MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4
SHA3-384 hash: 165bdf35dabf14bd0cb918f5448647ee08fc4abec3a63476395c1228ecbe718a4b1429c41bede49f2fea1e8ee62b93fb
SHA1 hash: 8425979ada9cb1f3b187c8f329390ed9f002c33f
MD5 hash: dd92073166066dc806a4b9593123816b
humanhash: whiskey-river-floor-july
File name:giga.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'053 bytes
First seen:2025-09-30 05:32:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:A+b+paeY+JNIQR+SvKe+s+k+Y+nj+J+r+tW/+W8v:CdNIAKFb8v
TLSH T11D118BFD002992041A006F14705689396CBBF7FA62B39AF5547FE423A9CB5E07B21E35
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget
http://213.209.143.44/UnHAnaAW.i5863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68db6baa74e5a2898999879a/reports/4e2795bb-16c3-4806-97a2-fc094301be74/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-30T02:52:00Z UTC
Last seen:
2025-09-30T02:52:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.ba HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Mirai.au HEUR:Trojan-Downloader.Shell.Agent.cl HEUR:Exploit.Linux.CVE-2017-17215.a
Link:
https://opentip.kaspersky.com/98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/662df4f8-e477-4028-927d-2f1263e0a18d
Behavior Graph:
Download SVG
%3 guuid=063381db-1600-0000-6d6c-22389f0f0000 pid=3999 /usr/bin/sudo guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009 /tmp/sample.bin guuid=063381db-1600-0000-6d6c-22389f0f0000 pid=3999->guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009 execve guuid=19e58add-1600-0000-6d6c-2238ab0f0000 pid=4011 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=19e58add-1600-0000-6d6c-2238ab0f0000 pid=4011 execve guuid=16c472e7-1600-0000-6d6c-2238dc0f0000 pid=4060 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=16c472e7-1600-0000-6d6c-2238dc0f0000 pid=4060 execve guuid=b1bab8e7-1600-0000-6d6c-2238de0f0000 pid=4062 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=b1bab8e7-1600-0000-6d6c-2238de0f0000 pid=4062 clone guuid=620639e8-1600-0000-6d6c-2238e00f0000 pid=4064 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=620639e8-1600-0000-6d6c-2238e00f0000 pid=4064 execve guuid=348959ec-1600-0000-6d6c-2238ef0f0000 pid=4079 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=348959ec-1600-0000-6d6c-2238ef0f0000 pid=4079 execve guuid=4e5491ec-1600-0000-6d6c-2238f30f0000 pid=4083 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=4e5491ec-1600-0000-6d6c-2238f30f0000 pid=4083 clone guuid=ed6fb7ed-1600-0000-6d6c-2238f90f0000 pid=4089 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=ed6fb7ed-1600-0000-6d6c-2238f90f0000 pid=4089 execve guuid=5e78e8f1-1600-0000-6d6c-223809100000 pid=4105 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=5e78e8f1-1600-0000-6d6c-223809100000 pid=4105 execve guuid=180b1cf2-1600-0000-6d6c-22380b100000 pid=4107 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=180b1cf2-1600-0000-6d6c-22380b100000 pid=4107 clone guuid=b2407bf3-1600-0000-6d6c-223812100000 pid=4114 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=b2407bf3-1600-0000-6d6c-223812100000 pid=4114 execve guuid=707fbafe-1600-0000-6d6c-223844100000 pid=4164 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=707fbafe-1600-0000-6d6c-223844100000 pid=4164 execve guuid=7add14ff-1600-0000-6d6c-223845100000 pid=4165 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=7add14ff-1600-0000-6d6c-223845100000 pid=4165 clone guuid=208cecff-1600-0000-6d6c-223847100000 pid=4167 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=208cecff-1600-0000-6d6c-223847100000 pid=4167 execve guuid=db1e9904-1700-0000-6d6c-223857100000 pid=4183 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=db1e9904-1700-0000-6d6c-223857100000 pid=4183 execve guuid=db601005-1700-0000-6d6c-223859100000 pid=4185 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=db601005-1700-0000-6d6c-223859100000 pid=4185 clone guuid=651abe05-1700-0000-6d6c-22385d100000 pid=4189 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=651abe05-1700-0000-6d6c-22385d100000 pid=4189 execve guuid=4f1cd90e-1700-0000-6d6c-22387c100000 pid=4220 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=4f1cd90e-1700-0000-6d6c-22387c100000 pid=4220 execve guuid=53642b0f-1700-0000-6d6c-22387e100000 pid=4222 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=53642b0f-1700-0000-6d6c-22387e100000 pid=4222 clone guuid=302f3c0f-1700-0000-6d6c-223881100000 pid=4225 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=302f3c0f-1700-0000-6d6c-223881100000 pid=4225 execve guuid=c759d414-1700-0000-6d6c-223892100000 pid=4242 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=c759d414-1700-0000-6d6c-223892100000 pid=4242 execve guuid=0eee2815-1700-0000-6d6c-223896100000 pid=4246 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=0eee2815-1700-0000-6d6c-223896100000 pid=4246 clone guuid=fbf5f315-1700-0000-6d6c-22389b100000 pid=4251 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=fbf5f315-1700-0000-6d6c-22389b100000 pid=4251 execve guuid=f7ac2f1b-1700-0000-6d6c-2238b4100000 pid=4276 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=f7ac2f1b-1700-0000-6d6c-2238b4100000 pid=4276 execve guuid=e70b601b-1700-0000-6d6c-2238b5100000 pid=4277 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=e70b601b-1700-0000-6d6c-2238b5100000 pid=4277 clone guuid=0f81cd1b-1700-0000-6d6c-2238ba100000 pid=4282 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=0f81cd1b-1700-0000-6d6c-2238ba100000 pid=4282 execve guuid=b1e28d24-1700-0000-6d6c-2238e9100000 pid=4329 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=b1e28d24-1700-0000-6d6c-2238e9100000 pid=4329 execve guuid=d6abbe24-1700-0000-6d6c-2238ed100000 pid=4333 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=d6abbe24-1700-0000-6d6c-2238ed100000 pid=4333 clone guuid=aa743925-1700-0000-6d6c-2238f0100000 pid=4336 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=aa743925-1700-0000-6d6c-2238f0100000 pid=4336 execve guuid=e819ff2d-1700-0000-6d6c-223820110000 pid=4384 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=e819ff2d-1700-0000-6d6c-223820110000 pid=4384 execve guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387 /home/sandbox/UnHAnaAW.x86 net guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387 execve guuid=6b0b622e-1700-0000-6d6c-223827110000 pid=4391 /usr/bin/wget net send-data write-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=6b0b622e-1700-0000-6d6c-223827110000 pid=4391 execve guuid=f1767540-1700-0000-6d6c-223890110000 pid=4496 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=f1767540-1700-0000-6d6c-223890110000 pid=4496 execve guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498 /home/sandbox/UnHAnaAW.x86_64 net guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498 execve guuid=d17352ac-1800-0000-6d6c-22389b140000 pid=5275 /usr/bin/wget net guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=d17352ac-1800-0000-6d6c-22389b140000 pid=5275 execve guuid=908d8cb1-1800-0000-6d6c-2238a2140000 pid=5282 /usr/bin/chmod guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=908d8cb1-1800-0000-6d6c-2238a2140000 pid=5282 execve guuid=c5bff3b2-1800-0000-6d6c-2238a3140000 pid=5283 /usr/bin/dash guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=c5bff3b2-1800-0000-6d6c-2238a3140000 pid=5283 clone guuid=9b5125b3-1800-0000-6d6c-2238a4140000 pid=5284 /usr/bin/rm delete-file guuid=61af52dd-1600-0000-6d6c-2238a90f0000 pid=4009->guuid=9b5125b3-1800-0000-6d6c-2238a4140000 pid=5284 execve 9a5bfd7d-6ca1-5e69-b1de-790583636c52 213.209.143.44:80 guuid=19e58add-1600-0000-6d6c-2238ab0f0000 pid=4011->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=620639e8-1600-0000-6d6c-2238e00f0000 pid=4064->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=ed6fb7ed-1600-0000-6d6c-2238f90f0000 pid=4089->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=b2407bf3-1600-0000-6d6c-223812100000 pid=4114->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=208cecff-1600-0000-6d6c-223847100000 pid=4167->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=651abe05-1700-0000-6d6c-22385d100000 pid=4189->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=302f3c0f-1700-0000-6d6c-223881100000 pid=4225->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=fbf5f315-1700-0000-6d6c-22389b100000 pid=4251->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 142B guuid=0f81cd1b-1700-0000-6d6c-2238ba100000 pid=4282->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B guuid=aa743925-1700-0000-6d6c-2238f0100000 pid=4336->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1516562e-1700-0000-6d6c-223824110000 pid=4388 /home/sandbox/UnHAnaAW.x86 guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387->guuid=1516562e-1700-0000-6d6c-223824110000 pid=4388 clone guuid=d828592e-1700-0000-6d6c-223825110000 pid=4389 /home/sandbox/UnHAnaAW.x86 guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387->guuid=d828592e-1700-0000-6d6c-223825110000 pid=4389 clone guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=118a392e-1700-0000-6d6c-223823110000 pid=4387->guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390 clone guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 795831f1-3652-5898-8295-aba18a81ec9e 213.209.143.44:1024 guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->795831f1-3652-5898-8295-aba18a81ec9e send: 9B guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393 clone guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395 clone guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396 clone guuid=c875962e-1700-0000-6d6c-22382d110000 pid=4397 /home/sandbox/UnHAnaAW.x86 guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=c875962e-1700-0000-6d6c-22382d110000 pid=4397 clone guuid=c557992e-1700-0000-6d6c-22382e110000 pid=4398 /home/sandbox/UnHAnaAW.x86 guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=c557992e-1700-0000-6d6c-22382e110000 pid=4398 clone guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=70bc5d2e-1700-0000-6d6c-223826110000 pid=4390->guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399 clone guuid=6b0b622e-1700-0000-6d6c-223827110000 pid=4391->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 144B guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393|send-data send-data to 160 IP addresses review logs to see them all guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393->guuid=b7ba8b2e-1700-0000-6d6c-223829110000 pid=4393|send-data send guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395|send-data send-data to 160 IP addresses review logs to see them all guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395->guuid=cffa8f2e-1700-0000-6d6c-22382b110000 pid=4395|send-data send guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 39408c0d-175c-5615-abd6-59f2242767d0 85.89.161.213:8080 guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396->39408c0d-175c-5615-abd6-59f2242767d0 send: 40B 91ff2e7c-2587-534a-bdf6-0551ff528543 31.200.100.45:8080 guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396->91ff2e7c-2587-534a-bdf6-0551ff528543 send: 356B f61523e9-91ae-5998-bc3b-b0afb69cfcef 94.121.189.3:8080 guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396->f61523e9-91ae-5998-bc3b-b0afb69cfcef send: 356B guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396|send-data send-data to 1024 IP addresses review logs to see them all guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396->guuid=17cd922e-1700-0000-6d6c-22382c110000 pid=4396|send-data send guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399|send-data send-data to 384 IP addresses review logs to see them all guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399->guuid=b1c59d2e-1700-0000-6d6c-22382f110000 pid=4399|send-data send guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=f58d32ac-1800-0000-6d6c-223898140000 pid=5272 /home/sandbox/UnHAnaAW.x86_64 guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498->guuid=f58d32ac-1800-0000-6d6c-223898140000 pid=5272 clone guuid=fb973dac-1800-0000-6d6c-223899140000 pid=5273 /home/sandbox/UnHAnaAW.x86_64 guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498->guuid=fb973dac-1800-0000-6d6c-223899140000 pid=5273 clone guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=b456b040-1700-0000-6d6c-223892110000 pid=4498->guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274 clone guuid=8aa7fcb7-2000-0000-6d6c-2238ce140000 pid=5326 /home/sandbox/UnHAnaAW.x86_64 guuid=f58d32ac-1800-0000-6d6c-223898140000 pid=5272->guuid=8aa7fcb7-2000-0000-6d6c-2238ce140000 pid=5326 clone guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=f58d32ac-1800-0000-6d6c-223898140000 pid=5272->guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327 clone guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->795831f1-3652-5898-8295-aba18a81ec9e send: 13B guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276 clone guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277 clone guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278 clone guuid=80e065ac-1800-0000-6d6c-22389f140000 pid=5279 /home/sandbox/UnHAnaAW.x86_64 net guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=80e065ac-1800-0000-6d6c-22389f140000 pid=5279 clone guuid=3cb26fac-1800-0000-6d6c-2238a0140000 pid=5280 /home/sandbox/UnHAnaAW.x86_64 guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=3cb26fac-1800-0000-6d6c-2238a0140000 pid=5280 clone guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=87b646ac-1800-0000-6d6c-22389a140000 pid=5274->guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281 clone guuid=d17352ac-1800-0000-6d6c-22389b140000 pid=5275->9a5bfd7d-6ca1-5e69-b1de-790583636c52 con guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276|send-data send-data to 4096 IP addresses review logs to see them all guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276->guuid=8b7555ac-1800-0000-6d6c-22389c140000 pid=5276|send-data send guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 419a9ac6-117e-5c86-bc0c-7979290fbdcd 112.137.139.13:80 guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277->419a9ac6-117e-5c86-bc0c-7979290fbdcd con 828d5783-05ea-54e7-956b-da8522500d6d 112.167.148.84:80 guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277->828d5783-05ea-54e7-956b-da8522500d6d con guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277|send-data send-data to 4097 IP addresses review logs to see them all guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277->guuid=068a5aac-1800-0000-6d6c-22389d140000 pid=5277|send-data send guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278|send-data send-data to 4097 IP addresses review logs to see them all guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278->guuid=d5a860ac-1800-0000-6d6c-22389e140000 pid=5278|send-data send guuid=80e065ac-1800-0000-6d6c-22389f140000 pid=5279->795831f1-3652-5898-8295-aba18a81ec9e con guuid=c0ac27ac-2000-0000-6d6c-2238cc140000 pid=5324 /home/sandbox/UnHAnaAW.x86_64 guuid=80e065ac-1800-0000-6d6c-22389f140000 pid=5279->guuid=c0ac27ac-2000-0000-6d6c-2238cc140000 pid=5324 clone guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=80e065ac-1800-0000-6d6c-22389f140000 pid=5279->guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325 clone guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281|send-data send-data to 4097 IP addresses review logs to see them all guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281->guuid=bd1775ac-1800-0000-6d6c-2238a1140000 pid=5281|send-data send guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325|send-data send-data to 4097 IP addresses review logs to see them all guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325->guuid=c7a92cac-2000-0000-6d6c-2238cd140000 pid=5325|send-data send guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->795831f1-3652-5898-8295-aba18a81ec9e con guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328 clone guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329 clone guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330 clone guuid=955280b8-2000-0000-6d6c-2238d3140000 pid=5331 /home/sandbox/UnHAnaAW.x86_64 net guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=955280b8-2000-0000-6d6c-2238d3140000 pid=5331 clone guuid=57bb86b8-2000-0000-6d6c-2238d4140000 pid=5332 /home/sandbox/UnHAnaAW.x86_64 guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=57bb86b8-2000-0000-6d6c-2238d4140000 pid=5332 clone guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=f94301b8-2000-0000-6d6c-2238cf140000 pid=5327->guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333 clone guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328|send-data send-data to 4097 IP addresses review logs to see them all guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328->guuid=f9a711b8-2000-0000-6d6c-2238d0140000 pid=5328|send-data send guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329|send-data send-data to 4097 IP addresses review logs to see them all guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329->guuid=aff41eb8-2000-0000-6d6c-2238d1140000 pid=5329|send-data send guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330|send-data send-data to 4097 IP addresses review logs to see them all guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330->guuid=041675b8-2000-0000-6d6c-2238d2140000 pid=5330|send-data send guuid=955280b8-2000-0000-6d6c-2238d3140000 pid=5331->795831f1-3652-5898-8295-aba18a81ec9e con guuid=9eb95ae3-2100-0000-6d6c-2238d6140000 pid=5334 /home/sandbox/UnHAnaAW.x86_64 guuid=955280b8-2000-0000-6d6c-2238d3140000 pid=5331->guuid=9eb95ae3-2100-0000-6d6c-2238d6140000 pid=5334 clone guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=955280b8-2000-0000-6d6c-2238d3140000 pid=5331->guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335 clone guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333|send-data send-data to 4097 IP addresses review logs to see them all guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333->guuid=168c8fb8-2000-0000-6d6c-2238d5140000 pid=5333|send-data send guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335|send-data send-data to 4097 IP addresses review logs to see them all guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335->guuid=81245ee3-2100-0000-6d6c-2238d7140000 pid=5335|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 05:33:30 UTC
File Type:
Text
AV detection:
20 of 38 (52.63%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tdoxonyof3oqwuj44vkmcbwxovtkhnav6olm5bucumcxjeoiwdka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250930-f821vatry4/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 98dd77370e2edd0b513ce554c106d77566a3b415f396ce8682a3057491c8b0d4

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3635405/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments