MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65
SHA3-384 hash: 65f00beb52ad3886f55d2e3de88a0ad194dd73396d2ee8724a01cd4d5b61d7f2339135bc059e7a5c64c16b4ea894d91b
SHA1 hash: e2d05acd16ca82b519322322fa529303c15cc194
MD5 hash: 4727ef0c7c0c3a6bdc28585d644565e1
humanhash: missouri-freddie-whiskey-ink
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'089 bytes
First seen:2025-10-01 23:04:28 UTC
Last seen:2025-10-05 14:50:35 UTC
File type: sh
MIME type:text/plain
ssdeep 12:3J3HqxHoaLxHWNIQQAxH7vK2HxHtKAxHbHxHVxHg5xHoHxHIcAxHu3AxHJzAUn:3J3BNIeK7N8SuAdn
TLSH T1231112F82065512A2318AB11B06E89396CF7F7E260329DF0907FE42361CB2917722F36
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
2
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68ddb38974e5a289899d21b1/reports/9c5ec388-43bc-4a57-9042-2d0479372a8d/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-01T19:37:00Z UTC
Last seen:
2025-10-01T20:25:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2a566b4b-2991-4cb6-abcd-da0a6b4998e6
Behavior Graph:
Download SVG
%3 guuid=ad8874ad-1700-0000-1576-1482770b0000 pid=2935 /usr/bin/sudo guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939 /tmp/sample.bin guuid=ad8874ad-1700-0000-1576-1482770b0000 pid=2935->guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939 execve guuid=ba9855b0-1700-0000-1576-14827c0b0000 pid=2940 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=ba9855b0-1700-0000-1576-14827c0b0000 pid=2940 execve guuid=e6a050bf-1700-0000-1576-14829f0b0000 pid=2975 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=e6a050bf-1700-0000-1576-14829f0b0000 pid=2975 execve guuid=007d93bf-1700-0000-1576-1482a00b0000 pid=2976 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=007d93bf-1700-0000-1576-1482a00b0000 pid=2976 clone guuid=13c19bbf-1700-0000-1576-1482a20b0000 pid=2978 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=13c19bbf-1700-0000-1576-1482a20b0000 pid=2978 execve guuid=7ce6e4c4-1700-0000-1576-1482b40b0000 pid=2996 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=7ce6e4c4-1700-0000-1576-1482b40b0000 pid=2996 execve guuid=37fd17c5-1700-0000-1576-1482b60b0000 pid=2998 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=37fd17c5-1700-0000-1576-1482b60b0000 pid=2998 clone guuid=92dc20c5-1700-0000-1576-1482b70b0000 pid=2999 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=92dc20c5-1700-0000-1576-1482b70b0000 pid=2999 execve guuid=7d3811cc-1700-0000-1576-1482cb0b0000 pid=3019 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=7d3811cc-1700-0000-1576-1482cb0b0000 pid=3019 execve guuid=a2374dcc-1700-0000-1576-1482cc0b0000 pid=3020 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=a2374dcc-1700-0000-1576-1482cc0b0000 pid=3020 clone guuid=86ba55cc-1700-0000-1576-1482cd0b0000 pid=3021 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=86ba55cc-1700-0000-1576-1482cd0b0000 pid=3021 execve guuid=96230cd2-1700-0000-1576-1482e10b0000 pid=3041 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=96230cd2-1700-0000-1576-1482e10b0000 pid=3041 execve guuid=9e9d44d2-1700-0000-1576-1482e30b0000 pid=3043 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=9e9d44d2-1700-0000-1576-1482e30b0000 pid=3043 clone guuid=dd8a50d2-1700-0000-1576-1482e40b0000 pid=3044 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=dd8a50d2-1700-0000-1576-1482e40b0000 pid=3044 execve guuid=cf2b18df-1700-0000-1576-1482020c0000 pid=3074 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=cf2b18df-1700-0000-1576-1482020c0000 pid=3074 execve guuid=a57f6bdf-1700-0000-1576-1482040c0000 pid=3076 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=a57f6bdf-1700-0000-1576-1482040c0000 pid=3076 clone guuid=f1a577df-1700-0000-1576-1482050c0000 pid=3077 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=f1a577df-1700-0000-1576-1482050c0000 pid=3077 execve guuid=7cb159e6-1700-0000-1576-1482170c0000 pid=3095 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=7cb159e6-1700-0000-1576-1482170c0000 pid=3095 execve guuid=d320dae6-1700-0000-1576-1482180c0000 pid=3096 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=d320dae6-1700-0000-1576-1482180c0000 pid=3096 clone guuid=fc82f2e6-1700-0000-1576-1482190c0000 pid=3097 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=fc82f2e6-1700-0000-1576-1482190c0000 pid=3097 execve guuid=f55a4af3-1700-0000-1576-1482340c0000 pid=3124 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=f55a4af3-1700-0000-1576-1482340c0000 pid=3124 execve guuid=8a36d1f3-1700-0000-1576-1482370c0000 pid=3127 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=8a36d1f3-1700-0000-1576-1482370c0000 pid=3127 clone guuid=01b9ddf3-1700-0000-1576-1482380c0000 pid=3128 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=01b9ddf3-1700-0000-1576-1482380c0000 pid=3128 execve guuid=d21b6ffa-1700-0000-1576-14824d0c0000 pid=3149 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=d21b6ffa-1700-0000-1576-14824d0c0000 pid=3149 execve guuid=c630cefa-1700-0000-1576-14824f0c0000 pid=3151 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=c630cefa-1700-0000-1576-14824f0c0000 pid=3151 clone guuid=0b00e4fa-1700-0000-1576-1482500c0000 pid=3152 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=0b00e4fa-1700-0000-1576-1482500c0000 pid=3152 execve guuid=ad785b06-1800-0000-1576-1482680c0000 pid=3176 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=ad785b06-1800-0000-1576-1482680c0000 pid=3176 execve guuid=359b9f06-1800-0000-1576-1482690c0000 pid=3177 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=359b9f06-1800-0000-1576-1482690c0000 pid=3177 clone guuid=f0adb006-1800-0000-1576-14826b0c0000 pid=3179 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=f0adb006-1800-0000-1576-14826b0c0000 pid=3179 execve guuid=88daa412-1800-0000-1576-1482770c0000 pid=3191 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=88daa412-1800-0000-1576-1482770c0000 pid=3191 execve guuid=8c261413-1800-0000-1576-1482790c0000 pid=3193 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=8c261413-1800-0000-1576-1482790c0000 pid=3193 clone guuid=ab162513-1800-0000-1576-14827b0c0000 pid=3195 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=ab162513-1800-0000-1576-14827b0c0000 pid=3195 execve guuid=aa16d11e-1800-0000-1576-1482860c0000 pid=3206 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=aa16d11e-1800-0000-1576-1482860c0000 pid=3206 execve guuid=f7bd551f-1800-0000-1576-1482870c0000 pid=3207 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=f7bd551f-1800-0000-1576-1482870c0000 pid=3207 clone guuid=5c56641f-1800-0000-1576-1482880c0000 pid=3208 /usr/bin/curl net send-data guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=5c56641f-1800-0000-1576-1482880c0000 pid=3208 execve guuid=2fc87626-1800-0000-1576-14828a0c0000 pid=3210 /usr/bin/chmod guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=2fc87626-1800-0000-1576-14828a0c0000 pid=3210 execve guuid=ae32b826-1800-0000-1576-14828b0c0000 pid=3211 /usr/bin/dash guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=ae32b826-1800-0000-1576-14828b0c0000 pid=3211 clone guuid=4fadc226-1800-0000-1576-14828c0c0000 pid=3212 /usr/bin/rm delete-file guuid=322df7af-1700-0000-1576-14827b0b0000 pid=2939->guuid=4fadc226-1800-0000-1576-14828c0c0000 pid=3212 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=ba9855b0-1700-0000-1576-14827c0b0000 pid=2940->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=13c19bbf-1700-0000-1576-1482a20b0000 pid=2978->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=92dc20c5-1700-0000-1576-1482b70b0000 pid=2999->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=86ba55cc-1700-0000-1576-1482cd0b0000 pid=3021->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=dd8a50d2-1700-0000-1576-1482e40b0000 pid=3044->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=f1a577df-1700-0000-1576-1482050c0000 pid=3077->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=fc82f2e6-1700-0000-1576-1482190c0000 pid=3097->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=01b9ddf3-1700-0000-1576-1482380c0000 pid=3128->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B guuid=0b00e4fa-1700-0000-1576-1482500c0000 pid=3152->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=f0adb006-1800-0000-1576-14826b0c0000 pid=3179->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 90B guuid=ab162513-1800-0000-1576-14827b0c0000 pid=3195->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 93B guuid=5c56641f-1800-0000-1576-1482880c0000 pid=3208->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 91B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 00:35:25 UTC
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vvm6zkvl7la2zeoeogzngcjee4yi7ngpldnl6cqxt3dfqgdan5sq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251001-22j3cadr7v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ad59ecaaabfac1ac91c471b2d3092427308fb4cf58dabf0a179ec65818606f65

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3636148/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3639221/

Comments