MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa
SHA3-384 hash: b14d7ab48d46630d7784c1c7cf96e172ab103816de2eb4f31103d3db56b1f34b7e26054b33c73371f016488c4fc46911
SHA1 hash: 4350416c93c45c3970d6a276484132cf2e97f739
MD5 hash: 091003df67e1aff3b486f7c5331cb1ea
humanhash: skylark-tennessee-missouri-july
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:648 bytes
First seen:2025-06-26 16:59:15 UTC
Last seen:2025-06-27 12:10:35 UTC
File type: sh
MIME type:text/plain
ssdeep 12:EURUKJUSNIl5PUf0LKOUSBU9U014U4tVR9UQBXU4BU:EURUKJUSNI7PUqKOUSBU9U0qU4tJUAU5
TLSH T144F0E8AE287175E64A399E56B0738754702C9ACDFA748F08A58F58BF8DD7B00342CF45
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.208.158.140/arm8271f1f986b352fff15ea4a77cc5fec53c1d9dcca742d4a9c9d2ab6891eab18a Miraielf gafgyt mirai ua-wget
http://185.208.158.140/arm5575ef1a01819dd1f1c2c0fb09b0001725599230fc4ce03d197b52751ff85a341 Miraielf mirai ua-wget
http://185.208.158.140/arm66402c8ac9e7bcc47f493ed249ef2b5a0e1b0b317e0dbd8012b61d3507c67fd0e Miraielf mirai ua-wget
http://185.208.158.140/arm737d405a2afcd051f24faa7d536ac292e28148575a2ee02766b92046f413a3c57 Miraielf mirai ua-wget
http://185.208.158.140/mips7b02048872ec82be36a7a9c28d8479a1c884a2df339416c822554211e6d5b05e Miraielf gafgyt mirai ua-wget
http://185.208.158.140/mipself0c4dc9e697cc34437766c67140cc210be04bd62997bf2ace3c389e3d9e32ff7 Miraielf mirai ua-wget
http://185.208.158.140/powerpccefd6e28cd1c138a151a1721dbbe1a53b410424b259179faa792fcc8063952ba Miraielf mirai ua-wget
http://185.208.158.140/sh4dfc72b2b40890a9747c242f69db7c4941794bf89c5ff0ef75dab6e1338c6cd6f Miraielf mirai ua-wget
http://185.208.158.140/sparc36eb14fd17bd36eb37ce29bdffe3109b88ffef2387f94647593d267b3214b134 Miraielf mirai ua-wget
http://185.208.158.140/x86_641d9f46542a855257b2a801c72449db0482435d1bb05cffccc0ad56a82e4631e6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685d7da4b06783b9ebd842de
Tags:
n/a
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/dad25eea-1a56-457f-833a-db91b34a867b
Behavior Graph:
Download SVG
%3 guuid=d4b736ec-1700-0000-c2b1-7a2f020d0000 pid=3330 /usr/bin/sudo guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335 /tmp/sample.bin guuid=d4b736ec-1700-0000-c2b1-7a2f020d0000 pid=3330->guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335 execve guuid=9b9ed6ee-1700-0000-c2b1-7a2f080d0000 pid=3336 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=9b9ed6ee-1700-0000-c2b1-7a2f080d0000 pid=3336 execve guuid=1c2548f6-1700-0000-c2b1-7a2f190d0000 pid=3353 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=1c2548f6-1700-0000-c2b1-7a2f190d0000 pid=3353 execve guuid=15208ff6-1700-0000-c2b1-7a2f1b0d0000 pid=3355 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=15208ff6-1700-0000-c2b1-7a2f1b0d0000 pid=3355 clone guuid=ae3354f7-1700-0000-c2b1-7a2f1d0d0000 pid=3357 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=ae3354f7-1700-0000-c2b1-7a2f1d0d0000 pid=3357 execve guuid=232b13fe-1700-0000-c2b1-7a2f300d0000 pid=3376 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=232b13fe-1700-0000-c2b1-7a2f300d0000 pid=3376 execve guuid=9b8c65fe-1700-0000-c2b1-7a2f320d0000 pid=3378 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=9b8c65fe-1700-0000-c2b1-7a2f320d0000 pid=3378 clone guuid=83ebddfe-1700-0000-c2b1-7a2f360d0000 pid=3382 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=83ebddfe-1700-0000-c2b1-7a2f360d0000 pid=3382 execve guuid=94d5ee05-1800-0000-c2b1-7a2f3b0d0000 pid=3387 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=94d5ee05-1800-0000-c2b1-7a2f3b0d0000 pid=3387 execve guuid=c52b2f06-1800-0000-c2b1-7a2f3c0d0000 pid=3388 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=c52b2f06-1800-0000-c2b1-7a2f3c0d0000 pid=3388 clone guuid=58a5da06-1800-0000-c2b1-7a2f3e0d0000 pid=3390 /usr/bin/wget net send-data guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=58a5da06-1800-0000-c2b1-7a2f3e0d0000 pid=3390 execve guuid=6887960a-1800-0000-c2b1-7a2f420d0000 pid=3394 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=6887960a-1800-0000-c2b1-7a2f420d0000 pid=3394 execve guuid=ed3fd90a-1800-0000-c2b1-7a2f430d0000 pid=3395 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=ed3fd90a-1800-0000-c2b1-7a2f430d0000 pid=3395 clone guuid=edc9df0a-1800-0000-c2b1-7a2f440d0000 pid=3396 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=edc9df0a-1800-0000-c2b1-7a2f440d0000 pid=3396 execve guuid=c616b912-1800-0000-c2b1-7a2f610d0000 pid=3425 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=c616b912-1800-0000-c2b1-7a2f610d0000 pid=3425 execve guuid=a67def12-1800-0000-c2b1-7a2f620d0000 pid=3426 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=a67def12-1800-0000-c2b1-7a2f620d0000 pid=3426 clone guuid=f1e9fc13-1800-0000-c2b1-7a2f680d0000 pid=3432 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=f1e9fc13-1800-0000-c2b1-7a2f680d0000 pid=3432 execve guuid=c9ee4d1c-1800-0000-c2b1-7a2f880d0000 pid=3464 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=c9ee4d1c-1800-0000-c2b1-7a2f880d0000 pid=3464 execve guuid=6d4e841c-1800-0000-c2b1-7a2f8a0d0000 pid=3466 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=6d4e841c-1800-0000-c2b1-7a2f8a0d0000 pid=3466 clone guuid=280d071d-1800-0000-c2b1-7a2f8e0d0000 pid=3470 /usr/bin/wget net send-data guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=280d071d-1800-0000-c2b1-7a2f8e0d0000 pid=3470 execve guuid=e51ea620-1800-0000-c2b1-7a2f9b0d0000 pid=3483 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=e51ea620-1800-0000-c2b1-7a2f9b0d0000 pid=3483 execve guuid=1ceae820-1800-0000-c2b1-7a2f9d0d0000 pid=3485 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=1ceae820-1800-0000-c2b1-7a2f9d0d0000 pid=3485 clone guuid=c362f120-1800-0000-c2b1-7a2f9f0d0000 pid=3487 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=c362f120-1800-0000-c2b1-7a2f9f0d0000 pid=3487 execve guuid=e5e37427-1800-0000-c2b1-7a2fb20d0000 pid=3506 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=e5e37427-1800-0000-c2b1-7a2fb20d0000 pid=3506 execve guuid=a73bb127-1800-0000-c2b1-7a2fb30d0000 pid=3507 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=a73bb127-1800-0000-c2b1-7a2fb30d0000 pid=3507 clone guuid=1e7eae28-1800-0000-c2b1-7a2fb50d0000 pid=3509 /usr/bin/wget net send-data guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=1e7eae28-1800-0000-c2b1-7a2fb50d0000 pid=3509 execve guuid=085ca52d-1800-0000-c2b1-7a2fbe0d0000 pid=3518 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=085ca52d-1800-0000-c2b1-7a2fbe0d0000 pid=3518 execve guuid=0316e12d-1800-0000-c2b1-7a2fbf0d0000 pid=3519 /usr/bin/dash guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=0316e12d-1800-0000-c2b1-7a2fbf0d0000 pid=3519 clone guuid=8d21e82d-1800-0000-c2b1-7a2fc00d0000 pid=3520 /usr/bin/wget net send-data write-file guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=8d21e82d-1800-0000-c2b1-7a2fc00d0000 pid=3520 execve guuid=0e949634-1800-0000-c2b1-7a2fcd0d0000 pid=3533 /usr/bin/chmod guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=0e949634-1800-0000-c2b1-7a2fcd0d0000 pid=3533 execve guuid=2ea70535-1800-0000-c2b1-7a2fce0d0000 pid=3534 /home/sandbox/x86_64 net guuid=9f469aee-1700-0000-c2b1-7a2f070d0000 pid=3335->guuid=2ea70535-1800-0000-c2b1-7a2fce0d0000 pid=3534 execve d7a8a074-3c0d-5bba-86a5-987a33f76043 185.208.158.140:80 guuid=9b9ed6ee-1700-0000-c2b1-7a2f080d0000 pid=3336->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=ae3354f7-1700-0000-c2b1-7a2f1d0d0000 pid=3357->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=83ebddfe-1700-0000-c2b1-7a2f360d0000 pid=3382->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=58a5da06-1800-0000-c2b1-7a2f3e0d0000 pid=3390->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=edc9df0a-1800-0000-c2b1-7a2f440d0000 pid=3396->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 134B guuid=f1e9fc13-1800-0000-c2b1-7a2f680d0000 pid=3432->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B guuid=280d071d-1800-0000-c2b1-7a2f8e0d0000 pid=3470->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 137B guuid=c362f120-1800-0000-c2b1-7a2f9f0d0000 pid=3487->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 133B guuid=1e7eae28-1800-0000-c2b1-7a2fb50d0000 pid=3509->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 135B guuid=8d21e82d-1800-0000-c2b1-7a2fc00d0000 pid=3520->d7a8a074-3c0d-5bba-86a5-987a33f76043 send: 136B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=2ea70535-1800-0000-c2b1-7a2fce0d0000 pid=3534->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535 /home/sandbox/x86_64 dns net send-data zombie guuid=2ea70535-1800-0000-c2b1-7a2fce0d0000 pid=3534->guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535 clone guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 29B 41eddc72-81b4-5704-b6ae-07075042401d bot.vac.lol:38241 guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535->41eddc72-81b4-5704-b6ae-07075042401d send: 14B guuid=f0f72f35-1800-0000-c2b1-7a2fd00d0000 pid=3536 /home/sandbox/x86_64 guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535->guuid=f0f72f35-1800-0000-c2b1-7a2fd00d0000 pid=3536 clone guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537 /home/sandbox/x86_64 net net-scan send-data guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535->guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537 clone guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538 /home/sandbox/x86_64 net net-scan send-data guuid=975c2635-1800-0000-c2b1-7a2fcf0d0000 pid=3535->guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538 clone guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537|send-data send-data to 4097 IP addresses review logs to see them all guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537->guuid=f5d13335-1800-0000-c2b1-7a2fd10d0000 pid=3537|send-data send guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfde47cf-37d6-5de4-984b-3960269a06b0 145.220.177.149:23 guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538->dfde47cf-37d6-5de4-984b-3960269a06b0 send: 40B guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538|send-data send-data to 4097 IP addresses review logs to see them all guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538->guuid=1fbf3935-1800-0000-c2b1-7a2fd20d0000 pid=3538|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-06-26 17:00:45 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zghu7kryduvgnz7mfd42eul4rydgmco6e3q7ubewlasp5niyp2va._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250626-vhng4awtct/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh c98f4faa381d2a66e7ec28f9a2517c8e066609de26e1fa04965824feb5187eaa

(this sample)

19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84

  
URLhaus
https://urlhaus.abuse.ch/url/3570300/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3570301/
  
Dropping
MD5 357b1387f396bfcc83dde25158b6ce8b
  
Dropping
SHA256 19da04015acaedbae56e0a3ffa9e7f848c0a287d6307e23c898c7a5ff4b9af84
  
URLhaus
https://urlhaus.abuse.ch/url/3570299/
  
URLhaus
https://urlhaus.abuse.ch/url/3570302/

Comments