MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66
SHA3-384 hash: bbc9e1b34f91d0ddb09cf606594d2922c61bce3002b1b16a886ced57cc4529db4dec206f1ba05bca0e872a70ab60c7eb
SHA1 hash: 52e73042b3516977f0bcd4bc6e408a385b0f6d29
MD5 hash: af3376cf68a23cfed8005c41ffb49e09
humanhash: nitrogen-sink-illinois-william
File name:giga.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'053 bytes
First seen:2025-10-02 05:38:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:St5t+tEYoYYZEYst5t+tEYhXYhBEYMqt5t+tEYmGNI7Ym+SEYgt5t+tEYagYLKwj:AWoaeYWNIQR7vKepfngjsCuW/J8v
TLSH T1DA115BFD2025522613006F14706689396CBBF7F260B29EF454BFE42355CB5D07722E75
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68de119174e5a289899d8cc5/reports/ad6d1837-7bb9-4b04-b390-31fd0ecda934/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-10-02T02:52:00Z UTC
Last seen:
2025-10-02T10:28:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d6aaec9e-12fd-423f-9085-b01dcc1e9e8e
Behavior Graph:
Download SVG
%3 guuid=00795fbb-1a00-0000-1d5e-d6dadc0b0000 pid=3036 /usr/bin/sudo guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044 /tmp/sample.bin guuid=00795fbb-1a00-0000-1d5e-d6dadc0b0000 pid=3036->guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044 execve guuid=6b74d4bd-1a00-0000-1d5e-d6dae60b0000 pid=3046 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=6b74d4bd-1a00-0000-1d5e-d6dae60b0000 pid=3046 execve guuid=fef025c3-1a00-0000-1d5e-d6daf80b0000 pid=3064 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=fef025c3-1a00-0000-1d5e-d6daf80b0000 pid=3064 execve guuid=73bf5fc3-1a00-0000-1d5e-d6daf90b0000 pid=3065 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=73bf5fc3-1a00-0000-1d5e-d6daf90b0000 pid=3065 clone guuid=f4d032c5-1a00-0000-1d5e-d6dafe0b0000 pid=3070 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=f4d032c5-1a00-0000-1d5e-d6dafe0b0000 pid=3070 execve guuid=364f9bc9-1a00-0000-1d5e-d6da0c0c0000 pid=3084 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=364f9bc9-1a00-0000-1d5e-d6da0c0c0000 pid=3084 execve guuid=5b9705ca-1a00-0000-1d5e-d6da0e0c0000 pid=3086 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=5b9705ca-1a00-0000-1d5e-d6da0e0c0000 pid=3086 clone guuid=be32feca-1a00-0000-1d5e-d6da120c0000 pid=3090 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=be32feca-1a00-0000-1d5e-d6da120c0000 pid=3090 execve guuid=46de39d4-1a00-0000-1d5e-d6da260c0000 pid=3110 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=46de39d4-1a00-0000-1d5e-d6da260c0000 pid=3110 execve guuid=c9c682d4-1a00-0000-1d5e-d6da280c0000 pid=3112 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=c9c682d4-1a00-0000-1d5e-d6da280c0000 pid=3112 clone guuid=735e2ed5-1a00-0000-1d5e-d6da2c0c0000 pid=3116 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=735e2ed5-1a00-0000-1d5e-d6da2c0c0000 pid=3116 execve guuid=a1f4cfda-1a00-0000-1d5e-d6da390c0000 pid=3129 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=a1f4cfda-1a00-0000-1d5e-d6da390c0000 pid=3129 execve guuid=d48c1fdb-1a00-0000-1d5e-d6da3b0c0000 pid=3131 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=d48c1fdb-1a00-0000-1d5e-d6da3b0c0000 pid=3131 clone guuid=583ea9db-1a00-0000-1d5e-d6da3f0c0000 pid=3135 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=583ea9db-1a00-0000-1d5e-d6da3f0c0000 pid=3135 execve guuid=18ac3ce0-1a00-0000-1d5e-d6da4e0c0000 pid=3150 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=18ac3ce0-1a00-0000-1d5e-d6da4e0c0000 pid=3150 execve guuid=e12a97e0-1a00-0000-1d5e-d6da500c0000 pid=3152 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=e12a97e0-1a00-0000-1d5e-d6da500c0000 pid=3152 clone guuid=fec331e1-1a00-0000-1d5e-d6da530c0000 pid=3155 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=fec331e1-1a00-0000-1d5e-d6da530c0000 pid=3155 execve guuid=77fa79e6-1a00-0000-1d5e-d6da600c0000 pid=3168 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=77fa79e6-1a00-0000-1d5e-d6da600c0000 pid=3168 execve guuid=5785e8e6-1a00-0000-1d5e-d6da620c0000 pid=3170 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=5785e8e6-1a00-0000-1d5e-d6da620c0000 pid=3170 clone guuid=81dcfce6-1a00-0000-1d5e-d6da630c0000 pid=3171 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=81dcfce6-1a00-0000-1d5e-d6da630c0000 pid=3171 execve guuid=5dd46df2-1a00-0000-1d5e-d6da790c0000 pid=3193 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=5dd46df2-1a00-0000-1d5e-d6da790c0000 pid=3193 execve guuid=4ab71ff3-1a00-0000-1d5e-d6da7b0c0000 pid=3195 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=4ab71ff3-1a00-0000-1d5e-d6da7b0c0000 pid=3195 clone guuid=53e478f5-1a00-0000-1d5e-d6da7e0c0000 pid=3198 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=53e478f5-1a00-0000-1d5e-d6da7e0c0000 pid=3198 execve guuid=cc1674ff-1a00-0000-1d5e-d6da8b0c0000 pid=3211 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=cc1674ff-1a00-0000-1d5e-d6da8b0c0000 pid=3211 execve guuid=73901700-1b00-0000-1d5e-d6da8c0c0000 pid=3212 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=73901700-1b00-0000-1d5e-d6da8c0c0000 pid=3212 clone guuid=3975fa01-1b00-0000-1d5e-d6da8e0c0000 pid=3214 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=3975fa01-1b00-0000-1d5e-d6da8e0c0000 pid=3214 execve guuid=e1fede0b-1b00-0000-1d5e-d6da900c0000 pid=3216 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=e1fede0b-1b00-0000-1d5e-d6da900c0000 pid=3216 execve guuid=9b5f390c-1b00-0000-1d5e-d6da910c0000 pid=3217 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=9b5f390c-1b00-0000-1d5e-d6da910c0000 pid=3217 clone guuid=0e22cd0c-1b00-0000-1d5e-d6da940c0000 pid=3220 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=0e22cd0c-1b00-0000-1d5e-d6da940c0000 pid=3220 execve guuid=1217b515-1b00-0000-1d5e-d6daaa0c0000 pid=3242 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=1217b515-1b00-0000-1d5e-d6daaa0c0000 pid=3242 execve guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243 /home/sandbox/UnHAnaAW.x86 net guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243 execve guuid=3ea71216-1b00-0000-1d5e-d6dab00c0000 pid=3248 /usr/bin/wget net send-data write-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=3ea71216-1b00-0000-1d5e-d6dab00c0000 pid=3248 execve guuid=e7ce6525-1b00-0000-1d5e-d6dab90c0000 pid=3257 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=e7ce6525-1b00-0000-1d5e-d6dab90c0000 pid=3257 execve guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259 /home/sandbox/UnHAnaAW.x86_64 net guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259 execve guuid=a41f8f90-1c00-0000-1d5e-d6da8b0f0000 pid=3979 /usr/bin/wget net guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=a41f8f90-1c00-0000-1d5e-d6da8b0f0000 pid=3979 execve guuid=8980f493-1c00-0000-1d5e-d6da990f0000 pid=3993 /usr/bin/chmod guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=8980f493-1c00-0000-1d5e-d6da990f0000 pid=3993 execve guuid=99937894-1c00-0000-1d5e-d6da9d0f0000 pid=3997 /usr/bin/dash guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=99937894-1c00-0000-1d5e-d6da9d0f0000 pid=3997 clone guuid=039c9c94-1c00-0000-1d5e-d6daa10f0000 pid=4001 /usr/bin/rm delete-file guuid=f6c476bd-1a00-0000-1d5e-d6dae40b0000 pid=3044->guuid=039c9c94-1c00-0000-1d5e-d6daa10f0000 pid=4001 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=6b74d4bd-1a00-0000-1d5e-d6dae60b0000 pid=3046->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=f4d032c5-1a00-0000-1d5e-d6dafe0b0000 pid=3070->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=be32feca-1a00-0000-1d5e-d6da120c0000 pid=3090->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=735e2ed5-1a00-0000-1d5e-d6da2c0c0000 pid=3116->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=583ea9db-1a00-0000-1d5e-d6da3f0c0000 pid=3135->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=fec331e1-1a00-0000-1d5e-d6da530c0000 pid=3155->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=81dcfce6-1a00-0000-1d5e-d6da630c0000 pid=3171->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=53e478f5-1a00-0000-1d5e-d6da7e0c0000 pid=3198->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=3975fa01-1b00-0000-1d5e-d6da8e0c0000 pid=3214->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=0e22cd0c-1b00-0000-1d5e-d6da940c0000 pid=3220->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a6770716-1b00-0000-1d5e-d6daad0c0000 pid=3245 /home/sandbox/UnHAnaAW.x86 guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243->guuid=a6770716-1b00-0000-1d5e-d6daad0c0000 pid=3245 clone guuid=8b630a16-1b00-0000-1d5e-d6daae0c0000 pid=3246 /home/sandbox/UnHAnaAW.x86 guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243->guuid=8b630a16-1b00-0000-1d5e-d6daae0c0000 pid=3246 clone guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=579fe815-1b00-0000-1d5e-d6daab0c0000 pid=3243->guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247 clone guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 9B guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249 clone guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250 clone guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251 clone guuid=c2822516-1b00-0000-1d5e-d6dab40c0000 pid=3252 /home/sandbox/UnHAnaAW.x86 guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=c2822516-1b00-0000-1d5e-d6dab40c0000 pid=3252 clone guuid=c37d2816-1b00-0000-1d5e-d6dab60c0000 pid=3254 /home/sandbox/UnHAnaAW.x86 guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=c37d2816-1b00-0000-1d5e-d6dab60c0000 pid=3254 clone guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=9bb50d16-1b00-0000-1d5e-d6daaf0c0000 pid=3247->guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255 clone guuid=3ea71216-1b00-0000-1d5e-d6dab00c0000 pid=3248->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 144B guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249|send-data send-data to 160 IP addresses review logs to see them all guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249->guuid=d71e1b16-1b00-0000-1d5e-d6dab10c0000 pid=3249|send-data send guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250|send-data send-data to 160 IP addresses review logs to see them all guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250->guuid=2f601e16-1b00-0000-1d5e-d6dab20c0000 pid=3250|send-data send guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251|send-data send-data to 1024 IP addresses review logs to see them all guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251->guuid=1bab2116-1b00-0000-1d5e-d6dab30c0000 pid=3251|send-data send guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255|send-data send-data to 384 IP addresses review logs to see them all guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255->guuid=00c12d16-1b00-0000-1d5e-d6dab70c0000 pid=3255|send-data send guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=b7177890-1c00-0000-1d5e-d6da870f0000 pid=3975 /home/sandbox/UnHAnaAW.x86_64 guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259->guuid=b7177890-1c00-0000-1d5e-d6da870f0000 pid=3975 clone guuid=edfb7d90-1c00-0000-1d5e-d6da880f0000 pid=3976 /home/sandbox/UnHAnaAW.x86_64 guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259->guuid=edfb7d90-1c00-0000-1d5e-d6da880f0000 pid=3976 clone guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=341dc725-1b00-0000-1d5e-d6dabb0c0000 pid=3259->guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977 clone guuid=963a8a14-2600-0000-1d5e-d6dad7140000 pid=5335 /home/sandbox/UnHAnaAW.x86_64 guuid=b7177890-1c00-0000-1d5e-d6da870f0000 pid=3975->guuid=963a8a14-2600-0000-1d5e-d6dad7140000 pid=5335 clone guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=b7177890-1c00-0000-1d5e-d6da870f0000 pid=3975->guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336 clone guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 13B guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978 clone guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980 clone guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981 clone guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982 /home/sandbox/UnHAnaAW.x86_64 net send-data guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982 clone guuid=77389e90-1c00-0000-1d5e-d6da8f0f0000 pid=3983 /home/sandbox/UnHAnaAW.x86_64 guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=77389e90-1c00-0000-1d5e-d6da8f0f0000 pid=3983 clone guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=64578390-1c00-0000-1d5e-d6da890f0000 pid=3977->guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984 clone guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978|send-data send-data to 4097 IP addresses review logs to see them all guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978->guuid=7b188f90-1c00-0000-1d5e-d6da8a0f0000 pid=3978|send-data send guuid=a41f8f90-1c00-0000-1d5e-d6da8b0f0000 pid=3979->eaaaaddb-f5f1-5090-9f4d-096f63c93adc con guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con ff37d306-e741-547d-8e1c-0b44662840fe 95.100.161.132:80 guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980->ff37d306-e741-547d-8e1c-0b44662840fe send: 40B guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980|send-data send-data to 4096 IP addresses review logs to see them all guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980->guuid=51289390-1c00-0000-1d5e-d6da8c0f0000 pid=3980|send-data send guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981|send-data send-data to 4097 IP addresses review logs to see them all guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981->guuid=f2539690-1c00-0000-1d5e-d6da8d0f0000 pid=3981|send-data send guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 9B guuid=a13a9907-2600-0000-1d5e-d6dad5140000 pid=5333 /home/sandbox/UnHAnaAW.x86_64 guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982->guuid=a13a9907-2600-0000-1d5e-d6dad5140000 pid=5333 clone guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=56539b90-1c00-0000-1d5e-d6da8e0f0000 pid=3982->guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334 clone guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 288a47c1-0ef6-5038-b072-36ade174d9b5 203.189.153.29:23 guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984->288a47c1-0ef6-5038-b072-36ade174d9b5 send: 40B guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984|send-data send-data to 4097 IP addresses review logs to see them all guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984->guuid=c42da190-1c00-0000-1d5e-d6da900f0000 pid=3984|send-data send guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334|send-data send-data to 4097 IP addresses review logs to see them all guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334->guuid=e5f4a107-2600-0000-1d5e-d6dad6140000 pid=5334|send-data send guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337 clone guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338 clone guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339 clone guuid=e8e1ba14-2600-0000-1d5e-d6dadc140000 pid=5340 /home/sandbox/UnHAnaAW.x86_64 net guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=e8e1ba14-2600-0000-1d5e-d6dadc140000 pid=5340 clone guuid=91dfc114-2600-0000-1d5e-d6dadd140000 pid=5341 /home/sandbox/UnHAnaAW.x86_64 guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=91dfc114-2600-0000-1d5e-d6dadd140000 pid=5341 clone guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=be209014-2600-0000-1d5e-d6dad8140000 pid=5336->guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342 clone guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337|send-data send-data to 4097 IP addresses review logs to see them all guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337->guuid=e121a214-2600-0000-1d5e-d6dad9140000 pid=5337|send-data send guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338|send-data send-data to 4097 IP addresses review logs to see them all guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338->guuid=ffbca714-2600-0000-1d5e-d6dada140000 pid=5338|send-data send guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339|send-data send-data to 4097 IP addresses review logs to see them all guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339->guuid=bdedaf14-2600-0000-1d5e-d6dadb140000 pid=5339|send-data send guuid=e8e1ba14-2600-0000-1d5e-d6dadc140000 pid=5340->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=de13163f-2700-0000-1d5e-d6dadf140000 pid=5343 /home/sandbox/UnHAnaAW.x86_64 guuid=e8e1ba14-2600-0000-1d5e-d6dadc140000 pid=5340->guuid=de13163f-2700-0000-1d5e-d6dadf140000 pid=5343 clone guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=e8e1ba14-2600-0000-1d5e-d6dadc140000 pid=5340->guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344 clone guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342|send-data send-data to 4097 IP addresses review logs to see them all guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342->guuid=b76ac914-2600-0000-1d5e-d6dade140000 pid=5342|send-data send guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344|send-data send-data to 4097 IP addresses review logs to see them all guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344->guuid=e74c1b3f-2700-0000-1d5e-d6dae0140000 pid=5344|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 05:46:29 UTC
File Type:
Text
AV detection:
15 of 36 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wrgfvvrtyb3w2gewbttrmfqrwojwqvvbltytd4tgbcvfmtcrdrta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251002-gfx2vssrt3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b44c5ad633c0776d18960ce7161611b3936856a15cf131f26608aa564c511c66

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3639164/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3639217/
  
URLhaus
https://urlhaus.abuse.ch/url/3639224/
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

Comments