MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6
SHA3-384 hash: 1897d55bfefb872750c34d5da78a11c6579ea3a974b58cd25752cf819bce9376ecff98d7eaedf6a92c76a3538c96d267
SHA1 hash: 80c0f34352927a55f79be17b9c2a249ddb12f67d
MD5 hash: 1f9ba9993f9fcb4b0f21cbf32757b8d3
humanhash: pennsylvania-pennsylvania-two-single
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:834 bytes
First seen:2025-09-29 18:21:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:635LhF35CYZ35rNIl5W3540LKG35K+OF6353jMS35ZTtjV35eSOZU35Xtb35YS3p:HYfNI72K7+IwjnT52lgtCOln
TLSH T1C40112DEB73162724D08CF64716B8C449134E2D8B2980F6A7DC91CB3C8D9601323DE79
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://161.97.149.138/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://161.97.149.138/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://161.97.149.138/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://161.97.149.138/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://161.97.149.138/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://161.97.149.138/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://161.97.149.138/systemcl/sh4n/an/aelf ua-wget
http://161.97.149.138/systemcl/spcn/an/aelf ua-wget
http://161.97.149.138/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Mirai32-bit elf mirai Mozi
http://161.97.149.138/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/68dace66c564c8e81d0a3141/reports/ed230967-e5c9-472b-9361-eb689d395c51/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-29T11:35:00Z UTC
Last seen:
2025-09-29T11:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c97654de-115f-4cec-8a4e-b1de18457916
Behavior Graph:
Download SVG
%3 guuid=df225696-1700-0000-e615-f35f8a0c0000 pid=3210 /usr/bin/sudo guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215 /tmp/sample.bin guuid=df225696-1700-0000-e615-f35f8a0c0000 pid=3210->guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215 execve guuid=810ce098-1700-0000-e615-f35f900c0000 pid=3216 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=810ce098-1700-0000-e615-f35f900c0000 pid=3216 execve guuid=15206a9d-1700-0000-e615-f35f970c0000 pid=3223 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=15206a9d-1700-0000-e615-f35f970c0000 pid=3223 execve guuid=d9a0ae9d-1700-0000-e615-f35f980c0000 pid=3224 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=d9a0ae9d-1700-0000-e615-f35f980c0000 pid=3224 clone guuid=538b579e-1700-0000-e615-f35f9a0c0000 pid=3226 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=538b579e-1700-0000-e615-f35f9a0c0000 pid=3226 execve guuid=427d01a1-1700-0000-e615-f35f9b0c0000 pid=3227 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=427d01a1-1700-0000-e615-f35f9b0c0000 pid=3227 execve guuid=f7c984a1-1700-0000-e615-f35f9c0c0000 pid=3228 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=f7c984a1-1700-0000-e615-f35f9c0c0000 pid=3228 clone guuid=46eb2aa2-1700-0000-e615-f35f9e0c0000 pid=3230 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=46eb2aa2-1700-0000-e615-f35f9e0c0000 pid=3230 execve guuid=3fc840a8-1700-0000-e615-f35fa80c0000 pid=3240 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=3fc840a8-1700-0000-e615-f35fa80c0000 pid=3240 execve guuid=5f0ca6a8-1700-0000-e615-f35fab0c0000 pid=3243 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=5f0ca6a8-1700-0000-e615-f35fab0c0000 pid=3243 clone guuid=2ba603aa-1700-0000-e615-f35fb00c0000 pid=3248 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=2ba603aa-1700-0000-e615-f35fb00c0000 pid=3248 execve guuid=39e7c0b3-1700-0000-e615-f35fbb0c0000 pid=3259 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=39e7c0b3-1700-0000-e615-f35fbb0c0000 pid=3259 execve guuid=c9b44bb4-1700-0000-e615-f35fbe0c0000 pid=3262 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=c9b44bb4-1700-0000-e615-f35fbe0c0000 pid=3262 clone guuid=5621b6b5-1700-0000-e615-f35fc40c0000 pid=3268 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=5621b6b5-1700-0000-e615-f35fc40c0000 pid=3268 execve guuid=10ca87c4-1700-0000-e615-f35fcf0c0000 pid=3279 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=10ca87c4-1700-0000-e615-f35fcf0c0000 pid=3279 execve guuid=78eb64c5-1700-0000-e615-f35fd10c0000 pid=3281 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=78eb64c5-1700-0000-e615-f35fd10c0000 pid=3281 clone guuid=b89b4cc7-1700-0000-e615-f35fd60c0000 pid=3286 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=b89b4cc7-1700-0000-e615-f35fd60c0000 pid=3286 execve guuid=149716ca-1700-0000-e615-f35fdd0c0000 pid=3293 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=149716ca-1700-0000-e615-f35fdd0c0000 pid=3293 execve guuid=219850ca-1700-0000-e615-f35fdf0c0000 pid=3295 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=219850ca-1700-0000-e615-f35fdf0c0000 pid=3295 clone guuid=53bfd2ca-1700-0000-e615-f35fe30c0000 pid=3299 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=53bfd2ca-1700-0000-e615-f35fe30c0000 pid=3299 execve guuid=a8a592cd-1700-0000-e615-f35feb0c0000 pid=3307 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=a8a592cd-1700-0000-e615-f35feb0c0000 pid=3307 execve guuid=790f05ce-1700-0000-e615-f35fed0c0000 pid=3309 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=790f05ce-1700-0000-e615-f35fed0c0000 pid=3309 clone guuid=15328ace-1700-0000-e615-f35ff10c0000 pid=3313 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=15328ace-1700-0000-e615-f35ff10c0000 pid=3313 execve guuid=88ceebd0-1700-0000-e615-f35ff60c0000 pid=3318 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=88ceebd0-1700-0000-e615-f35ff60c0000 pid=3318 execve guuid=95af34d1-1700-0000-e615-f35ff70c0000 pid=3319 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=95af34d1-1700-0000-e615-f35ff70c0000 pid=3319 clone guuid=91d0cdd1-1700-0000-e615-f35ff90c0000 pid=3321 /usr/bin/wget net send-data guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=91d0cdd1-1700-0000-e615-f35ff90c0000 pid=3321 execve guuid=256b89d3-1700-0000-e615-f35f000d0000 pid=3328 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=256b89d3-1700-0000-e615-f35f000d0000 pid=3328 execve guuid=e1b8c9d3-1700-0000-e615-f35f010d0000 pid=3329 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=e1b8c9d3-1700-0000-e615-f35f010d0000 pid=3329 clone guuid=4573d1d3-1700-0000-e615-f35f020d0000 pid=3330 /usr/bin/wget net send-data guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=4573d1d3-1700-0000-e615-f35f020d0000 pid=3330 execve guuid=565144d8-1700-0000-e615-f35f100d0000 pid=3344 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=565144d8-1700-0000-e615-f35f100d0000 pid=3344 execve guuid=7e7b7ed8-1700-0000-e615-f35f110d0000 pid=3345 /usr/bin/dash guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=7e7b7ed8-1700-0000-e615-f35f110d0000 pid=3345 clone guuid=01c988d8-1700-0000-e615-f35f120d0000 pid=3346 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=01c988d8-1700-0000-e615-f35f120d0000 pid=3346 execve guuid=f9a63add-1700-0000-e615-f35f190d0000 pid=3353 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=f9a63add-1700-0000-e615-f35f190d0000 pid=3353 execve guuid=9e2c99dd-1700-0000-e615-f35f1a0d0000 pid=3354 /home/sandbox/x86 net guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=9e2c99dd-1700-0000-e615-f35f1a0d0000 pid=3354 execve guuid=ad7dd3ec-1700-0000-e615-f35f320d0000 pid=3378 /usr/bin/wget net send-data write-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=ad7dd3ec-1700-0000-e615-f35f320d0000 pid=3378 execve guuid=66bd3cef-1700-0000-e615-f35f380d0000 pid=3384 /usr/bin/chmod guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=66bd3cef-1700-0000-e615-f35f380d0000 pid=3384 execve guuid=a12696ef-1700-0000-e615-f35f3b0d0000 pid=3387 /home/sandbox/x86_64 net guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=a12696ef-1700-0000-e615-f35f3b0d0000 pid=3387 execve guuid=b01ea0fd-1700-0000-e615-f35f6d0d0000 pid=3437 /usr/bin/rm delete-file guuid=8b956c98-1700-0000-e615-f35f8f0c0000 pid=3215->guuid=b01ea0fd-1700-0000-e615-f35f6d0d0000 pid=3437 execve fc577216-6857-5e80-aeaf-7ca7103e91b9 161.97.149.138:80 guuid=810ce098-1700-0000-e615-f35f900c0000 pid=3216->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=538b579e-1700-0000-e615-f35f9a0c0000 pid=3226->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=46eb2aa2-1700-0000-e615-f35f9e0c0000 pid=3230->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=2ba603aa-1700-0000-e615-f35fb00c0000 pid=3248->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=5621b6b5-1700-0000-e615-f35fc40c0000 pid=3268->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=b89b4cc7-1700-0000-e615-f35fd60c0000 pid=3286->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=53bfd2ca-1700-0000-e615-f35fe30c0000 pid=3299->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 142B guuid=15328ace-1700-0000-e615-f35ff10c0000 pid=3313->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=91d0cdd1-1700-0000-e615-f35ff90c0000 pid=3321->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=4573d1d3-1700-0000-e615-f35f020d0000 pid=3330->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B guuid=01c988d8-1700-0000-e615-f35f120d0000 pid=3346->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9e2c99dd-1700-0000-e615-f35f1a0d0000 pid=3354->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c28992ec-1700-0000-e615-f35f2f0d0000 pid=3375 /home/sandbox/x86 guuid=9e2c99dd-1700-0000-e615-f35f1a0d0000 pid=3354->guuid=c28992ec-1700-0000-e615-f35f2f0d0000 pid=3375 clone guuid=f8c696ec-1700-0000-e615-f35f300d0000 pid=3376 /home/sandbox/x86 net send-data zombie guuid=9e2c99dd-1700-0000-e615-f35f1a0d0000 pid=3354->guuid=f8c696ec-1700-0000-e615-f35f300d0000 pid=3376 clone guuid=f8c696ec-1700-0000-e615-f35f300d0000 pid=3376->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=f8c696ec-1700-0000-e615-f35f300d0000 pid=3376->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=ad7dd3ec-1700-0000-e615-f35f320d0000 pid=3378->fc577216-6857-5e80-aeaf-7ca7103e91b9 send: 144B guuid=a12696ef-1700-0000-e615-f35f3b0d0000 pid=3387->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9dac8efd-1700-0000-e615-f35f6b0d0000 pid=3435 /home/sandbox/x86_64 guuid=a12696ef-1700-0000-e615-f35f3b0d0000 pid=3387->guuid=9dac8efd-1700-0000-e615-f35f6b0d0000 pid=3435 clone guuid=26a593fd-1700-0000-e615-f35f6c0d0000 pid=3436 /home/sandbox/x86_64 net send-data zombie guuid=a12696ef-1700-0000-e615-f35f3b0d0000 pid=3387->guuid=26a593fd-1700-0000-e615-f35f6c0d0000 pid=3436 clone guuid=26a593fd-1700-0000-e615-f35f6c0d0000 pid=3436->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26a593fd-1700-0000-e615-f35f6c0d0000 pid=3436->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-29 17:51:30 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sy4humtkhw7kd2pvvqqorw5lu2hma4gftzhsd34322fuxgux6c3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250929-wz6kns1tdz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 96387a326a3dbea1e9f5ac20e8dbaba68ec070c59e4f21ef9bd68b4b9a97f0b6

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3635182/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments