MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64
SHA3-384 hash: 15273a4dd3c728c07f2e4a81fcfb5b95ff70f65e536f12db32de1698ce953d3f1ff0417b7a95113f220ee52b6bf39f62
SHA1 hash: cfd831b2faec3dcb74c302061afc2e281ae67ed4
MD5 hash: ea4676fca912575a2be28d7954eec1bf
humanhash: jersey-william-connecticut-alanine
File name:wget1.sh
Download: download sample
File size:1'042 bytes
First seen:2025-06-26 22:46:47 UTC
Last seen:2025-07-10 12:52:17 UTC
File type: sh
MIME type:text/plain
ssdeep 24:EURUKJUSNI7PUqKOUSBU9U0qU4tJUAU41oSUNozUIYogUIGoVU6KvGUuQtU6:fm5qiElg
TLSH T12F1150AA286135E64E355E47F4334364B02E96CDEA208F04A98F58BECCD67003914B49
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
94
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685dd22132ed47a3a8d7ab7c
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/685dce43d1f1eb5d81c7b32a/reports/62365e47-e7ff-4745-983a-18bcdd42b01c/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/724aab95-e18c-4fcb-ac4a-fa69a901d0b3
Behavior Graph:
Download SVG
%3 guuid=7f034b39-1f00-0000-2174-83210e0c0000 pid=3086 /usr/bin/sudo guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091 /tmp/sample.bin guuid=7f034b39-1f00-0000-2174-83210e0c0000 pid=3086->guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091 execve guuid=7b966f3b-1f00-0000-2174-8321140c0000 pid=3092 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=7b966f3b-1f00-0000-2174-8321140c0000 pid=3092 execve guuid=c4194343-1f00-0000-2174-8321240c0000 pid=3108 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=c4194343-1f00-0000-2174-8321240c0000 pid=3108 execve guuid=22f88043-1f00-0000-2174-8321260c0000 pid=3110 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=22f88043-1f00-0000-2174-8321260c0000 pid=3110 clone guuid=3217d644-1f00-0000-2174-83212b0c0000 pid=3115 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=3217d644-1f00-0000-2174-83212b0c0000 pid=3115 execve guuid=d9a1c44b-1f00-0000-2174-8321390c0000 pid=3129 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=d9a1c44b-1f00-0000-2174-8321390c0000 pid=3129 execve guuid=604d094c-1f00-0000-2174-83213a0c0000 pid=3130 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=604d094c-1f00-0000-2174-83213a0c0000 pid=3130 clone guuid=62a3814c-1f00-0000-2174-83213e0c0000 pid=3134 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=62a3814c-1f00-0000-2174-83213e0c0000 pid=3134 execve guuid=43ae0e53-1f00-0000-2174-83214d0c0000 pid=3149 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=43ae0e53-1f00-0000-2174-83214d0c0000 pid=3149 execve guuid=8e506d53-1f00-0000-2174-83214f0c0000 pid=3151 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=8e506d53-1f00-0000-2174-83214f0c0000 pid=3151 clone guuid=416c2654-1f00-0000-2174-8321520c0000 pid=3154 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=416c2654-1f00-0000-2174-8321520c0000 pid=3154 execve guuid=375cdb5d-1f00-0000-2174-83215e0c0000 pid=3166 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=375cdb5d-1f00-0000-2174-83215e0c0000 pid=3166 execve guuid=d2da515e-1f00-0000-2174-8321600c0000 pid=3168 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=d2da515e-1f00-0000-2174-8321600c0000 pid=3168 clone guuid=5c882a5f-1f00-0000-2174-8321640c0000 pid=3172 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=5c882a5f-1f00-0000-2174-8321640c0000 pid=3172 execve guuid=ed52f368-1f00-0000-2174-83216f0c0000 pid=3183 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=ed52f368-1f00-0000-2174-83216f0c0000 pid=3183 execve guuid=0d449969-1f00-0000-2174-8321700c0000 pid=3184 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=0d449969-1f00-0000-2174-8321700c0000 pid=3184 clone guuid=99c2a46a-1f00-0000-2174-8321720c0000 pid=3186 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=99c2a46a-1f00-0000-2174-8321720c0000 pid=3186 execve guuid=b1d11a74-1f00-0000-2174-8321730c0000 pid=3187 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=b1d11a74-1f00-0000-2174-8321730c0000 pid=3187 execve guuid=67107974-1f00-0000-2174-8321750c0000 pid=3189 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=67107974-1f00-0000-2174-8321750c0000 pid=3189 clone guuid=4bd44a75-1f00-0000-2174-8321770c0000 pid=3191 /usr/bin/wget net send-data guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=4bd44a75-1f00-0000-2174-8321770c0000 pid=3191 execve guuid=660aa979-1f00-0000-2174-8321830c0000 pid=3203 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=660aa979-1f00-0000-2174-8321830c0000 pid=3203 execve guuid=e53ef879-1f00-0000-2174-8321840c0000 pid=3204 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=e53ef879-1f00-0000-2174-8321840c0000 pid=3204 clone guuid=6cba0a7a-1f00-0000-2174-8321860c0000 pid=3206 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=6cba0a7a-1f00-0000-2174-8321860c0000 pid=3206 execve guuid=6145bc80-1f00-0000-2174-8321930c0000 pid=3219 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=6145bc80-1f00-0000-2174-8321930c0000 pid=3219 execve guuid=538f1281-1f00-0000-2174-8321940c0000 pid=3220 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=538f1281-1f00-0000-2174-8321940c0000 pid=3220 clone guuid=e298b981-1f00-0000-2174-8321960c0000 pid=3222 /usr/bin/wget net send-data guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=e298b981-1f00-0000-2174-8321960c0000 pid=3222 execve guuid=a89fa585-1f00-0000-2174-83219d0c0000 pid=3229 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=a89fa585-1f00-0000-2174-83219d0c0000 pid=3229 execve guuid=bc2def85-1f00-0000-2174-8321a00c0000 pid=3232 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=bc2def85-1f00-0000-2174-8321a00c0000 pid=3232 clone guuid=7f4cfa85-1f00-0000-2174-8321a10c0000 pid=3233 /usr/bin/wget net send-data write-file guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=7f4cfa85-1f00-0000-2174-8321a10c0000 pid=3233 execve guuid=cc140a8d-1f00-0000-2174-8321a50c0000 pid=3237 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=cc140a8d-1f00-0000-2174-8321a50c0000 pid=3237 execve guuid=657b5d8d-1f00-0000-2174-8321a60c0000 pid=3238 /home/sandbox/x86_64 net guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=657b5d8d-1f00-0000-2174-8321a60c0000 pid=3238 execve guuid=b802858d-1f00-0000-2174-8321aa0c0000 pid=3242 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=b802858d-1f00-0000-2174-8321aa0c0000 pid=3242 execve guuid=17da8e8e-1f00-0000-2174-8321ac0c0000 pid=3244 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=17da8e8e-1f00-0000-2174-8321ac0c0000 pid=3244 clone guuid=bb562590-1f00-0000-2174-8321ae0c0000 pid=3246 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=bb562590-1f00-0000-2174-8321ae0c0000 pid=3246 execve guuid=9a60b390-1f00-0000-2174-8321af0c0000 pid=3247 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=9a60b390-1f00-0000-2174-8321af0c0000 pid=3247 clone guuid=17a47b91-1f00-0000-2174-8321b10c0000 pid=3249 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=17a47b91-1f00-0000-2174-8321b10c0000 pid=3249 execve guuid=835ad491-1f00-0000-2174-8321b20c0000 pid=3250 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=835ad491-1f00-0000-2174-8321b20c0000 pid=3250 clone guuid=77b6a092-1f00-0000-2174-8321b40c0000 pid=3252 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=77b6a092-1f00-0000-2174-8321b40c0000 pid=3252 execve guuid=20c3d792-1f00-0000-2174-8321b50c0000 pid=3253 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=20c3d792-1f00-0000-2174-8321b50c0000 pid=3253 clone guuid=550c7093-1f00-0000-2174-8321b70c0000 pid=3255 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=550c7093-1f00-0000-2174-8321b70c0000 pid=3255 execve guuid=0238c793-1f00-0000-2174-8321b80c0000 pid=3256 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=0238c793-1f00-0000-2174-8321b80c0000 pid=3256 clone guuid=4d380095-1f00-0000-2174-8321ba0c0000 pid=3258 /usr/bin/chmod guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=4d380095-1f00-0000-2174-8321ba0c0000 pid=3258 execve guuid=f9606095-1f00-0000-2174-8321bb0c0000 pid=3259 /usr/bin/dash guuid=0fd72e3b-1f00-0000-2174-8321130c0000 pid=3091->guuid=f9606095-1f00-0000-2174-8321bb0c0000 pid=3259 clone d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=7b966f3b-1f00-0000-2174-8321140c0000 pid=3092->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=3217d644-1f00-0000-2174-83212b0c0000 pid=3115->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=62a3814c-1f00-0000-2174-83213e0c0000 pid=3134->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=416c2654-1f00-0000-2174-8321520c0000 pid=3154->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=5c882a5f-1f00-0000-2174-8321640c0000 pid=3172->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=99c2a46a-1f00-0000-2174-8321720c0000 pid=3186->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=4bd44a75-1f00-0000-2174-8321770c0000 pid=3191->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=6cba0a7a-1f00-0000-2174-8321860c0000 pid=3206->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=e298b981-1f00-0000-2174-8321960c0000 pid=3222->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=7f4cfa85-1f00-0000-2174-8321a10c0000 pid=3233->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=657b5d8d-1f00-0000-2174-8321a60c0000 pid=3238->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239 /home/sandbox/x86_64 dns net send-data zombie guuid=657b5d8d-1f00-0000-2174-8321a60c0000 pid=3238->guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239 clone guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239->41eddc72-81b4-5704-b6ae-07075042401d send: 14B guuid=ac3b808d-1f00-0000-2174-8321a80c0000 pid=3240 /home/sandbox/x86_64 guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239->guuid=ac3b808d-1f00-0000-2174-8321a80c0000 pid=3240 clone guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241 /home/sandbox/x86_64 net net-scan send-data guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239->guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241 clone guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243 /home/sandbox/x86_64 net net-scan send-data guuid=81d9748d-1f00-0000-2174-8321a70c0000 pid=3239->guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243 clone guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241|send-data send-data to 4097 IP addresses review logs to see them all guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241->guuid=faa0828d-1f00-0000-2174-8321a90c0000 pid=3241|send-data send guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243|send-data send-data to 4097 IP addresses review logs to see them all guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243->guuid=bf7d858d-1f00-0000-2174-8321ab0c0000 pid=3243|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 22:49:26 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l54q7biekzv7ysam6jdo7zbwhcyf4tkzzo3hjx5vhu6m4oazhvsa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-2rc62scq9y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5f790f8504566bfc480cf246efe43638b05e4d59cbb674dfb53d3cce38193d64

(this sample)

19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84

  
URLhaus
https://urlhaus.abuse.ch/url/3570298/
  
Delivery method
Distributed via web download
  
Dropping
MD5 357b1387f396bfcc83dde25158b6ce8b
  
Dropping
SHA256 19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84

Comments