MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9
SHA3-384 hash: 7bef7572a8041b79cc0e095ff73fab226b73627e3886fc44539cefc4d37a686ac1ce995709f51d552732341704f81405
SHA1 hash: 26eb2d5b3d50af74be8fbf310f0de5792bc51c04
MD5 hash: cfc9ce5f67e4dafbd4ecb15e197884b7
humanhash: uranus-hotel-wisconsin-fruit
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'033 bytes
First seen:2025-10-06 19:04:02 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:6IjUamqUaiNNIl5zAUaL0LKjUa0taKAUai7nUaXeCUaXyUaUB6jUaefAUa4AUajx:dgP7JNI755KgdtBlfUtDcoghlXOR
TLSH T10011A2DB23A1D162080C5DBCB03B9C3461C5E7D130AB8B0BE9CC98F57B869043626F1B
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.94.31.127/MyFuckingBins/armn/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/arm5n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/arm6n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/arm7n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/sh4n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/arcn/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/mipsn/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/mipseln/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/sparcn/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/x86_64n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/i686n/an/aelf ua-wget
http://45.94.31.127/MyFuckingBins/i586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68e41442d4a0085473c1ddb6/reports/470fc51c-de8c-4036-b53e-1ab12858803d/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0291e3c3-9ae6-4f5f-aefa-45e51e7cb1bb
Behavior Graph:
Download SVG
%3 guuid=11707a56-2000-0000-eafa-720f3d0b0000 pid=2877 /usr/bin/sudo guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884 /tmp/sample.bin guuid=11707a56-2000-0000-eafa-720f3d0b0000 pid=2877->guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884 execve guuid=5db14c58-2000-0000-eafa-720f450b0000 pid=2885 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=5db14c58-2000-0000-eafa-720f450b0000 pid=2885 execve guuid=bedf205a-2000-0000-eafa-720f4b0b0000 pid=2891 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=bedf205a-2000-0000-eafa-720f4b0b0000 pid=2891 execve guuid=4d66655a-2000-0000-eafa-720f4c0b0000 pid=2892 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=4d66655a-2000-0000-eafa-720f4c0b0000 pid=2892 clone guuid=2aef875a-2000-0000-eafa-720f4d0b0000 pid=2893 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=2aef875a-2000-0000-eafa-720f4d0b0000 pid=2893 execve guuid=d9b3176b-2000-0000-eafa-720f6c0b0000 pid=2924 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=d9b3176b-2000-0000-eafa-720f6c0b0000 pid=2924 execve guuid=c9a4926b-2000-0000-eafa-720f6d0b0000 pid=2925 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=c9a4926b-2000-0000-eafa-720f6d0b0000 pid=2925 clone guuid=9c219f6b-2000-0000-eafa-720f6e0b0000 pid=2926 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=9c219f6b-2000-0000-eafa-720f6e0b0000 pid=2926 execve guuid=2777986d-2000-0000-eafa-720f720b0000 pid=2930 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=2777986d-2000-0000-eafa-720f720b0000 pid=2930 execve guuid=63cb606e-2000-0000-eafa-720f750b0000 pid=2933 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=63cb606e-2000-0000-eafa-720f750b0000 pid=2933 clone guuid=a54d6e6e-2000-0000-eafa-720f760b0000 pid=2934 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=a54d6e6e-2000-0000-eafa-720f760b0000 pid=2934 execve guuid=c7356470-2000-0000-eafa-720f790b0000 pid=2937 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=c7356470-2000-0000-eafa-720f790b0000 pid=2937 execve guuid=7189b570-2000-0000-eafa-720f7b0b0000 pid=2939 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=7189b570-2000-0000-eafa-720f7b0b0000 pid=2939 clone guuid=a87fbf70-2000-0000-eafa-720f7d0b0000 pid=2941 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=a87fbf70-2000-0000-eafa-720f7d0b0000 pid=2941 execve guuid=5467e072-2000-0000-eafa-720f830b0000 pid=2947 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=5467e072-2000-0000-eafa-720f830b0000 pid=2947 execve guuid=da182773-2000-0000-eafa-720f840b0000 pid=2948 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=da182773-2000-0000-eafa-720f840b0000 pid=2948 clone guuid=42102e73-2000-0000-eafa-720f850b0000 pid=2949 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=42102e73-2000-0000-eafa-720f850b0000 pid=2949 execve guuid=79510375-2000-0000-eafa-720f8c0b0000 pid=2956 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=79510375-2000-0000-eafa-720f8c0b0000 pid=2956 execve guuid=ce1b4f75-2000-0000-eafa-720f8d0b0000 pid=2957 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=ce1b4f75-2000-0000-eafa-720f8d0b0000 pid=2957 clone guuid=8d116675-2000-0000-eafa-720f8f0b0000 pid=2959 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=8d116675-2000-0000-eafa-720f8f0b0000 pid=2959 execve guuid=d65d6677-2000-0000-eafa-720f950b0000 