e35b8e120000 pid=4750 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=e5e6974d-1a00-0000-38ae-e35b8e120000 pid=4750 clone guuid=9af49e4e-1a00-0000-38ae-e35b91120000 pid=4753 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=9af49e4e-1a00-0000-38ae-e35b91120000 pid=4753 execve guuid=54327b6b-1a00-0000-38ae-e35bf8120000 pid=4856 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=54327b6b-1a00-0000-38ae-e35bf8120000 pid=4856 execve guuid=a995c06b-1a00-0000-38ae-e35bfa120000 pid=4858 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=a995c06b-1a00-0000-38ae-e35bfa120000 pid=4858 clone guuid=c776ca6c-1a00-0000-38ae-e35b00130000 pid=4864 /usr/bin/wget net send-data guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=c776ca6c-1a00-0000-38ae-e35b00130000 pid=4864 execve guuid=c5fa9b7f-1a00-0000-38ae-e35b45130000 pid=4933 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=c5fa9b7f-1a00-0000-38ae-e35b45130000 pid=4933 execve guuid=a65ed57f-1a00-0000-38ae-e35b47130000 pid=4935 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=a65ed57f-1a00-0000-38ae-e35b47130000 pid=4935 clone guuid=b0d8e27f-1a00-0000-38ae-e35b48130000 pid=4936 /usr/bin/wget net send-data guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=b0d8e27f-1a00-0000-38ae-e35b48130000 pid=4936 execve guuid=09ef5290-1a00-0000-38ae-e35b7b130000 pid=4987 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=09ef5290-1a00-0000-38ae-e35b7b130000 pid=4987 execve guuid=3981b390-1a00-0000-38ae-e35b7e130000 pid=4990 /usr/bin/dash guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=3981b390-1a00-0000-38ae-e35b7e130000 pid=4990 clone guuid=247ec690-1a00-0000-38ae-e35b7f130000 pid=4991 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=247ec690-1a00-0000-38ae-e35b7f130000 pid=4991 execve guuid=5f0fa9a8-1a00-0000-38ae-e35bc8130000 pid=5064 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=5f0fa9a8-1a00-0000-38ae-e35bc8130000 pid=5064 execve guuid=bad1e2a8-1a00-0000-38ae-e35bc9130000 pid=5065 /home/sandbox/x86 net guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=bad1e2a8-1a00-0000-38ae-e35bc9130000 pid=5065 execve guuid=7d153cb7-1a00-0000-38ae-e35b0a140000 pid=5130 /usr/bin/wget net send-data write-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=7d153cb7-1a00-0000-38ae-e35b0a140000 pid=5130 execve guuid=bf138df6-1a00-0000-38ae-e35b86140000 pid=5254 /usr/bin/chmod guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=bf138df6-1a00-0000-38ae-e35b86140000 pid=5254 execve guuid=877915f7-1a00-0000-38ae-e35b87140000 pid=5255 /home/sandbox/x86_64 net guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=877915f7-1a00-0000-38ae-e35b87140000 pid=5255 execve guuid=d2446a05-1b00-0000-38ae-e35b8d140000 pid=5261 /usr/bin/rm delete-file guuid=b6960d6a-1900-0000-38ae-e35bc00f0000 pid=4032->guuid=d2446a05-1b00-0000-38ae-e35b8d140000 pid=5261 execve 87bad38a-efa4-5b06-b53e-6a99f18d0666 69.62.73.46:80 guuid=ec9c446a-1900-0000-38ae-e35bc20f0000 pid=4034->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 138B guuid=b48ff585-1900-0000-38ae-e35b27100000 pid=4135->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=36e644a2-1900-0000-38ae-e35b74100000 pid=4212->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=ef70bbc4-1900-0000-38ae-e35bdb100000 pid=4315->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=f06e26e5-1900-0000-38ae-e35b64110000 pid=4452->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=d4d81106-1a00-0000-38ae-e35bf0110000 pid=4592->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=9f047929-1a00-0000-38ae-e35b45120000 pid=4677->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 139B guuid=9af49e4e-1a00-0000-38ae-e35b91120000 pid=4753->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 138B guuid=c776ca6c-1a00-0000-38ae-e35b00130000 pid=4864->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 138B guuid=b0d8e27f-1a00-0000-38ae-e35b48130000 pid=4936->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 138B guuid=247ec690-1a00-0000-38ae-e35b7f130000 pid=4991->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 138B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=bad1e2a8-1a00-0000-38ae-e35bc9130000 pid=5065->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7ca131b7-1a00-0000-38ae-e35b08140000 pid=5128 /home/sandbox/x86 guuid=bad1e2a8-1a00-0000-38ae-e35bc9130000 pid=5065->guuid=7ca131b7-1a00-0000-38ae-e35b08140000 pid=5128 clone guuid=09d835b7-1a00-0000-38ae-e35b09140000 pid=5129 /home/sandbox/x86 net send-data zombie guuid=bad1e2a8-1a00-0000-38ae-e35bc9130000 pid=5065->guuid=09d835b7-1a00-0000-38ae-e35b09140000 pid=5129 clone guuid=09d835b7-1a00-0000-38ae-e35b09140000 pid=5129->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=09d835b7-1a00-0000-38ae-e35b09140000 pid=5129->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=7d153cb7-1a00-0000-38ae-e35b0a140000 pid=5130->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 141B guuid=877915f7-1a00-0000-38ae-e35b87140000 pid=5255->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0a9f5d05-1b00-0000-38ae-e35b8b140000 pid=5259 /home/sandbox/x86_64 guuid=877915f7-1a00-0000-38ae-e35b87140000 pid=5255->guuid=0a9f5d05-1b00-0000-38ae-e35b8b140000 pid=5259 clone guuid=42fe6105-1b00-0000-38ae-e35b8c140000 pid=5260 /home/sandbox/x86_64 net send-data zombie guuid=877915f7-1a00-0000-38ae-e35b87140000 pid=5255->guuid=42fe6105-1b00-0000-38ae-e35b8c140000 pid=5260 clone guuid=42fe6105-1b00-0000-38ae-e35b8c140000 pid=5260->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=42fe6105-1b00-0000-38ae-e35b8c140000 pid=5260->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-19 06:35:43 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lme64v2tod4egf6n52yyzvkhdbkvsw5udr6r5pfggoe54bue2jia._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251019-hb841acs9f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5b09ee575370f84317cdeeb18cd5471855595bb41c7d1ebca63389de0684d250

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3681415/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments