MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1
SHA3-384 hash: 55937a376920d8fd7146bb993816d25b9666b716add778ec8e00bcb5805f432f6b497bb99131fc2f6b64d1ff5a7c8097
SHA1 hash: e2ad5e3c16cbec12ae6b8648759bb8d844eea368
MD5 hash: 0122343442e2cf893a9e7d9578770245
humanhash: vegan-fourteen-lion-apart
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:705 bytes
First seen:2025-11-15 21:15:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SGKMxxKnlxKjNNIl5HxKna0LKilxKZOvxKaNI9xK9NM5xKV/B0SHxKnFL5lxKGxL:MSNNIl5x0LKHOpe4NMlSutmzjB4n
TLSH T1970112EE26A1637E0528CF18706688C47009CAC634711B1DAACA3FF29CD97093D12F6A
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://2.56.122.3/arm8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40 Mirai32-bit elf mirai Mozi
http://2.56.122.3/arm5ed8fefaec32f423d47ad8929b6e8f869f3d7043245ba1e99ceacd75bfe3b5f2b Miraielf mirai ua-wget
http://2.56.122.3/arm640547b593a0eefa0a818a539874f66ffa195bb438d5995acf7d06829f707e65f Miraielf mirai ua-wget
http://2.56.122.3/arm776a151de07cea965b0320057263aee27eaa4ec57db4f8db1afc59267e305c1e0 Miraielf mirai ua-wget
http://2.56.122.3/m68k856c35fa5043b8ee8e231651eb9a61aeae031be335679e4f6f37af7974d8f276 Miraielf mirai ua-wget
http://2.56.122.3/mips47438305b91bceec94d75dd203d18fab47d287dacc9282632af9dd4694849c93 Mirai32-bit elf mirai Mozi
http://2.56.122.3/mpsl0d7dd6f504d74271e4883aa266d4ed0c1f74bf84694af0976dc654a6ac3e65d0 Miraielf mirai ua-wget
http://2.56.122.3/ppce489b2d7708986566570ba14dfdfdc83c5d6774f276cd8370a6fdd2f0ad9e9d7 Miraielf mirai ua-wget
http://2.56.122.3/sh4dc08f53196b64a4ad0e6bbd22652f96f39e332dc7cd49eab14515bf9eefb99ef Miraielf mirai ua-wget
http://2.56.122.3/spcc62b9aa9ae196e2bde6dd30bcd5e338e78f25a4ecaa313d1b7c318974716bfae Miraielf mirai ua-wget
http://2.56.122.3/x861bf5f1ecf1b1d84c30ef45537304c3d416ec239c89769f0fa986c67bbc1ee9d4 Mirai32-bit elf mirai Mozi
http://2.56.122.3/x86_648e4cd99dcb2c2ab654079b0051a29580ff9f9bb1c8b59da2430b2197054cc4c4 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6918eda8d0a6890408b6499b/reports/596fd291-8445-415e-8cb4-828f301a2d94/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-15T19:34:00Z UTC
Last seen:
2025-11-16T01:36:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7c5063b8-8ba0-4b88-9e1a-35b81ee9733b
Behavior Graph:
Download SVG
%3 guuid=a9e1d2b8-1900-0000-dd4e-3e2473090000 pid=2419 /usr/bin/sudo guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425 /tmp/sample.bin guuid=a9e1d2b8-1900-0000-dd4e-3e2473090000 pid=2419->guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425 execve guuid=3062ddba-1900-0000-dd4e-3e247b090000 pid=2427 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=3062ddba-1900-0000-dd4e-3e247b090000 pid=2427 execve guuid=85a2efce-1900-0000-dd4e-3e24a2090000 pid=2466 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=85a2efce-1900-0000-dd4e-3e24a2090000 pid=2466 execve guuid=46232fcf-1900-0000-dd4e-3e24a4090000 pid=2468 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=46232fcf-1900-0000-dd4e-3e24a4090000 pid=2468 clone guuid=bdfa69d1-1900-0000-dd4e-3e24ab090000 pid=2475 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=bdfa69d1-1900-0000-dd4e-3e24ab090000 pid=2475 execve guuid=1bb7acdc-1900-0000-dd4e-3e24c2090000 pid=2498 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=1bb7acdc-1900-0000-dd4e-3e24c2090000 pid=2498 execve guuid=e96af4dc-1900-0000-dd4e-3e24c4090000 pid=2500 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=e96af4dc-1900-0000-dd4e-3e24c4090000 pid=2500 clone guuid=005781dd-1900-0000-dd4e-3e24c7090000 pid=2503 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=005781dd-1900-0000-dd4e-3e24c7090000 pid=2503 execve guuid=fe9789f2-1900-0000-dd4e-3e24f2090000 pid=2546 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=fe9789f2-1900-0000-dd4e-3e24f2090000 pid=2546 execve guuid=84dedbf2-1900-0000-dd4e-3e24f4090000 pid=2548 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=84dedbf2-1900-0000-dd4e-3e24f4090000 pid=2548 clone guuid=81239ff3-1900-0000-dd4e-3e24f6090000 pid=2550 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=81239ff3-1900-0000-dd4e-3e24f6090000 pid=2550 execve guuid=b0bcf697-1a00-0000-dd4e-3e24380b0000 pid=2872 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=b0bcf697-1a00-0000-dd4e-3e24380b0000 pid=2872 execve guuid=60199298-1a00-0000-dd4e-3e243b0b0000 pid=2875 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=60199298-1a00-0000-dd4e-3e243b0b0000 pid=2875 clone guuid=ea2a299a-1a00-0000-dd4e-3e243f0b0000 pid=2879 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=ea2a299a-1a00-0000-dd4e-3e243f0b0000 pid=2879 execve guuid=e5b2ef26-1b00-0000-dd4e-3e24480c0000 pid=3144 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=e5b2ef26-1b00-0000-dd4e-3e24480c0000 pid=3144 execve guuid=747d3627-1b00-0000-dd4e-3e244a0c0000 pid=3146 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=747d3627-1b00-0000-dd4e-3e244a0c0000 pid=3146 clone guuid=8942d028-1b00-0000-dd4e-3e244f0c0000 pid=3151 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=8942d028-1b00-0000-dd4e-3e244f0c0000 pid=3151 execve guuid=317f6639-1c00-0000-dd4e-3e24eb0d0000 pid=3563 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=317f6639-1c00-0000-dd4e-3e24eb0d0000 pid=3563 execve guuid=e1f7e039-1c00-0000-dd4e-3e24ed0d0000 pid=3565 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=e1f7e039-1c00-0000-dd4e-3e24ed0d0000 pid=3565 clone guuid=d604d43a-1c00-0000-dd4e-3e24f10d0000 pid=3569 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=d604d43a-1c00-0000-dd4e-3e24f10d0000 pid=3569 execve guuid=63b140e6-1c00-0000-dd4e-3e24f40f0000 pid=4084 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=63b140e6-1c00-0000-dd4e-3e24f40f0000 pid=4084 execve guuid=3857a4e6-1c00-0000-dd4e-3e24f60f0000 pid=4086 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=3857a4e6-1c00-0000-dd4e-3e24f60f0000 pid=4086 clone guuid=3e08dee7-1c00-0000-dd4e-3e24fa0f0000 pid=4090 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=3e08dee7-1c00-0000-dd4e-3e24fa0f0000 pid=4090 execve guuid=4b37e517-1d00-0000-dd4e-3e248a100000 pid=4234 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=4b37e517-1d00-0000-dd4e-3e248a100000 pid=4234 execve guuid=e4704a18-1d00-0000-dd4e-3e248c100000 pid=4236 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=e4704a18-1d00-0000-dd4e-3e248c100000 pid=4236 clone guuid=45acfb19-1d00-0000-dd4e-3e2493100000 pid=4243 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=45acfb19-1d00-0000-dd4e-3e2493100000 pid=4243 execve guuid=101ce389-1d00-0000-dd4e-3e2402120000 pid=4610 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=101ce389-1d00-0000-dd4e-3e2402120000 pid=4610 execve guuid=4a994d8a-1d00-0000-dd4e-3e2406120000 pid=4614 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=4a994d8a-1d00-0000-dd4e-3e2406120000 pid=4614 clone guuid=5e11268b-1d00-0000-dd4e-3e240c120000 pid=4620 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=5e11268b-1d00-0000-dd4e-3e240c120000 pid=4620 execve guuid=ab2a7fc8-1d00-0000-dd4e-3e24d4120000 pid=4820 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=ab2a7fc8-1d00-0000-dd4e-3e24d4120000 pid=4820 execve guuid=715dd6c8-1d00-0000-dd4e-3e24d6120000 pid=4822 /usr/bin/dash guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=715dd6c8-1d00-0000-dd4e-3e24d6120000 pid=4822 clone guuid=601f3acb-1d00-0000-dd4e-3e24de120000 pid=4830 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=601f3acb-1d00-0000-dd4e-3e24de120000 pid=4830 execve guuid=972e76e2-1d00-0000-dd4e-3e241c130000 pid=4892 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=972e76e2-1d00-0000-dd4e-3e241c130000 pid=4892 execve guuid=f6f3b1e2-1d00-0000-dd4e-3e241d130000 pid=4893 /home/sandbox/x86 net guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=f6f3b1e2-1d00-0000-dd4e-3e241d130000 pid=4893 execve guuid=789cb1e4-1d00-0000-dd4e-3e242d130000 pid=4909 /usr/bin/wget net send-data write-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=789cb1e4-1d00-0000-dd4e-3e242d130000 pid=4909 execve guuid=f592e0f7-1d00-0000-dd4e-3e246d130000 pid=4973 /usr/bin/chmod guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=f592e0f7-1d00-0000-dd4e-3e246d130000 pid=4973 execve guuid=374b4ef8-1d00-0000-dd4e-3e2470130000 pid=4976 /home/sandbox/x86_64 net guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=374b4ef8-1d00-0000-dd4e-3e2470130000 pid=4976 execve guuid=9cd497fa-1d00-0000-dd4e-3e247d130000 pid=4989 /usr/bin/rm delete-file guuid=d0c399ba-1900-0000-dd4e-3e2479090000 pid=2425->guuid=9cd497fa-1d00-0000-dd4e-3e247d130000 pid=4989 execve 546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe 2.56.122.3:80 guuid=3062ddba-1900-0000-dd4e-3e247b090000 pid=2427->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 128B guuid=bdfa69d1-1900-0000-dd4e-3e24ab090000 pid=2475->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=005781dd-1900-0000-dd4e-3e24c7090000 pid=2503->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=81239ff3-1900-0000-dd4e-3e24f6090000 pid=2550->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=ea2a299a-1a00-0000-dd4e-3e243f0b0000 pid=2879->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=8942d028-1b00-0000-dd4e-3e244f0c0000 pid=3151->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=d604d43a-1c00-0000-dd4e-3e24f10d0000 pid=3569->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 129B guuid=3e08dee7-1c00-0000-dd4e-3e24fa0f0000 pid=4090->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 128B guuid=45acfb19-1d00-0000-dd4e-3e2493100000 pid=4243->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 128B guuid=5e11268b-1d00-0000-dd4e-3e240c120000 pid=4620->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 128B guuid=601f3acb-1d00-0000-dd4e-3e24de120000 pid=4830->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 128B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f6f3b1e2-1d00-0000-dd4e-3e241d130000 pid=4893->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895 /usr/bin/dash guuid=f6f3b1e2-1d00-0000-dd4e-3e241d130000 pid=4893->guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895 execve guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908 /home/sandbox/bin/systemd dns net send-data zombie guuid=f6f3b1e2-1d00-0000-dd4e-3e241d130000 pid=4893->guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908 clone guuid=a92bfae2-1d00-0000-dd4e-3e2420130000 pid=4896 /usr/bin/rm guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895->guuid=a92bfae2-1d00-0000-dd4e-3e2420130000 pid=4896 execve guuid=4adf5be3-1d00-0000-dd4e-3e2423130000 pid=4899 /usr/bin/mkdir guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895->guuid=4adf5be3-1d00-0000-dd4e-3e2423130000 pid=4899 execve guuid=a250dde3-1d00-0000-dd4e-3e2426130000 pid=4902 /usr/bin/mv guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895->guuid=a250dde3-1d00-0000-dd4e-3e2426130000 pid=4902 execve guuid=502278e4-1d00-0000-dd4e-3e2429130000 pid=4905 /usr/bin/chmod zombie guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895->guuid=502278e4-1d00-0000-dd4e-3e2429130000 pid=4905 execve guuid=6a0985e4-1d00-0000-dd4e-3e242b130000 pid=4907 /usr/bin/dash guuid=d2f3c9e2-1d00-0000-dd4e-3e241f130000 pid=4895->guuid=6a0985e4-1d00-0000-dd4e-3e242b130000 pid=4907 clone guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 462B fb431040-bd1b-53e3-953b-942f4864a9fb mientrung.click:4320 guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908->fb431040-bd1b-53e3-953b-942f4864a9fb send: 10B guuid=c085e3e4-1d00-0000-dd4e-3e242f130000 pid=4911 /home/sandbox/bin/systemd guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908->guuid=c085e3e4-1d00-0000-dd4e-3e242f130000 pid=4911 clone guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912 /home/sandbox/bin/systemd net net-scan send-data guuid=693fade4-1d00-0000-dd4e-3e242c130000 pid=4908->guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912 clone 7421081b-4582-57b0-8544-efe7872dcb06 mientrung.click:80 guuid=789cb1e4-1d00-0000-dd4e-3e242d130000 pid=4909->7421081b-4582-57b0-8544-efe7872dcb06 send: 131B guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912|send-data send-data to 4097 IP addresses review logs to see them all guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912->guuid=7fb2e8e4-1d00-0000-dd4e-3e2430130000 pid=4912|send-data send guuid=374b4ef8-1d00-0000-dd4e-3e2470130000 pid=4976->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b4b566f8-1d00-0000-dd4e-3e2471130000 pid=4977 /usr/bin/dash guuid=374b4ef8-1d00-0000-dd4e-3e2470130000 pid=4976->guuid=b4b566f8-1d00-0000-dd4e-3e2471130000 pid=4977 execve guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986 /home/sandbox/x86_64 dns net send-data zombie guuid=374b4ef8-1d00-0000-dd4e-3e2470130000 pid=4976->guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986 clone guuid=114beaf8-1d00-0000-dd4e-3e2473130000 pid=4979 /usr/bin/rm guuid=b4b566f8-1d00-0000-dd4e-3e2471130000 pid=4977->guuid=114beaf8-1d00-0000-dd4e-3e2473130000 pid=4979 execve guuid=7cffa0f9-1d00-0000-dd4e-3e2475130000 pid=4981 /usr/bin/mkdir guuid=b4b566f8-1d00-0000-dd4e-3e2471130000 pid=4977->guuid=7cffa0f9-1d00-0000-dd4e-3e2475130000 pid=4981 execve guuid=3e551afa-1d00-0000-dd4e-3e2478130000 pid=4984 /usr/bin/chmod guuid=b4b566f8-1d00-0000-dd4e-3e2471130000 pid=4977->guuid=3e551afa-1d00-0000-dd4e-3e2478130000 pid=4984 execve guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 528B guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986->fb431040-bd1b-53e3-953b-942f4864a9fb send: 30B guuid=385a95fa-1d00-0000-dd4e-3e247c130000 pid=4988 /home/sandbox/x86_64 guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986->guuid=385a95fa-1d00-0000-dd4e-3e247c130000 pid=4988 clone guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990 /home/sandbox/x86_64 net net-scan send-data guuid=22378efa-1d00-0000-dd4e-3e247a130000 pid=4986->guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990 clone guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con c85f2c2c-d41d-56fd-b430-750c40755279 157.248.90.171:37215 guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990->c85f2c2c-d41d-56fd-b430-750c40755279 send: 40B guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990|send-data send-data to 4097 IP addresses review logs to see them all guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990->guuid=50a099fa-1d00-0000-dd4e-3e247e130000 pid=4990|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-15 19:53:42 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5enmm2ug7l2y6dtl5n4t3gtwrkr5pvlxjh44h5xrkqqlw6vgcqq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251115-z4l9daxpek/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 5f48d6335437d7ac78735f5bc9ecd3b4551ebeabba4fce1fb78aa105dbd530a1

(this sample)

Mirai

elf 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

  
URLhaus
https://urlhaus.abuse.ch/url/3709527/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3709554/
  
Dropping
MD5 e0ecce9a58fa9cd38f425847c1f99734
  
Dropping
SHA256 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

Comments