pid=2965 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=d65d6677-2000-0000-eafa-720f950b0000 pid=2965 execve guuid=5ccda777-2000-0000-eafa-720f960b0000 pid=2966 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=5ccda777-2000-0000-eafa-720f960b0000 pid=2966 clone guuid=f4d2ba77-2000-0000-eafa-720f980b0000 pid=2968 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=f4d2ba77-2000-0000-eafa-720f980b0000 pid=2968 execve guuid=4fe19279-2000-0000-eafa-720f9c0b0000 pid=2972 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=4fe19279-2000-0000-eafa-720f9c0b0000 pid=2972 execve guuid=9a00ec79-2000-0000-eafa-720f9d0b0000 pid=2973 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=9a00ec79-2000-0000-eafa-720f9d0b0000 pid=2973 clone guuid=86d50a7a-2000-0000-eafa-720f9e0b0000 pid=2974 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=86d50a7a-2000-0000-eafa-720f9e0b0000 pid=2974 execve guuid=d075fd7b-2000-0000-eafa-720fa10b0000 pid=2977 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=d075fd7b-2000-0000-eafa-720fa10b0000 pid=2977 execve guuid=7720617c-2000-0000-eafa-720fa30b0000 pid=2979 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=7720617c-2000-0000-eafa-720fa30b0000 pid=2979 clone guuid=cfe1717c-2000-0000-eafa-720fa50b0000 pid=2981 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=cfe1717c-2000-0000-eafa-720fa50b0000 pid=2981 execve guuid=ed9f407e-2000-0000-eafa-720fab0b0000 pid=2987 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=ed9f407e-2000-0000-eafa-720fab0b0000 pid=2987 execve guuid=8ed5807e-2000-0000-eafa-720fac0b0000 pid=2988 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=8ed5807e-2000-0000-eafa-720fac0b0000 pid=2988 clone guuid=8e968d7e-2000-0000-eafa-720fad0b0000 pid=2989 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=8e968d7e-2000-0000-eafa-720fad0b0000 pid=2989 execve guuid=6856ae80-2000-0000-eafa-720fb40b0000 pid=2996 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=6856ae80-2000-0000-eafa-720fb40b0000 pid=2996 execve guuid=ce7ce780-2000-0000-eafa-720fb60b0000 pid=2998 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=ce7ce780-2000-0000-eafa-720fb60b0000 pid=2998 clone guuid=deb7ee80-2000-0000-eafa-720fb70b0000 pid=2999 /usr/bin/busybox net send-data guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=deb7ee80-2000-0000-eafa-720fb70b0000 pid=2999 execve guuid=ac08d782-2000-0000-eafa-720fb90b0000 pid=3001 /usr/bin/chmod guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=ac08d782-2000-0000-eafa-720fb90b0000 pid=3001 execve guuid=f0fa1483-2000-0000-eafa-720fbb0b0000 pid=3003 /usr/bin/dash guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=f0fa1483-2000-0000-eafa-720fbb0b0000 pid=3003 clone guuid=464b1b83-2000-0000-eafa-720fbc0b0000 pid=3004 /usr/bin/rm delete-file guuid=44271658-2000-0000-eafa-720f440b0000 pid=2884->guuid=464b1b83-2000-0000-eafa-720fbc0b0000 pid=3004 execve a0ba91d2-65b2-53b8-a772-809740faa7a0 45.94.31.127:80 guuid=5db14c58-2000-0000-eafa-720f450b0000 pid=2885->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 92B guuid=2aef875a-2000-0000-eafa-720f4d0b0000 pid=2893->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B guuid=9c219f6b-2000-0000-eafa-720f6e0b0000 pid=2926->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B guuid=a54d6e6e-2000-0000-eafa-720f760b0000 pid=2934->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B guuid=a87fbf70-2000-0000-eafa-720f7d0b0000 pid=2941->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 92B guuid=42102e73-2000-0000-eafa-720f850b0000 pid=2949->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 92B guuid=8d116675-2000-0000-eafa-720f8f0b0000 pid=2959->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B guuid=f4d2ba77-2000-0000-eafa-720f980b0000 pid=2968->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 95B guuid=86d50a7a-2000-0000-eafa-720f9e0b0000 pid=2974->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 94B guuid=cfe1717c-2000-0000-eafa-720fa50b0000 pid=2981->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 95B guuid=8e968d7e-2000-0000-eafa-720fad0b0000 pid=2989->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B guuid=deb7ee80-2000-0000-eafa-720fb70b0000 pid=2999->a0ba91d2-65b2-53b8-a772-809740faa7a0 send: 93B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9/
Threat name:
Linux.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-10-06 19:17:06 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wx5i2yekclzsdcx6zfmiqo7g567thy3ymhgucavwbui72tyfqxeq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251006-xvkm3synt5/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b5fa8d608a12f3218afec958883be6efbf33e37861cd4102b60d11fd4f0585c9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3660781/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3660834/
  
URLhaus
https://urlhaus.abuse.ch/url/3660836/

Comments