MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca
SHA3-384 hash: c7757caf0c2946ecd479be3e22f98e8ad8532015e97a0709363ff42de016267002cb50a51a447c29064e154834d96ea0
SHA1 hash: 053cdf4a6eff20d6290c9f1b50fd7c033df588f4
MD5 hash: d14498f8219367ae5784e18eb0f533a9
humanhash: florida-iowa-nuts-batman
File name:wget1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'129 bytes
First seen:2025-07-03 04:27:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:7UGFUKmUSNI70UqKjUS+USU03U4tmUVU4yU4kvioSUzAozUI5ogUIDoVU6KgGUuO:vdHwd7HRjGV
TLSH T1BD21FBAD21301EB68914DD47F83343E8702EE5CDE6708F5639CF58B98C976807D50B4A
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget
http://185.208.158.140/x86_327cc20c4f63b03aa33b99d2ad360b8b4697616676e3df8e6be4a8f49eb425e345 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
17
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686606eac9eb97473765bda9linux22vpnfull_triage
Tags:
agent miner overt
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ab5faf33-3a40-492b-8a98-704fc452efd4
Behavior Graph:
Download SVG
%3 guuid=7db9cb5e-1900-0000-001f-2ff1550e0000 pid=3669 /usr/bin/sudo guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678 /tmp/sample.bin guuid=7db9cb5e-1900-0000-001f-2ff1550e0000 pid=3669->guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678 execve guuid=41bd4c61-1900-0000-001f-2ff1600e0000 pid=3680 /usr/bin/rm guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=41bd4c61-1900-0000-001f-2ff1600e0000 pid=3680 execve guuid=a3b59061-1900-0000-001f-2ff1620e0000 pid=3682 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=a3b59061-1900-0000-001f-2ff1620e0000 pid=3682 execve guuid=c3ade169-1900-0000-001f-2ff1840e0000 pid=3716 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=c3ade169-1900-0000-001f-2ff1840e0000 pid=3716 execve guuid=984e3c6a-1900-0000-001f-2ff1860e0000 pid=3718 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=984e3c6a-1900-0000-001f-2ff1860e0000 pid=3718 clone guuid=a8075a6b-1900-0000-001f-2ff18d0e0000 pid=3725 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=a8075a6b-1900-0000-001f-2ff18d0e0000 pid=3725 execve guuid=fb2d3872-1900-0000-001f-2ff1a50e0000 pid=3749 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=fb2d3872-1900-0000-001f-2ff1a50e0000 pid=3749 execve guuid=26ed7372-1900-0000-001f-2ff1a70e0000 pid=3751 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=26ed7372-1900-0000-001f-2ff1a70e0000 pid=3751 clone guuid=4a869673-1900-0000-001f-2ff1ac0e0000 pid=3756 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=4a869673-1900-0000-001f-2ff1ac0e0000 pid=3756 execve guuid=34ed727a-1900-0000-001f-2ff1be0e0000 pid=3774 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=34ed727a-1900-0000-001f-2ff1be0e0000 pid=3774 execve guuid=896abf7a-1900-0000-001f-2ff1bf0e0000 pid=3775 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=896abf7a-1900-0000-001f-2ff1bf0e0000 pid=3775 clone guuid=bd22747b-1900-0000-001f-2ff1c60e0000 pid=3782 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=bd22747b-1900-0000-001f-2ff1c60e0000 pid=3782 execve guuid=d3bbf382-1900-0000-001f-2ff1ed0e0000 pid=3821 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=d3bbf382-1900-0000-001f-2ff1ed0e0000 pid=3821 execve guuid=268f5583-1900-0000-001f-2ff1ef0e0000 pid=3823 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=268f5583-1900-0000-001f-2ff1ef0e0000 pid=3823 clone guuid=ededdc83-1900-0000-001f-2ff1f80e0000 pid=3832 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=ededdc83-1900-0000-001f-2ff1f80e0000 pid=3832 execve guuid=64edf38a-1900-0000-001f-2ff1fc0e0000 pid=3836 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=64edf38a-1900-0000-001f-2ff1fc0e0000 pid=3836 execve guuid=b6825d8b-1900-0000-001f-2ff1ff0e0000 pid=3839 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=b6825d8b-1900-0000-001f-2ff1ff0e0000 pid=3839 clone guuid=e4a8808c-1900-0000-001f-2ff1040f0000 pid=3844 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=e4a8808c-1900-0000-001f-2ff1040f0000 pid=3844 execve guuid=73929594-1900-0000-001f-2ff11d0f0000 pid=3869 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=73929594-1900-0000-001f-2ff11d0f0000 pid=3869 execve guuid=34b6fb94-1900-0000-001f-2ff11e0f0000 pid=3870 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=34b6fb94-1900-0000-001f-2ff11e0f0000 pid=3870 clone guuid=207da795-1900-0000-001f-2ff1230f0000 pid=3875 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=207da795-1900-0000-001f-2ff1230f0000 pid=3875 execve guuid=097e4c9c-1900-0000-001f-2ff13d0f0000 pid=3901 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=097e4c9c-1900-0000-001f-2ff13d0f0000 pid=3901 execve guuid=26479b9c-1900-0000-001f-2ff13e0f0000 pid=3902 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=26479b9c-1900-0000-001f-2ff13e0f0000 pid=3902 clone guuid=cd7b559d-1900-0000-001f-2ff1420f0000 pid=3906 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=cd7b559d-1900-0000-001f-2ff1420f0000 pid=3906 execve guuid=7ca54aa4-1900-0000-001f-2ff15a0f0000 pid=3930 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=7ca54aa4-1900-0000-001f-2ff15a0f0000 pid=3930 execve guuid=655fc0a4-1900-0000-001f-2ff15c0f0000 pid=3932 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=655fc0a4-1900-0000-001f-2ff15c0f0000 pid=3932 clone guuid=1f6390a6-1900-0000-001f-2ff1620f0000 pid=3938 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=1f6390a6-1900-0000-001f-2ff1620f0000 pid=3938 execve guuid=b1ad7bad-1900-0000-001f-2ff17f0f0000 pid=3967 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=b1ad7bad-1900-0000-001f-2ff17f0f0000 pid=3967 execve guuid=e37ebbad-1900-0000-001f-2ff1810f0000 pid=3969 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=e37ebbad-1900-0000-001f-2ff1810f0000 pid=3969 clone guuid=84cb3fae-1900-0000-001f-2ff1850f0000 pid=3973 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=84cb3fae-1900-0000-001f-2ff1850f0000 pid=3973 execve guuid=71480fb6-1900-0000-001f-2ff19e0f0000 pid=3998 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=71480fb6-1900-0000-001f-2ff19e0f0000 pid=3998 execve guuid=71ec57b6-1900-0000-001f-2ff1a00f0000 pid=4000 /home/sandbox/x86_64 net guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=71ec57b6-1900-0000-001f-2ff1a00f0000 pid=4000 execve guuid=5bd86eb6-1900-0000-001f-2ff1a20f0000 pid=4002 /usr/bin/wget net send-data write-file guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=5bd86eb6-1900-0000-001f-2ff1a20f0000 pid=4002 execve guuid=044ed2c2-1900-0000-001f-2ff1d90f0000 pid=4057 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=044ed2c2-1900-0000-001f-2ff1d90f0000 pid=4057 execve guuid=8bf80dc3-1900-0000-001f-2ff1db0f0000 pid=4059 /home/sandbox/x86_32 net guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=8bf80dc3-1900-0000-001f-2ff1db0f0000 pid=4059 execve guuid=983629f8-1a00-0000-001f-2ff1ff120000 pid=4863 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=983629f8-1a00-0000-001f-2ff1ff120000 pid=4863 execve guuid=bc035af8-1a00-0000-001f-2ff103130000 pid=4867 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=bc035af8-1a00-0000-001f-2ff103130000 pid=4867 clone guuid=3b1805fb-1a00-0000-001f-2ff10c130000 pid=4876 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=3b1805fb-1a00-0000-001f-2ff10c130000 pid=4876 execve guuid=96dd4efb-1a00-0000-001f-2ff10e130000 pid=4878 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=96dd4efb-1a00-0000-001f-2ff10e130000 pid=4878 clone guuid=d400d8fb-1a00-0000-001f-2ff110130000 pid=4880 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=d400d8fb-1a00-0000-001f-2ff110130000 pid=4880 execve guuid=34423afc-1a00-0000-001f-2ff112130000 pid=4882 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=34423afc-1a00-0000-001f-2ff112130000 pid=4882 clone guuid=68c989fd-1a00-0000-001f-2ff119130000 pid=4889 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=68c989fd-1a00-0000-001f-2ff119130000 pid=4889 execve guuid=ddc988fe-1a00-0000-001f-2ff11f130000 pid=4895 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=ddc988fe-1a00-0000-001f-2ff11f130000 pid=4895 clone guuid=0e909fff-1a00-0000-001f-2ff123130000 pid=4899 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=0e909fff-1a00-0000-001f-2ff123130000 pid=4899 execve guuid=27662500-1b00-0000-001f-2ff126130000 pid=4902 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=27662500-1b00-0000-001f-2ff126130000 pid=4902 clone guuid=ff579401-1b00-0000-001f-2ff12d130000 pid=4909 /usr/bin/chmod guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=ff579401-1b00-0000-001f-2ff12d130000 pid=4909 execve guuid=3d69d001-1b00-0000-001f-2ff12f130000 pid=4911 /usr/bin/dash guuid=17631861-1900-0000-001f-2ff15e0e0000 pid=3678->guuid=3d69d001-1b00-0000-001f-2ff12f130000 pid=4911 clone d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=a3b59061-1900-0000-001f-2ff1620e0000 pid=3682->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=a8075a6b-1900-0000-001f-2ff18d0e0000 pid=3725->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=4a869673-1900-0000-001f-2ff1ac0e0000 pid=3756->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=bd22747b-1900-0000-001f-2ff1c60e0000 pid=3782->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=ededdc83-1900-0000-001f-2ff1f80e0000 pid=3832->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=e4a8808c-1900-0000-001f-2ff1040f0000 pid=3844->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=207da795-1900-0000-001f-2ff1230f0000 pid=3875->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=cd7b559d-1900-0000-001f-2ff1420f0000 pid=3906->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=1f6390a6-1900-0000-001f-2ff1620f0000 pid=3938->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=84cb3fae-1900-0000-001f-2ff1850f0000 pid=3973->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=71ec57b6-1900-0000-001f-2ff1a00f0000 pid=4000->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001 /home/sandbox/x86_64 dns net send-data zombie guuid=71ec57b6-1900-0000-001f-2ff1a00f0000 pid=4000->guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001 clone guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001->41eddc72-81b4-5704-b6ae-07075042401d con guuid=d1f570b6-1900-0000-001f-2ff1a30f0000 pid=4003 /home/sandbox/x86_64 guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001->guuid=d1f570b6-1900-0000-001f-2ff1a30f0000 pid=4003 clone guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004 /home/sandbox/x86_64 net net-scan send-data guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001->guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004 clone guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005 /home/sandbox/x86_64 net net-scan send-data guuid=423469b6-1900-0000-001f-2ff1a10f0000 pid=4001->guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005 clone guuid=5bd86eb6-1900-0000-001f-2ff1a20f0000 pid=4002->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004|send-data send-data to 256 IP addresses review logs to see them all guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004->guuid=b2c775b6-1900-0000-001f-2ff1a40f0000 pid=4004|send-data send guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005|send-data send-data to 512 IP addresses review logs to see them all guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005->guuid=ce1879b6-1900-0000-001f-2ff1a50f0000 pid=4005|send-data send guuid=8bf80dc3-1900-0000-001f-2ff1db0f0000 pid=4059->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 43a95818-0aa8-581a-825a-e5448b5aba94 0.0.0.0:34783 guuid=8bf80dc3-1900-0000-001f-2ff1db0f0000 pid=4059->43a95818-0aa8-581a-825a-e5448b5aba94 con guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861 /home/sandbox/x86_32 dns net send-data zombie guuid=8bf80dc3-1900-0000-001f-2ff1db0f0000 pid=4059->guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861 clone guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861->41eddc72-81b4-5704-b6ae-07075042401d send: 15B guuid=a80c2bf8-1a00-0000-001f-2ff100130000 pid=4864 /home/sandbox/x86_32 guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861->guuid=a80c2bf8-1a00-0000-001f-2ff100130000 pid=4864 clone guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865 /home/sandbox/x86_32 net net-scan send-data guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861->guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865 clone guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866 /home/sandbox/x86_32 net net-scan send-data guuid=59311af8-1a00-0000-001f-2ff1fd120000 pid=4861->guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866 clone guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865|send-data send-data to 4096 IP addresses review logs to see them all guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865->guuid=02d530f8-1a00-0000-001f-2ff101130000 pid=4865|send-data send guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9c674294-b1e8-5e9d-9159-754081ad2030 27.71.59.118:23 guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->9c674294-b1e8-5e9d-9159-754081ad2030 send: 40B 43381ec8-7395-5206-af57-1c53c92aecc8 41.225.109.207:23 guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->43381ec8-7395-5206-af57-1c53c92aecc8 con 599d370c-d402-5493-879a-ae02b4964876 36.41.152.2:23 guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->599d370c-d402-5493-879a-ae02b4964876 con d2b06e83-3984-5536-b2ce-daed134b3982 38.181.131.31:23 guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->d2b06e83-3984-5536-b2ce-daed134b3982 con guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866|send-data send-data to 4097 IP addresses review logs to see them all guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866->guuid=a95336f8-1a00-0000-001f-2ff102130000 pid=4866|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-03 04:28:23 UTC
File Type:
Text (Shell)
AV detection:
14 of 37 (37.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzarxxg4uy2ojfg3uy6ia5ogqcfuquhrrrf2tlgf4s74uwvlpxfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250703-e3ta3sck7w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 66411bdcdca634e494dba63c8075c6808b4850f18c4ba9acc5e4bfca5aab7dca

(this sample)

Mirai

elf 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

  
URLhaus
https://urlhaus.abuse.ch/url/3570298/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d835a1fc048ab94138f0c59cfce85682
  
Dropping
SHA256 3f35e3ec61a286559bbea3816d89e720076dee73f4f4149c93b77ad004608ad0

Comments