MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18
SHA3-384 hash: 215146ce23ad2b14e8a66ac031751275b8c46e89ddcd25ac31299117031167cd14b0b50eaa7121112c87ae38613ee4b9
SHA1 hash: 868eff71aa9aabf25f8a84ae9a44b32337baaebf
MD5 hash: faf48717f17e684b85485325f265b7aa
humanhash: six-violet-fruit-fix
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:931 bytes
First seen:2025-10-18 05:50:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:B0FYEcyNI7eKKuH+RQj7YTjFlaYt39aG96R:B0FY9reKfeRQXsjCC9a46
TLSH T1E711A2CF96F1627204D04FB474A6C96C946A97C0358CCF5E9C8C08BAD5D5D74B32AEAC
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://72.60.218.192/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraiarm elf geofenced mirai ua-wget USA
http://72.60.218.192/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf geofenced m68k mirai ua-wget USA
http://72.60.218.192/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf geofenced mips mirai ua-wget USA
http://72.60.218.192/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf geofenced mirai PowerPC ua-wget USA
http://72.60.218.192/systemcl/sh4n/an/an/a
http://72.60.218.192/systemcl/spcn/an/an/a
http://72.60.218.192/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86
http://72.60.218.192/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68f32b1111ff3db29f6369d7/reports/f40a193e-d63e-45a4-92f7-d8ded28740ca/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/de6ad06a-a4c6-4126-9f1b-4ed85ca9a8a0
Behavior Graph:
Download SVG
%3 guuid=464ba1dd-1600-0000-9d13-0a34590e0000 pid=3673 /usr/bin/sudo guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682 /tmp/sample.bin guuid=464ba1dd-1600-0000-9d13-0a34590e0000 pid=3673->guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682 execve guuid=1dce4ae0-1600-0000-9d13-0a34640e0000 pid=3684 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=1dce4ae0-1600-0000-9d13-0a34640e0000 pid=3684 execve guuid=8c68bdf7-1600-0000-9d13-0a34c50e0000 pid=3781 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=8c68bdf7-1600-0000-9d13-0a34c50e0000 pid=3781 execve guuid=f7c84ff8-1600-0000-9d13-0a34c80e0000 pid=3784 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=f7c84ff8-1600-0000-9d13-0a34c80e0000 pid=3784 clone guuid=3d36b7f9-1600-0000-9d13-0a34d00e0000 pid=3792 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=3d36b7f9-1600-0000-9d13-0a34d00e0000 pid=3792 execve guuid=b7fdc210-1700-0000-9d13-0a341b0f0000 pid=3867 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=b7fdc210-1700-0000-9d13-0a341b0f0000 pid=3867 execve guuid=b3a50f11-1700-0000-9d13-0a341f0f0000 pid=3871 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=b3a50f11-1700-0000-9d13-0a341f0f0000 pid=3871 clone guuid=711bb611-1700-0000-9d13-0a34240f0000 pid=3876 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=711bb611-1700-0000-9d13-0a34240f0000 pid=3876 execve guuid=bac1392a-1700-0000-9d13-0a347d0f0000 pid=3965 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=bac1392a-1700-0000-9d13-0a347d0f0000 pid=3965 execve guuid=f71c8f2a-1700-0000-9d13-0a34810f0000 pid=3969 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=f71c8f2a-1700-0000-9d13-0a34810f0000 pid=3969 clone guuid=fcf3302b-1700-0000-9d13-0a34850f0000 pid=3973 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=fcf3302b-1700-0000-9d13-0a34850f0000 pid=3973 execve guuid=96a2264c-1700-0000-9d13-0a3419100000 pid=4121 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=96a2264c-1700-0000-9d13-0a3419100000 pid=4121 execve guuid=08ca5f4c-1700-0000-9d13-0a341b100000 pid=4123 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=08ca5f4c-1700-0000-9d13-0a341b100000 pid=4123 clone guuid=d399d94c-1700-0000-9d13-0a3420100000 pid=4128 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=d399d94c-1700-0000-9d13-0a3420100000 pid=4128 execve guuid=3855ec6b-1700-0000-9d13-0a34b9100000 pid=4281 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=3855ec6b-1700-0000-9d13-0a34b9100000 pid=4281 execve guuid=0f35696c-1700-0000-9d13-0a34bd100000 pid=4285 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=0f35696c-1700-0000-9d13-0a34bd100000 pid=4285 clone guuid=4652857a-1700-0000-9d13-0a34c2100000 pid=4290 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=4652857a-1700-0000-9d13-0a34c2100000 pid=4290 execve guuid=72bd4caa-1700-0000-9d13-0a3489110000 pid=4489 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=72bd4caa-1700-0000-9d13-0a3489110000 pid=4489 execve guuid=79a4ceaa-1700-0000-9d13-0a348c110000 pid=4492 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=79a4ceaa-1700-0000-9d13-0a348c110000 pid=4492 clone guuid=7b609dab-1700-0000-9d13-0a3491110000 pid=4497 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=7b609dab-1700-0000-9d13-0a3491110000 pid=4497 execve guuid=76831fcd-1700-0000-9d13-0a341c120000 pid=4636 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=76831fcd-1700-0000-9d13-0a341c120000 pid=4636 execve guuid=64ee7acd-1700-0000-9d13-0a341d120000 pid=4637 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=64ee7acd-1700-0000-9d13-0a341d120000 pid=4637 clone guuid=ec3d25ce-1700-0000-9d13-0a3420120000 pid=4640 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=ec3d25ce-1700-0000-9d13-0a3420120000 pid=4640 execve guuid=29725ee5-1700-0000-9d13-0a3481120000 pid=4737 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=29725ee5-1700-0000-9d13-0a3481120000 pid=4737 execve guuid=e517a8e5-1700-0000-9d13-0a3485120000 pid=4741 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=e517a8e5-1700-0000-9d13-0a3485120000 pid=4741 clone guuid=da4c47e6-1700-0000-9d13-0a3488120000 pid=4744 /usr/bin/busybox net send-data guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=da4c47e6-1700-0000-9d13-0a3488120000 pid=4744 execve guuid=0b749bf6-1700-0000-9d13-0a34bf120000 pid=4799 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=0b749bf6-1700-0000-9d13-0a34bf120000 pid=4799 execve guuid=e248eff6-1700-0000-9d13-0a34c2120000 pid=4802 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=e248eff6-1700-0000-9d13-0a34c2120000 pid=4802 clone guuid=8f8000f7-1700-0000-9d13-0a34c3120000 pid=4803 /usr/bin/busybox net send-data guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=8f8000f7-1700-0000-9d13-0a34c3120000 pid=4803 execve guuid=8b74d507-1800-0000-9d13-0a3407130000 pid=4871 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=8b74d507-1800-0000-9d13-0a3407130000 pid=4871 execve guuid=3c2d1b08-1800-0000-9d13-0a3409130000 pid=4873 /usr/bin/dash guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=3c2d1b08-1800-0000-9d13-0a3409130000 pid=4873 clone guuid=8f3a2d08-1800-0000-9d13-0a340a130000 pid=4874 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=8f3a2d08-1800-0000-9d13-0a340a130000 pid=4874 execve guuid=57a3911f-1800-0000-9d13-0a3457130000 pid=4951 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=57a3911f-1800-0000-9d13-0a3457130000 pid=4951 execve guuid=e3c7d51f-1800-0000-9d13-0a3459130000 pid=4953 /home/sandbox/x86 net guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=e3c7d51f-1800-0000-9d13-0a3459130000 pid=4953 execve guuid=d454c12f-1800-0000-9d13-0a349e130000 pid=5022 /usr/bin/busybox net send-data write-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=d454c12f-1800-0000-9d13-0a349e130000 pid=5022 execve guuid=82a05448-1800-0000-9d13-0a34eb130000 pid=5099 /usr/bin/chmod guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=82a05448-1800-0000-9d13-0a34eb130000 pid=5099 execve guuid=2cdd8d48-1800-0000-9d13-0a34ed130000 pid=5101 /home/sandbox/x86_64 net guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=2cdd8d48-1800-0000-9d13-0a34ed130000 pid=5101 execve guuid=8355cb57-1800-0000-9d13-0a3422140000 pid=5154 /usr/bin/rm delete-file guuid=558606e0-1600-0000-9d13-0a34620e0000 pid=3682->guuid=8355cb57-1800-0000-9d13-0a3422140000 pid=5154 execve 54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 72.60.218.192:80 guuid=1dce4ae0-1600-0000-9d13-0a34640e0000 pid=3684->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 88B guuid=3d36b7f9-1600-0000-9d13-0a34d00e0000 pid=3792->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=711bb611-1700-0000-9d13-0a34240f0000 pid=3876->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=fcf3302b-1700-0000-9d13-0a34850f0000 pid=3973->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=d399d94c-1700-0000-9d13-0a3420100000 pid=4128->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=4652857a-1700-0000-9d13-0a34c2100000 pid=4290->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=7b609dab-1700-0000-9d13-0a3491110000 pid=4497->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 89B guuid=ec3d25ce-1700-0000-9d13-0a3420120000 pid=4640->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 88B guuid=da4c47e6-1700-0000-9d13-0a3488120000 pid=4744->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 88B guuid=8f8000f7-1700-0000-9d13-0a34c3120000 pid=4803->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 88B guuid=8f3a2d08-1800-0000-9d13-0a340a130000 pid=4874->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 88B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e3c7d51f-1800-0000-9d13-0a3459130000 pid=4953->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9286b42f-1800-0000-9d13-0a349b130000 pid=5019 /home/sandbox/x86 guuid=e3c7d51f-1800-0000-9d13-0a3459130000 pid=4953->guuid=9286b42f-1800-0000-9d13-0a349b130000 pid=5019 clone guuid=49d3b82f-1800-0000-9d13-0a349c130000 pid=5020 /home/sandbox/x86 net send-data zombie guuid=e3c7d51f-1800-0000-9d13-0a3459130000 pid=4953->guuid=49d3b82f-1800-0000-9d13-0a349c130000 pid=5020 clone guuid=49d3b82f-1800-0000-9d13-0a349c130000 pid=5020->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=49d3b82f-1800-0000-9d13-0a349c130000 pid=5020->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 42B guuid=d454c12f-1800-0000-9d13-0a349e130000 pid=5022->54ba6024-2a9c-57cf-a6d1-504f9ad65ac9 send: 91B guuid=2cdd8d48-1800-0000-9d13-0a34ed130000 pid=5101->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f7ecbe57-1800-0000-9d13-0a3420140000 pid=5152 /home/sandbox/x86_64 guuid=2cdd8d48-1800-0000-9d13-0a34ed130000 pid=5101->guuid=f7ecbe57-1800-0000-9d13-0a3420140000 pid=5152 clone guuid=e7bec257-1800-0000-9d13-0a3421140000 pid=5153 /home/sandbox/x86_64 net send-data zombie guuid=2cdd8d48-1800-0000-9d13-0a34ed130000 pid=5101->guuid=e7bec257-1800-0000-9d13-0a3421140000 pid=5153 clone guuid=e7bec257-1800-0000-9d13-0a3421140000 pid=5153->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e7bec257-1800-0000-9d13-0a3421140000 pid=5153->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 47B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-10-18 05:54:38 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v52ealqvxgevqiwqph75a5u3uyxgacytgkckmf3sisyax5ufvyma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251018-gk1njsyqbs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh af74402e15b9895822d079ffd0769ba62e600b133284a6177244b00bf685ae18

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3680492/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments