MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7
SHA3-384 hash: 00f08ffbb1851c7dce3ce169cbcde92b2c9fee906591220f249224a573e3938bd77670b91e3bc94248d20f36f4c88beb
SHA1 hash: b3ef1a2fc0f9fb3cf53edade293c6da9861e2574
MD5 hash: 6f14df205f149bec832281399452d757
humanhash: mango-fruit-football-uniform
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:886 bytes
First seen:2025-07-17 11:11:29 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:gnTYiHnTY34KXHnTYhNIl5THnTYq0LKIXHnfKObHnf2pXHnfoIHnRSTHn0TtNHnC:I5SJKNI7XiKIylpQ2zTtkdjv
TLSH T1F3115ECEA01A1C491B01CF01B47BD833D04FC5C5F37AABA96E75587B81865627364B67
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://xnhauvietnam.vietnamddns.com/armffd1ac6cd888f3ff1f8ca7da9a1dcc46ee15ceb69cb28c9f37b0a3d7d16b2595 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/arm5af5ab0d3fed9b08ff76c5c4773e1896089fa9031fe1879a93804178bc8fcef60 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/arm61c3dee8f94f7f390ee8a44cd3653d941a979af06517f4d9b357aea0062d78e49 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/arm7cd325199314ab1e7f1f1ab5f8fde83411ac00c8094eee90f39f600f7d19035a7 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/m68k10ec0a1a8e43066a360160324439f29b08091f2e110642b8c5d379f0a3b80689 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/mips4430a44edac348dae3c90b6184f8521f66025651e9ae82450fa3737076e37685 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/mpslfe4427fb9ef6132eee5ed120d546a1c63e46dc1c38f2c435595b8820d7e244cc Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/ppceb1c29b30f5dba9fcab84a6632d8b439e58b60224eed2ead55f92984f26da22e Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/sh41359dbe786fd3644254db582b783e71dcd7ef90b8839b4eb0d094ea2e3241470 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/spc0a98663b7491ec8b10c522a104bc1f211e11cad50cf0ee34e106393bb7d85f80 Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/x8686a12b07d23a2e15927d80def524a45ebb505e3b47e331311e4eb594e14b68ff Miraielf mirai ua-wget
http://xnhauvietnam.vietnamddns.com/x86_645667fb49cf9519103ca57dc6ea02815d38a5dd19971e06378d85e5a3ccc894c3 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.2193.17203.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6878daa712460d69545eb58b/reports/f12bb997-8c3b-4b8f-b7e9-f4dccfe7f8ae/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ae5f174b-c1d1-4bb6-8a56-a36ac00a39ca
Behavior Graph:
Download SVG
%3 guuid=feb22a9e-1600-0000-2ef9-6bda730c0000 pid=3187 /usr/bin/sudo guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191 /tmp/sample.bin guuid=feb22a9e-1600-0000-2ef9-6bda730c0000 pid=3187->guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191 execve guuid=e4a9a0a0-1600-0000-2ef9-6bda780c0000 pid=3192 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=e4a9a0a0-1600-0000-2ef9-6bda780c0000 pid=3192 execve guuid=ef98bdec-1600-0000-2ef9-6bdac10c0000 pid=3265 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=ef98bdec-1600-0000-2ef9-6bdac10c0000 pid=3265 execve guuid=942f70ed-1600-0000-2ef9-6bdac20c0000 pid=3266 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=942f70ed-1600-0000-2ef9-6bdac20c0000 pid=3266 clone guuid=8c789fee-1600-0000-2ef9-6bdac40c0000 pid=3268 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=8c789fee-1600-0000-2ef9-6bdac40c0000 pid=3268 execve guuid=57e0821c-1700-0000-2ef9-6bda1d0d0000 pid=3357 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=57e0821c-1700-0000-2ef9-6bda1d0d0000 pid=3357 execve guuid=4466d21c-1700-0000-2ef9-6bda1e0d0000 pid=3358 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=4466d21c-1700-0000-2ef9-6bda1e0d0000 pid=3358 clone guuid=9a12941d-1700-0000-2ef9-6bda220d0000 pid=3362 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=9a12941d-1700-0000-2ef9-6bda220d0000 pid=3362 execve guuid=9b161d67-1700-0000-2ef9-6bda9f0d0000 pid=3487 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=9b161d67-1700-0000-2ef9-6bda9f0d0000 pid=3487 execve guuid=b3719667-1700-0000-2ef9-6bdaa00d0000 pid=3488 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=b3719667-1700-0000-2ef9-6bdaa00d0000 pid=3488 clone guuid=91d59b68-1700-0000-2ef9-6bdaa50d0000 pid=3493 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=91d59b68-1700-0000-2ef9-6bdaa50d0000 pid=3493 execve guuid=3e2438bd-1700-0000-2ef9-6bdaaa0e0000 pid=3754 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=3e2438bd-1700-0000-2ef9-6bdaaa0e0000 pid=3754 execve guuid=93fe82bd-1700-0000-2ef9-6bdaac0e0000 pid=3756 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=93fe82bd-1700-0000-2ef9-6bdaac0e0000 pid=3756 clone guuid=a34ddcbe-1700-0000-2ef9-6bdab20e0000 pid=3762 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=a34ddcbe-1700-0000-2ef9-6bdab20e0000 pid=3762 execve guuid=8462a10b-1800-0000-2ef9-6bdaf40f0000 pid=4084 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=8462a10b-1800-0000-2ef9-6bdaf40f0000 pid=4084 execve guuid=c281f20b-1800-0000-2ef9-6bdaf70f0000 pid=4087 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=c281f20b-1800-0000-2ef9-6bdaf70f0000 pid=4087 clone guuid=406cab0c-1800-0000-2ef9-6bdafc0f0000 pid=4092 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=406cab0c-1800-0000-2ef9-6bdafc0f0000 pid=4092 execve guuid=ab91d557-1800-0000-2ef9-6bdac1100000 pid=4289 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=ab91d557-1800-0000-2ef9-6bdac1100000 pid=4289 execve guuid=dd224958-1800-0000-2ef9-6bdac2100000 pid=4290 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=dd224958-1800-0000-2ef9-6bdac2100000 pid=4290 clone guuid=9f6a3c5a-1800-0000-2ef9-6bdac9100000 pid=4297 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=9f6a3c5a-1800-0000-2ef9-6bdac9100000 pid=4297 execve guuid=81fcaea2-1800-0000-2ef9-6bdaa7110000 pid=4519 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=81fcaea2-1800-0000-2ef9-6bdaa7110000 pid=4519 execve guuid=8cd666a3-1800-0000-2ef9-6bdaa8110000 pid=4520 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=8cd666a3-1800-0000-2ef9-6bdaa8110000 pid=4520 clone guuid=0c8760a4-1800-0000-2ef9-6bdaad110000 pid=4525 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=0c8760a4-1800-0000-2ef9-6bdaad110000 pid=4525 execve guuid=c8f139ef-1800-0000-2ef9-6bdaef120000 pid=4847 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=c8f139ef-1800-0000-2ef9-6bdaef120000 pid=4847 execve guuid=1b9e76ef-1800-0000-2ef9-6bdaf1120000 pid=4849 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=1b9e76ef-1800-0000-2ef9-6bdaf1120000 pid=4849 clone guuid=b29d5ef0-1800-0000-2ef9-6bdaf6120000 pid=4854 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=b29d5ef0-1800-0000-2ef9-6bdaf6120000 pid=4854 execve guuid=b178d538-1900-0000-2ef9-6bda90130000 pid=5008 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=b178d538-1900-0000-2ef9-6bda90130000 pid=5008 execve guuid=02974c39-1900-0000-2ef9-6bda92130000 pid=5010 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=02974c39-1900-0000-2ef9-6bda92130000 pid=5010 clone guuid=855dd63b-1900-0000-2ef9-6bda99130000 pid=5017 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=855dd63b-1900-0000-2ef9-6bda99130000 pid=5017 execve guuid=1b7e3f8c-1900-0000-2ef9-6bda42140000 pid=5186 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=1b7e3f8c-1900-0000-2ef9-6bda42140000 pid=5186 execve guuid=b64a878c-1900-0000-2ef9-6bda43140000 pid=5187 /usr/bin/dash guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=b64a878c-1900-0000-2ef9-6bda43140000 pid=5187 clone guuid=c9732e8d-1900-0000-2ef9-6bda46140000 pid=5190 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=c9732e8d-1900-0000-2ef9-6bda46140000 pid=5190 execve guuid=d2749ad6-1900-0000-2ef9-6bda7f140000 pid=5247 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=d2749ad6-1900-0000-2ef9-6bda7f140000 pid=5247 execve guuid=4018b5d7-1900-0000-2ef9-6bda80140000 pid=5248 /home/sandbox/x86 net guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=4018b5d7-1900-0000-2ef9-6bda80140000 pid=5248 execve guuid=7c673ad8-1900-0000-2ef9-6bda83140000 pid=5251 /usr/bin/wget dns net send-data write-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=7c673ad8-1900-0000-2ef9-6bda83140000 pid=5251 execve guuid=543e3122-1a00-0000-2ef9-6bda8d140000 pid=5261 /usr/bin/chmod guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=543e3122-1a00-0000-2ef9-6bda8d140000 pid=5261 execve guuid=145a7e22-1a00-0000-2ef9-6bda8e140000 pid=5262 /home/sandbox/x86_64 net guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=145a7e22-1a00-0000-2ef9-6bda8e140000 pid=5262 execve guuid=64cfa922-1a00-0000-2ef9-6bda91140000 pid=5265 /usr/bin/rm delete-file guuid=23cb59a0-1600-0000-2ef9-6bda770c0000 pid=3191->guuid=64cfa922-1a00-0000-2ef9-6bda91140000 pid=5265 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=e4a9a0a0-1600-0000-2ef9-6bda780c0000 pid=3192->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B c90bd890-3f0c-5f17-852f-01eb7fdc8e5f xnhauvietnam.vietnamddns.com:80 guuid=e4a9a0a0-1600-0000-2ef9-6bda780c0000 pid=3192->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 146B guuid=8c789fee-1600-0000-2ef9-6bdac40c0000 pid=3268->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=8c789fee-1600-0000-2ef9-6bdac40c0000 pid=3268->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=9a12941d-1700-0000-2ef9-6bda220d0000 pid=3362->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=9a12941d-1700-0000-2ef9-6bda220d0000 pid=3362->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=91d59b68-1700-0000-2ef9-6bdaa50d0000 pid=3493->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=91d59b68-1700-0000-2ef9-6bdaa50d0000 pid=3493->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=a34ddcbe-1700-0000-2ef9-6bdab20e0000 pid=3762->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=a34ddcbe-1700-0000-2ef9-6bdab20e0000 pid=3762->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=406cab0c-1800-0000-2ef9-6bdafc0f0000 pid=4092->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=406cab0c-1800-0000-2ef9-6bdafc0f0000 pid=4092->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=9f6a3c5a-1800-0000-2ef9-6bdac9100000 pid=4297->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=9f6a3c5a-1800-0000-2ef9-6bdac9100000 pid=4297->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 147B guuid=0c8760a4-1800-0000-2ef9-6bdaad110000 pid=4525->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=0c8760a4-1800-0000-2ef9-6bdaad110000 pid=4525->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 146B guuid=b29d5ef0-1800-0000-2ef9-6bdaf6120000 pid=4854->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=b29d5ef0-1800-0000-2ef9-6bdaf6120000 pid=4854->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 146B guuid=855dd63b-1900-0000-2ef9-6bda99130000 pid=5017->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=855dd63b-1900-0000-2ef9-6bda99130000 pid=5017->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 146B guuid=c9732e8d-1900-0000-2ef9-6bda46140000 pid=5190->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=c9732e8d-1900-0000-2ef9-6bda46140000 pid=5190->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 146B e22a25d0-6c98-5792-9e9c-b205c3cd098e 46.3.112.9:53 guuid=4018b5d7-1900-0000-2ef9-6bda80140000 pid=5248->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249 /home/sandbox/x86 dns net send-data zombie guuid=4018b5d7-1900-0000-2ef9-6bda80140000 pid=5248->guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249 clone guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249->e22a25d0-6c98-5792-9e9c-b205c3cd098e con 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B fb9ff12a-016f-5998-9739-6ce89e7b4626 cskcncsus.vietnamddns.com:55555 guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249->fb9ff12a-016f-5998-9739-6ce89e7b4626 send: 9B guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250 /home/sandbox/x86 guuid=8dc117d8-1900-0000-2ef9-6bda81140000 pid=5249->guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250 clone guuid=4a0f45d8-1900-0000-2ef9-6bda84140000 pid=5252 /home/sandbox/x86 guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250->guuid=4a0f45d8-1900-0000-2ef9-6bda84140000 pid=5252 clone guuid=4dd19259-1d00-0000-2ef9-6bdaba140000 pid=5306 /home/sandbox/x86 guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250->guuid=4dd19259-1d00-0000-2ef9-6bdaba140000 pid=5306 clone guuid=d1d4b8da-2000-0000-2ef9-6bdabc140000 pid=5308 /home/sandbox/x86 guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250->guuid=d1d4b8da-2000-0000-2ef9-6bdabc140000 pid=5308 clone guuid=9dd3895c-2400-0000-2ef9-6bdabe140000 pid=5310 /home/sandbox/x86 guuid=e1ce35d8-1900-0000-2ef9-6bda82140000 pid=5250->guuid=9dd3895c-2400-0000-2ef9-6bdabe140000 pid=5310 clone guuid=7c673ad8-1900-0000-2ef9-6bda83140000 pid=5251->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 92B guuid=7c673ad8-1900-0000-2ef9-6bda83140000 pid=5251->c90bd890-3f0c-5f17-852f-01eb7fdc8e5f send: 149B guuid=145a7e22-1a00-0000-2ef9-6bda8e140000 pid=5262->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263 /home/sandbox/x86_64 dns net send-data zombie guuid=145a7e22-1a00-0000-2ef9-6bda8e140000 pid=5262->guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263 clone guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263->e22a25d0-6c98-5792-9e9c-b205c3cd098e con guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 43B guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263->fb9ff12a-016f-5998-9739-6ce89e7b4626 send: 9B guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264 /home/sandbox/x86_64 guuid=a2a69b22-1a00-0000-2ef9-6bda8f140000 pid=5263->guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264 clone guuid=2d69ac22-1a00-0000-2ef9-6bda92140000 pid=5266 /home/sandbox/x86_64 guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264->guuid=2d69ac22-1a00-0000-2ef9-6bda92140000 pid=5266 clone guuid=668b55a1-1d00-0000-2ef9-6bdabb140000 pid=5307 /home/sandbox/x86_64 guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264->guuid=668b55a1-1d00-0000-2ef9-6bdabb140000 pid=5307 clone guuid=ce941a20-2100-0000-2ef9-6bdabd140000 pid=5309 /home/sandbox/x86_64 guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264->guuid=ce941a20-2100-0000-2ef9-6bdabd140000 pid=5309 clone guuid=ee82929e-2400-0000-2ef9-6bdac6140000 pid=5318 /home/sandbox/x86_64 guuid=c349a422-1a00-0000-2ef9-6bda90140000 pid=5264->guuid=ee82929e-2400-0000-2ef9-6bdac6140000 pid=5318 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7/
Verdict:
Malicious
Threat:
Linux.Worm.Mirai
Link:
https://tip.neiki.dev/file/6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-07-17 08:49:15 UTC
File Type:
Text (Shell)
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=maipnpz6agvc5nvmudu2wm5chcvmqabxbyxsigzmgkhvqvgpmllq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250717-na1n5axms5/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6010f6bf3e01aa2eb6aca0e9ab33a238aac800370e2f241b2c328f5854cf62d7

(this sample)

Mirai

elf ffd1ac6cd888f3ff1f8ca7da9a1dcc46ee15ceb69cb28c9f37b0a3d7d16b2595

  
Dropping
MD5 3d0f2de3027993c5de0ad03256b7c2b5
  
Dropping
SHA256 ffd1ac6cd888f3ff1f8ca7da9a1dcc46ee15ceb69cb28c9f37b0a3d7d16b2595
  
URLhaus
https://urlhaus.abuse.ch/url/3584888/
  
Delivery method
Distributed via web download

Comments