MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b
SHA3-384 hash: 45f79eda47da698937abfbc7f5de18a503a4097030cfa4f0638a2fae68df1271ebf7aad72a9a5949152addaa68fa7204
SHA1 hash: 371293ac25141f6ce8c7faf7706ff5e17bbb04f2
MD5 hash: fc9c0e00ea0ec504959dd0b2ac9f86f9
humanhash: blue-rugby-mike-montana
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:907 bytes
First seen:2025-10-19 06:36:31 UTC
Last seen:2025-10-20 06:05:36 UTC
File type: sh
MIME type:text/plain
ssdeep 24:35V5CYEe5rNI785LKM5K+H53jF5ZTd5elA5Xtp5YA5RL5fR:3HgYLs8BhZHxJfd1t6Arj
TLSH T14D11EFFF6A6161634640CD656065D8B8D0269DC431400F6E5C8D0CB2E5D7F34B7B7E6D
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://69.62.73.46/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://69.62.73.46/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://69.62.73.46/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://69.62.73.46/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://69.62.73.46/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://69.62.73.46/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://69.62.73.46/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://69.62.73.46/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://69.62.73.46/systemcl/sh4n/an/an/a
http://69.62.73.46/systemcl/spcn/an/an/a
http://69.62.73.46/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://69.62.73.46/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68f4872f3a79800405eaa7cd/reports/b65fea89-1dba-434a-8b64-1f75877f0cfd/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8276fe79-703f-47fb-ac22-7394b0d4aa93
Behavior Graph:
Download SVG
%3 guuid=227a46e3-1700-0000-a6c0-0af1810c0000 pid=3201 /usr/bin/sudo guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203 /tmp/sample.bin guuid=227a46e3-1700-0000-a6c0-0af1810c0000 pid=3201->guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203 execve guuid=15be7ce7-1700-0000-a6c0-0af1840c0000 pid=3204 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=15be7ce7-1700-0000-a6c0-0af1840c0000 pid=3204 execve guuid=266e6c00-1800-0000-a6c0-0af1a00c0000 pid=3232 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=266e6c00-1800-0000-a6c0-0af1a00c0000 pid=3232 execve guuid=96fda500-1800-0000-a6c0-0af1a10c0000 pid=3233 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=96fda500-1800-0000-a6c0-0af1a10c0000 pid=3233 clone guuid=71a55f01-1800-0000-a6c0-0af1a40c0000 pid=3236 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=71a55f01-1800-0000-a6c0-0af1a40c0000 pid=3236 execve guuid=09d8ea19-1800-0000-a6c0-0af1c80c0000 pid=3272 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=09d8ea19-1800-0000-a6c0-0af1c80c0000 pid=3272 execve guuid=9d99621a-1800-0000-a6c0-0af1ca0c0000 pid=3274 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=9d99621a-1800-0000-a6c0-0af1ca0c0000 pid=3274 clone guuid=18bb711b-1800-0000-a6c0-0af1ce0c0000 pid=3278 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=18bb711b-1800-0000-a6c0-0af1ce0c0000 pid=3278 execve guuid=deb23d35-1800-0000-a6c0-0af1f80c0000 pid=3320 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=deb23d35-1800-0000-a6c0-0af1f80c0000 pid=3320 execve guuid=1511c535-1800-0000-a6c0-0af1fb0c0000 pid=3323 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=1511c535-1800-0000-a6c0-0af1fb0c0000 pid=3323 clone guuid=ab928336-1800-0000-a6c0-0af1ff0c0000 pid=3327 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=ab928336-1800-0000-a6c0-0af1ff0c0000 pid=3327 execve guuid=9f519957-1800-0000-a6c0-0af12c0d0000 pid=3372 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=9f519957-1800-0000-a6c0-0af12c0d0000 pid=3372 execve guuid=14601d58-1800-0000-a6c0-0af12e0d0000 pid=3374 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=14601d58-1800-0000-a6c0-0af12e0d0000 pid=3374 clone guuid=03f00c59-1800-0000-a6c0-0af1310d0000 pid=3377 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=03f00c59-1800-0000-a6c0-0af1310d0000 pid=3377 execve guuid=4c3d3f7b-1800-0000-a6c0-0af17a0d0000 pid=3450 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=4c3d3f7b-1800-0000-a6c0-0af17a0d0000 pid=3450 execve guuid=319b827b-1800-0000-a6c0-0af17c0d0000 pid=3452 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=319b827b-1800-0000-a6c0-0af17c0d0000 pid=3452 clone guuid=07bf207c-1800-0000-a6c0-0af1810d0000 pid=3457 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=07bf207c-1800-0000-a6c0-0af1810d0000 pid=3457 execve guuid=8e2eb894-1800-0000-a6c0-0af1b90d0000 pid=3513 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=8e2eb894-1800-0000-a6c0-0af1b90d0000 pid=3513 execve guuid=62813895-1800-0000-a6c0-0af1ba0d0000 pid=3514 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=62813895-1800-0000-a6c0-0af1ba0d0000 pid=3514 clone guuid=f5e6d295-1800-0000-a6c0-0af1bd0d0000 pid=3517 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=f5e6d295-1800-0000-a6c0-0af1bd0d0000 pid=3517 execve guuid=df0068b4-1800-0000-a6c0-0af1ed0d0000 pid=3565 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=df0068b4-1800-0000-a6c0-0af1ed0d0000 pid=3565 execve guuid=eea0e9b4-1800-0000-a6c0-0af1ee0d0000 pid=3566 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=eea0e9b4-1800-0000-a6c0-0af1ee0d0000 pid=3566 clone guuid=f3a943b6-1800-0000-a6c0-0af1f30d0000 pid=3571 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=f3a943b6-1800-0000-a6c0-0af1f30d0000 pid=3571 execve guuid=ce46d7d0-1800-0000-a6c0-0af11d0e0000 pid=3613 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=ce46d7d0-1800-0000-a6c0-0af11d0e0000 pid=3613 execve guuid=29494ed1-1800-0000-a6c0-0af11e0e0000 pid=3614 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=29494ed1-1800-0000-a6c0-0af11e0e0000 pid=3614 clone guuid=2f1c12d3-1800-0000-a6c0-0af1220e0000 pid=3618 /usr/bin/busybox net send-data guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=2f1c12d3-1800-0000-a6c0-0af1220e0000 pid=3618 execve guuid=2412d0e2-1800-0000-a6c0-0af1410e0000 pid=3649 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=2412d0e2-1800-0000-a6c0-0af1410e0000 pid=3649 execve guuid=977f42e3-1800-0000-a6c0-0af1430e0000 pid=3651 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=977f42e3-1800-0000-a6c0-0af1430e0000 pid=3651 clone guuid=0c1357e3-1800-0000-a6c0-0af1440e0000 pid=3652 /usr/bin/busybox net send-data guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=0c1357e3-1800-0000-a6c0-0af1440e0000 pid=3652 execve guuid=db6354f4-1800-0000-a6c0-0af1530e0000 pid=3667 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=db6354f4-1800-0000-a6c0-0af1530e0000 pid=3667 execve guuid=61a3c4f4-1800-0000-a6c0-0af1550e0000 pid=3669 /usr/bin/dash guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=61a3c4f4-1800-0000-a6c0-0af1550e0000 pid=3669 clone guuid=f804d5f4-1800-0000-a6c0-0af1560e0000 pid=3670 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=f804d5f4-1800-0000-a6c0-0af1560e0000 pid=3670 execve guuid=c637320c-1900-0000-a6c0-0af1750e0000 pid=3701 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=c637320c-1900-0000-a6c0-0af1750e0000 pid=3701 execve guuid=4ae5a40c-1900-0000-a6c0-0af1760e0000 pid=3702 /home/sandbox/x86 net guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=4ae5a40c-1900-0000-a6c0-0af1760e0000 pid=3702 execve guuid=f1c6d91b-1900-0000-a6c0-0af1af0e0000 pid=3759 /usr/bin/busybox net send-data write-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=f1c6d91b-1900-0000-a6c0-0af1af0e0000 pid=3759 execve guuid=4103c334-1900-0000-a6c0-0af1f40e0000 pid=3828 /usr/bin/chmod guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=4103c334-1900-0000-a6c0-0af1f40e0000 pid=3828 execve guuid=b8dbbc35-1900-0000-a6c0-0af1f70e0000 pid=3831 /home/sandbox/x86_64 net guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=b8dbbc35-1900-0000-a6c0-0af1f70e0000 pid=3831 execve guuid=c62b8f48-1900-0000-a6c0-0af12c0f0000 pid=3884 /usr/bin/rm delete-file guuid=6c7514e7-1700-0000-a6c0-0af1830c0000 pid=3203->guuid=c62b8f48-1900-0000-a6c0-0af12c0f0000 pid=3884 execve 87bad38a-efa4-5b06-b53e-6a99f18d0666 69.62.73.46:80 guuid=15be7ce7-1700-0000-a6c0-0af1840c0000 pid=3204->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 86B guuid=71a55f01-1800-0000-a6c0-0af1a40c0000 pid=3236->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=18bb711b-1800-0000-a6c0-0af1ce0c0000 pid=3278->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=ab928336-1800-0000-a6c0-0af1ff0c0000 pid=3327->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=03f00c59-1800-0000-a6c0-0af1310d0000 pid=3377->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=07bf207c-1800-0000-a6c0-0af1810d0000 pid=3457->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=f5e6d295-1800-0000-a6c0-0af1bd0d0000 pid=3517->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 87B guuid=f3a943b6-1800-0000-a6c0-0af1f30d0000 pid=3571->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 86B guuid=2f1c12d3-1800-0000-a6c0-0af1220e0000 pid=3618->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 86B guuid=0c1357e3-1800-0000-a6c0-0af1440e0000 pid=3652->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 86B guuid=f804d5f4-1800-0000-a6c0-0af1560e0000 pid=3670->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 86B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4ae5a40c-1900-0000-a6c0-0af1760e0000 pid=3702->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f43ecf1b-1900-0000-a6c0-0af1ac0e0000 pid=3756 /home/sandbox/x86 guuid=4ae5a40c-1900-0000-a6c0-0af1760e0000 pid=3702->guuid=f43ecf1b-1900-0000-a6c0-0af1ac0e0000 pid=3756 clone guuid=a18ad31b-1900-0000-a6c0-0af1ae0e0000 pid=3758 /home/sandbox/x86 net send-data zombie guuid=4ae5a40c-1900-0000-a6c0-0af1760e0000 pid=3702->guuid=a18ad31b-1900-0000-a6c0-0af1ae0e0000 pid=3758 clone guuid=a18ad31b-1900-0000-a6c0-0af1ae0e0000 pid=3758->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=a18ad31b-1900-0000-a6c0-0af1ae0e0000 pid=3758->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=f1c6d91b-1900-0000-a6c0-0af1af0e0000 pid=3759->87bad38a-efa4-5b06-b53e-6a99f18d0666 send: 89B guuid=b8dbbc35-1900-0000-a6c0-0af1f70e0000 pid=3831->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=88358448-1900-0000-a6c0-0af12a0f0000 pid=3882 /home/sandbox/x86_64 guuid=b8dbbc35-1900-0000-a6c0-0af1f70e0000 pid=3831->guuid=88358448-1900-0000-a6c0-0af12a0f0000 pid=3882 clone guuid=c98b8848-1900-0000-a6c0-0af12b0f0000 pid=3883 /home/sandbox/x86_64 net send-data zombie guuid=b8dbbc35-1900-0000-a6c0-0af1f70e0000 pid=3831->guuid=c98b8848-1900-0000-a6c0-0af12b0f0000 pid=3883 clone guuid=c98b8848-1900-0000-a6c0-0af12b0f0000 pid=3883->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c98b8848-1900-0000-a6c0-0af12b0f0000 pid=3883->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-19 06:37:39 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nju27k6my7462rrd7tx7vdq2uuokdudgzkhsdzk7wqwqkkwnhwfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251019-hdsvssep4t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6a69afabccc7f9ed4623fceffa8e1aa51ca1d066ca8f21e55fb42d052acd3d8b

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3681419/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments