MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5
SHA3-384 hash: 9b29b4010d09788f32ed67c3f8a1c0f6ecc51453f51c4ccd22aa47c41717ccc5d9618fe01e9fb1d32b7e261ad2d30094
SHA1 hash: 1dd625043addcc8f81587a75848cb44aa6c53293
MD5 hash: 48b3b02f8f83c4af5ca36ded5bb14016
humanhash: red-yellow-wyoming-eight
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:822 bytes
First seen:2025-10-18 17:11:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:VHyhAHvYMHUNIl5pH10LK5H1+OFVH+jMtHWTtjwH/SOZHHSt+HztHYMHAVn:zYhNI7aKH+I8jhT5wlUtECzn
TLSH T1E3015EDF23B160720485CE6460638C4C9924E3D0325BCB6BEDC488BBCDD9A40BA26F69
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.61.131.157/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://72.61.131.157/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://72.61.131.157/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://72.61.131.157/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://72.61.131.157/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://72.61.131.157/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://72.61.131.157/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://72.61.131.157/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://72.61.131.157/systemcl/sh4n/an/an/a
http://72.61.131.157/systemcl/spcn/an/an/a
http://72.61.131.157/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://72.61.131.157/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68f3ca873a79800405ea2083/reports/6f7cc4af-5022-4136-91fe-bdec183776e9/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-18T12:33:00Z UTC
Last seen:
2025-10-19T01:28:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/40500254-ffa2-4c3b-9729-59bd707285df
Behavior Graph:
Download SVG
%3 guuid=75571e81-1800-0000-be10-b87ac0090000 pid=2496 /usr/bin/sudo guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503 /tmp/sample.bin guuid=75571e81-1800-0000-be10-b87ac0090000 pid=2496->guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503 execve guuid=35dc7b83-1800-0000-be10-b87ac8090000 pid=2504 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=35dc7b83-1800-0000-be10-b87ac8090000 pid=2504 execve guuid=c5beecaa-1800-0000-be10-b87a270a0000 pid=2599 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=c5beecaa-1800-0000-be10-b87a270a0000 pid=2599 execve guuid=41462aab-1800-0000-be10-b87a290a0000 pid=2601 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=41462aab-1800-0000-be10-b87a290a0000 pid=2601 clone guuid=e722caab-1800-0000-be10-b87a2c0a0000 pid=2604 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=e722caab-1800-0000-be10-b87a2c0a0000 pid=2604 execve guuid=81fd4cd3-1800-0000-be10-b87a9d0a0000 pid=2717 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=81fd4cd3-1800-0000-be10-b87a9d0a0000 pid=2717 execve guuid=816a97d3-1800-0000-be10-b87a9f0a0000 pid=2719 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=816a97d3-1800-0000-be10-b87a9f0a0000 pid=2719 clone guuid=dc9a3ad4-1800-0000-be10-b87aa20a0000 pid=2722 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=dc9a3ad4-1800-0000-be10-b87aa20a0000 pid=2722 execve guuid=8ab8aa09-1900-0000-be10-b87af70a0000 pid=2807 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=8ab8aa09-1900-0000-be10-b87af70a0000 pid=2807 execve guuid=2ff0140a-1900-0000-be10-b87af80a0000 pid=2808 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=2ff0140a-1900-0000-be10-b87af80a0000 pid=2808 clone guuid=ae80fe0a-1900-0000-be10-b87afa0a0000 pid=2810 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=ae80fe0a-1900-0000-be10-b87afa0a0000 pid=2810 execve guuid=2b7d1d40-1900-0000-be10-b87a740b0000 pid=2932 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=2b7d1d40-1900-0000-be10-b87a740b0000 pid=2932 execve guuid=c036e740-1900-0000-be10-b87a750b0000 pid=2933 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=c036e740-1900-0000-be10-b87a750b0000 pid=2933 clone guuid=48983943-1900-0000-be10-b87a770b0000 pid=2935 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=48983943-1900-0000-be10-b87a770b0000 pid=2935 execve guuid=be9d9578-1900-0000-be10-b87ac50b0000 pid=3013 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=be9d9578-1900-0000-be10-b87ac50b0000 pid=3013 execve guuid=6ca9d578-1900-0000-be10-b87ac60b0000 pid=3014 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=6ca9d578-1900-0000-be10-b87ac60b0000 pid=3014 clone guuid=899a9d79-1900-0000-be10-b87ac90b0000 pid=3017 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=899a9d79-1900-0000-be10-b87ac90b0000 pid=3017 execve guuid=f10220ad-1900-0000-be10-b87a5f0c0000 pid=3167 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=f10220ad-1900-0000-be10-b87a5f0c0000 pid=3167 execve guuid=ea7899ad-1900-0000-be10-b87a600c0000 pid=3168 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=ea7899ad-1900-0000-be10-b87a600c0000 pid=3168 clone guuid=a62aafae-1900-0000-be10-b87a650c0000 pid=3173 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=a62aafae-1900-0000-be10-b87a650c0000 pid=3173 execve guuid=298c2fe2-1900-0000-be10-b87aa50c0000 pid=3237 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=298c2fe2-1900-0000-be10-b87aa50c0000 pid=3237 execve guuid=691f0fe3-1900-0000-be10-b87aa60c0000 pid=3238 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=691f0fe3-1900-0000-be10-b87aa60c0000 pid=3238 clone guuid=356f72e6-1900-0000-be10-b87aa80c0000 pid=3240 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=356f72e6-1900-0000-be10-b87aa80c0000 pid=3240 execve guuid=46f2a70f-1a00-0000-be10-b87ad30c0000 pid=3283 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=46f2a70f-1a00-0000-be10-b87ad30c0000 pid=3283 execve guuid=290def10-1a00-0000-be10-b87ad40c0000 pid=3284 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=290def10-1a00-0000-be10-b87ad40c0000 pid=3284 clone guuid=18ddcd13-1a00-0000-be10-b87ad70c0000 pid=3287 /usr/bin/wget net send-data guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=18ddcd13-1a00-0000-be10-b87ad70c0000 pid=3287 execve guuid=31214b2f-1a00-0000-be10-b87a110d0000 pid=3345 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=31214b2f-1a00-0000-be10-b87a110d0000 pid=3345 execve guuid=7587bd2f-1a00-0000-be10-b87a130d0000 pid=3347 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=7587bd2f-1a00-0000-be10-b87a130d0000 pid=3347 clone guuid=e747cf2f-1a00-0000-be10-b87a140d0000 pid=3348 /usr/bin/wget net send-data guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=e747cf2f-1a00-0000-be10-b87a140d0000 pid=3348 execve guuid=6bb9184d-1a00-0000-be10-b87a330d0000 pid=3379 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=6bb9184d-1a00-0000-be10-b87a330d0000 pid=3379 execve guuid=0b238b4d-1a00-0000-be10-b87a350d0000 pid=3381 /usr/bin/dash guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=0b238b4d-1a00-0000-be10-b87a350d0000 pid=3381 clone guuid=7eceb04d-1a00-0000-be10-b87a360d0000 pid=3382 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=7eceb04d-1a00-0000-be10-b87a360d0000 pid=3382 execve guuid=6d0de575-1a00-0000-be10-b87a730d0000 pid=3443 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=6d0de575-1a00-0000-be10-b87a730d0000 pid=3443 execve guuid=a8a2b676-1a00-0000-be10-b87a750d0000 pid=3445 /home/sandbox/x86 net guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=a8a2b676-1a00-0000-be10-b87a750d0000 pid=3445 execve guuid=7d6f4986-1a00-0000-be10-b87aa50d0000 pid=3493 /usr/bin/wget net send-data write-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=7d6f4986-1a00-0000-be10-b87aa50d0000 pid=3493 execve guuid=381e5cad-1a00-0000-be10-b87ad90d0000 pid=3545 /usr/bin/chmod guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=381e5cad-1a00-0000-be10-b87ad90d0000 pid=3545 execve guuid=b0d1d5ad-1a00-0000-be10-b87ada0d0000 pid=3546 /home/sandbox/x86_64 net guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=b0d1d5ad-1a00-0000-be10-b87ada0d0000 pid=3546 execve guuid=90f38fc2-1a00-0000-be10-b87af80d0000 pid=3576 /usr/bin/rm delete-file guuid=b4484983-1800-0000-be10-b87ac7090000 pid=2503->guuid=90f38fc2-1a00-0000-be10-b87af80d0000 pid=3576 execve 5054920f-d720-5744-a2dc-e9fe3bd1ecc8 72.61.131.157:80 guuid=35dc7b83-1800-0000-be10-b87ac8090000 pid=2504->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 140B guuid=e722caab-1800-0000-be10-b87a2c0a0000 pid=2604->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=dc9a3ad4-1800-0000-be10-b87aa20a0000 pid=2722->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=ae80fe0a-1900-0000-be10-b87afa0a0000 pid=2810->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=48983943-1900-0000-be10-b87a770b0000 pid=2935->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=899a9d79-1900-0000-be10-b87ac90b0000 pid=3017->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=a62aafae-1900-0000-be10-b87a650c0000 pid=3173->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 141B guuid=356f72e6-1900-0000-be10-b87aa80c0000 pid=3240->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 140B guuid=18ddcd13-1a00-0000-be10-b87ad70c0000 pid=3287->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 140B guuid=e747cf2f-1a00-0000-be10-b87a140d0000 pid=3348->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 140B guuid=7eceb04d-1a00-0000-be10-b87a360d0000 pid=3382->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a8a2b676-1a00-0000-be10-b87a750d0000 pid=3445->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3c934086-1a00-0000-be10-b87aa30d0000 pid=3491 /home/sandbox/x86 guuid=a8a2b676-1a00-0000-be10-b87a750d0000 pid=3445->guuid=3c934086-1a00-0000-be10-b87aa30d0000 pid=3491 clone guuid=edf04486-1a00-0000-be10-b87aa40d0000 pid=3492 /home/sandbox/x86 net send-data zombie guuid=a8a2b676-1a00-0000-be10-b87a750d0000 pid=3445->guuid=edf04486-1a00-0000-be10-b87aa40d0000 pid=3492 clone guuid=edf04486-1a00-0000-be10-b87aa40d0000 pid=3492->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=edf04486-1a00-0000-be10-b87aa40d0000 pid=3492->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=7d6f4986-1a00-0000-be10-b87aa50d0000 pid=3493->5054920f-d720-5744-a2dc-e9fe3bd1ecc8 send: 143B guuid=b0d1d5ad-1a00-0000-be10-b87ada0d0000 pid=3546->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4fb97fc2-1a00-0000-be10-b87af60d0000 pid=3574 /home/sandbox/x86_64 guuid=b0d1d5ad-1a00-0000-be10-b87ada0d0000 pid=3546->guuid=4fb97fc2-1a00-0000-be10-b87af60d0000 pid=3574 clone guuid=c66585c2-1a00-0000-be10-b87af70d0000 pid=3575 /home/sandbox/x86_64 net send-data zombie guuid=b0d1d5ad-1a00-0000-be10-b87ada0d0000 pid=3546->guuid=c66585c2-1a00-0000-be10-b87af70d0000 pid=3575 clone guuid=c66585c2-1a00-0000-be10-b87af70d0000 pid=3575->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c66585c2-1a00-0000-be10-b87af70d0000 pid=3575->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-18 17:13:36 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mxbp3bwsd3lh5jqv7qo7ggjmnfri3j3jgetvfh64jlnvzxtdek2q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-vq5fksey7f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 65c2fd86d21ed67ea615fc1df3192c69628da7693127529fdc4adb5cde6322b5

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3681184/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments