MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7
SHA3-384 hash: 099c4495931d5dbec9d6c80b97c1c72221bea4df34acfae86387c527b80049d14bf6722f150113da8e467c5750ca4f88
SHA1 hash: d8f9ee9fb0115208553ae07b51016b0a04a8d036
MD5 hash: 7b79f1f962860ddc02ef695fb602a9c3
humanhash: grey-lithium-dakota-july
File name:busybox.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'659 bytes
First seen:2025-08-06 12:18:11 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:MNNkhjwNkMlHDjTm3LoaZyDa9bQN9NUD9nONkcZmrTNeV1lGN08:MTDllHvTOLocye9bQH+ZOxeTay/
TLSH T10F31CDCB172002350191BF87BE76EFDD300B54D93B678BA99A5D503CB188E39E8D6748
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://67.211.216.57/hiddenbin/Space.armn/an/aelf ua-wget
http://67.211.216.57/hiddenbin/Space.arm5n/an/aelf ua-wget
http://67.211.216.57/hiddenbin/Space.mpsln/an/aelf ua-wget
http://67.211.216.57/hiddenbin/Space.x86_64n/an/aelf ua-wget
http://67.211.216.57/hiddenbin/Space.spcn/an/aelf
http://67.211.216.57/hiddenbin/Space.sh4n/an/aelf ua-wget
https://files.catbox.moe/wx6ux4.arm698f6eb636832e43224c90d5155a81449e55711d58730032b42b2cac6c22fd178 Miraielf mirai ua-wget
https://files.catbox.moe/yif95i.arm7106897c6d275b67781760a8367bad06f98f3fe8fc00e29f7926afe64fabaafb6 Miraielf mirai ua-wget
https://files.catbox.moe/z9forn.mips8f0484e010f85acfdffcfb315d89d0a9dfd61635d6e47453261e4bee5efe4359 Miraielf mirai ua-wget
https://files.catbox.moe/o16ub7.x86911b426670513d423cdf8710e673b8d0753ea34ba71b60bf78ac78f834c6c9ad Miraielf mirai ua-wget
https://files.catbox.moe/4ir09s.ppc802b809fd820e3bfdb7ccd1f12e1d67800834563ebed30bf195c7baaf61b6f17 Miraielf mirai ua-wget
https://files.catbox.moe/nxwi5i.m68k58574f2a99d2d951a4f1384a2695d634635d79f68985dafefd69b573a222c6c6 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive obfuscated
Link:
https://www.filescan.io/uploads/68934817397fd3ce6f9f2668/reports/51ea3e4f-7f8b-490f-b122-fe5d00f95ec2/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b8dc8ed7-e1a6-4261-9f4c-2dac74608a1c
Behavior Graph:
Download SVG
%3 guuid=93897cdb-1600-0000-86a5-dab56d0d0000 pid=3437 /usr/bin/sudo guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444 /tmp/sample.bin guuid=93897cdb-1600-0000-86a5-dab56d0d0000 pid=3437->guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444 execve guuid=67a41cdd-1600-0000-86a5-dab5750d0000 pid=3445 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=67a41cdd-1600-0000-86a5-dab5750d0000 pid=3445 execve guuid=de625ddd-1600-0000-86a5-dab5770d0000 pid=3447 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=de625ddd-1600-0000-86a5-dab5770d0000 pid=3447 execve guuid=643ffce7-1600-0000-86a5-dab59f0d0000 pid=3487 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=643ffce7-1600-0000-86a5-dab59f0d0000 pid=3487 execve guuid=c4c732e8-1600-0000-86a5-dab5a00d0000 pid=3488 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=c4c732e8-1600-0000-86a5-dab5a00d0000 pid=3488 clone guuid=3b903ce8-1600-0000-86a5-dab5a10d0000 pid=3489 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=3b903ce8-1600-0000-86a5-dab5a10d0000 pid=3489 execve guuid=626274e8-1600-0000-86a5-dab5a20d0000 pid=3490 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=626274e8-1600-0000-86a5-dab5a20d0000 pid=3490 execve guuid=675bf6f2-1600-0000-86a5-dab5b70d0000 pid=3511 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=675bf6f2-1600-0000-86a5-dab5b70d0000 pid=3511 execve guuid=34614cf3-1600-0000-86a5-dab5b80d0000 pid=3512 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=34614cf3-1600-0000-86a5-dab5b80d0000 pid=3512 clone guuid=ec365ef3-1600-0000-86a5-dab5b90d0000 pid=3513 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=ec365ef3-1600-0000-86a5-dab5b90d0000 pid=3513 execve guuid=b33a9af3-1600-0000-86a5-dab5ba0d0000 pid=3514 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=b33a9af3-1600-0000-86a5-dab5ba0d0000 pid=3514 execve guuid=2cc71e36-1700-0000-86a5-dab5560e0000 pid=3670 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=2cc71e36-1700-0000-86a5-dab5560e0000 pid=3670 execve guuid=b58ae336-1700-0000-86a5-dab55a0e0000 pid=3674 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=b58ae336-1700-0000-86a5-dab55a0e0000 pid=3674 clone guuid=ff600e38-1700-0000-86a5-dab5610e0000 pid=3681 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=ff600e38-1700-0000-86a5-dab5610e0000 pid=3681 execve guuid=a4743e38-1700-0000-86a5-dab5620e0000 pid=3682 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=a4743e38-1700-0000-86a5-dab5620e0000 pid=3682 execve guuid=8e666f78-1700-0000-86a5-dab5350f0000 pid=3893 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=8e666f78-1700-0000-86a5-dab5350f0000 pid=3893 execve guuid=51a8ca78-1700-0000-86a5-dab5370f0000 pid=3895 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=51a8ca78-1700-0000-86a5-dab5370f0000 pid=3895 clone guuid=da957e79-1700-0000-86a5-dab53b0f0000 pid=3899 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=da957e79-1700-0000-86a5-dab53b0f0000 pid=3899 execve guuid=2f23d479-1700-0000-86a5-dab53d0f0000 pid=3901 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=2f23d479-1700-0000-86a5-dab53d0f0000 pid=3901 execve guuid=94689bb1-1700-0000-86a5-dab5d70f0000 pid=4055 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=94689bb1-1700-0000-86a5-dab5d70f0000 pid=4055 execve guuid=a0e70cb2-1700-0000-86a5-dab5d90f0000 pid=4057 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=a0e70cb2-1700-0000-86a5-dab5d90f0000 pid=4057 clone guuid=3cd2bab3-1700-0000-86a5-dab5de0f0000 pid=4062 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=3cd2bab3-1700-0000-86a5-dab5de0f0000 pid=4062 execve guuid=565109b4-1700-0000-86a5-dab5e00f0000 pid=4064 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=565109b4-1700-0000-86a5-dab5e00f0000 pid=4064 execve guuid=5aa5d6be-1700-0000-86a5-dab5fd0f0000 pid=4093 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=5aa5d6be-1700-0000-86a5-dab5fd0f0000 pid=4093 execve guuid=53fb58bf-1700-0000-86a5-dab5ff0f0000 pid=4095 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=53fb58bf-1700-0000-86a5-dab5ff0f0000 pid=4095 clone guuid=792176bf-1700-0000-86a5-dab502100000 pid=4098 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=792176bf-1700-0000-86a5-dab502100000 pid=4098 execve guuid=5cc8e9bf-1700-0000-86a5-dab503100000 pid=4099 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=5cc8e9bf-1700-0000-86a5-dab503100000 pid=4099 execve guuid=f0dbe8f6-1700-0000-86a5-dab5ab100000 pid=4267 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=f0dbe8f6-1700-0000-86a5-dab5ab100000 pid=4267 execve guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268 /tmp/Space.x86 net guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268 execve guuid=9f724323-1900-0000-86a5-dab523140000 pid=5155 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=9f724323-1900-0000-86a5-dab523140000 pid=5155 execve guuid=27e0bb23-1900-0000-86a5-dab525140000 pid=5157 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=27e0bb23-1900-0000-86a5-dab525140000 pid=5157 execve guuid=7d67b72e-1900-0000-86a5-dab52b140000 pid=5163 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=7d67b72e-1900-0000-86a5-dab52b140000 pid=5163 execve guuid=f731372f-1900-0000-86a5-dab52d140000 pid=5165 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=f731372f-1900-0000-86a5-dab52d140000 pid=5165 clone guuid=f03a562f-1900-0000-86a5-dab52e140000 pid=5166 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=f03a562f-1900-0000-86a5-dab52e140000 pid=5166 execve guuid=3f7b5930-1900-0000-86a5-dab531140000 pid=5169 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=3f7b5930-1900-0000-86a5-dab531140000 pid=5169 execve guuid=5cb61b6f-1900-0000-86a5-dab58c140000 pid=5260 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=5cb61b6f-1900-0000-86a5-dab58c140000 pid=5260 execve guuid=b0416570-1900-0000-86a5-dab58d140000 pid=5261 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=b0416570-1900-0000-86a5-dab58d140000 pid=5261 clone guuid=fd74f471-1900-0000-86a5-dab58f140000 pid=5263 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=fd74f471-1900-0000-86a5-dab58f140000 pid=5263 execve guuid=edaac072-1900-0000-86a5-dab590140000 pid=5264 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=edaac072-1900-0000-86a5-dab590140000 pid=5264 execve guuid=b175997d-1900-0000-86a5-dab59c140000 pid=5276 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=b175997d-1900-0000-86a5-dab59c140000 pid=5276 execve guuid=bada1e7e-1900-0000-86a5-dab59d140000 pid=5277 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=bada1e7e-1900-0000-86a5-dab59d140000 pid=5277 clone guuid=4658327e-1900-0000-86a5-dab59e140000 pid=5278 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=4658327e-1900-0000-86a5-dab59e140000 pid=5278 execve guuid=617bd27e-1900-0000-86a5-dab59f140000 pid=5279 /usr/bin/busybox dns net send-data write-file guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=617bd27e-1900-0000-86a5-dab59f140000 pid=5279 execve guuid=37012ec1-1900-0000-86a5-dab5a1140000 pid=5281 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=37012ec1-1900-0000-86a5-dab5a1140000 pid=5281 execve guuid=0b3c71c1-1900-0000-86a5-dab5a2140000 pid=5282 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=0b3c71c1-1900-0000-86a5-dab5a2140000 pid=5282 clone guuid=6158f5c1-1900-0000-86a5-dab5a4140000 pid=5284 /usr/bin/rm guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=6158f5c1-1900-0000-86a5-dab5a4140000 pid=5284 execve guuid=1a2a44c2-1900-0000-86a5-dab5a5140000 pid=5285 /usr/bin/busybox net send-data guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=1a2a44c2-1900-0000-86a5-dab5a5140000 pid=5285 execve guuid=4611d2cc-1900-0000-86a5-dab5a6140000 pid=5286 /usr/bin/chmod guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=4611d2cc-1900-0000-86a5-dab5a6140000 pid=5286 execve guuid=c0f216cd-1900-0000-86a5-dab5a7140000 pid=5287 /usr/bin/dash guuid=3ae5ebdc-1600-0000-86a5-dab5740d0000 pid=3444->guuid=c0f216cd-1900-0000-86a5-dab5a7140000 pid=5287 clone e0bbff35-760d-5374-96c2-6a4c5f25a645 67.211.216.57:80 guuid=de625ddd-1600-0000-86a5-dab5770d0000 pid=3447->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 95B guuid=626274e8-1600-0000-86a5-dab5a20d0000 pid=3490->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 96B 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=b33a9af3-1600-0000-86a5-dab5ba0d0000 pid=3514->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=e946c9f6-1600-0000-86a5-dab5bb0d0000 pid=3515 /usr/bin/openssl dns net send-data zombie guuid=b33a9af3-1600-0000-86a5-dab5ba0d0000 pid=3514->guuid=e946c9f6-1600-0000-86a5-dab5bb0d0000 pid=3515 execve guuid=e946c9f6-1600-0000-86a5-dab5bb0d0000 pid=3515->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B 1655a27d-2817-523c-b82e-ffa20d1e4c08 files.catbox.moe:443 guuid=e946c9f6-1600-0000-86a5-dab5bb0d0000 pid=3515->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 925B guuid=a4743e38-1700-0000-86a5-dab5620e0000 pid=3682->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=067a803a-1700-0000-86a5-dab56d0e0000 pid=3693 /usr/bin/openssl dns net send-data zombie guuid=a4743e38-1700-0000-86a5-dab5620e0000 pid=3682->guuid=067a803a-1700-0000-86a5-dab56d0e0000 pid=3693 execve guuid=067a803a-1700-0000-86a5-dab56d0e0000 pid=3693->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=067a803a-1700-0000-86a5-dab56d0e0000 pid=3693->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 925B guuid=2f23d479-1700-0000-86a5-dab53d0f0000 pid=3901->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=66d7247c-1700-0000-86a5-dab5450f0000 pid=3909 /usr/bin/openssl dns net send-data zombie guuid=2f23d479-1700-0000-86a5-dab53d0f0000 pid=3901->guuid=66d7247c-1700-0000-86a5-dab5450f0000 pid=3909 execve guuid=66d7247c-1700-0000-86a5-dab5450f0000 pid=3909->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=66d7247c-1700-0000-86a5-dab5450f0000 pid=3909->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 925B guuid=565109b4-1700-0000-86a5-dab5e00f0000 pid=4064->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 96B guuid=5cc8e9bf-1700-0000-86a5-dab503100000 pid=4099->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=2cc05bc2-1700-0000-86a5-dab509100000 pid=4105 /usr/bin/openssl dns net send-data zombie guuid=5cc8e9bf-1700-0000-86a5-dab503100000 pid=4099->guuid=2cc05bc2-1700-0000-86a5-dab509100000 pid=4105 execve guuid=2cc05bc2-1700-0000-86a5-dab509100000 pid=4105->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=2cc05bc2-1700-0000-86a5-dab509100000 pid=4105->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 924B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d6148cf7-1700-0000-86a5-dab5af100000 pid=4271 /tmp/Space.x86 guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268->guuid=d6148cf7-1700-0000-86a5-dab5af100000 pid=4271 clone guuid=5ae33223-1900-0000-86a5-dab521140000 pid=5153 /tmp/Space.x86 guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268->guuid=5ae33223-1900-0000-86a5-dab521140000 pid=5153 clone guuid=692a3923-1900-0000-86a5-dab522140000 pid=5154 /tmp/Space.x86 net send-data zombie guuid=c08020f7-1700-0000-86a5-dab5ac100000 pid=4268->guuid=692a3923-1900-0000-86a5-dab522140000 pid=5154 clone guuid=f56993f7-1700-0000-86a5-dab5b0100000 pid=4272 /tmp/Space.x86 guuid=d6148cf7-1700-0000-86a5-dab5af100000 pid=4271->guuid=f56993f7-1700-0000-86a5-dab5b0100000 pid=4272 clone guuid=a5a496f7-1700-0000-86a5-dab5b1100000 pid=4273 /tmp/Space.x86 net send-data zombie guuid=d6148cf7-1700-0000-86a5-dab5af100000 pid=4271->guuid=a5a496f7-1700-0000-86a5-dab5b1100000 pid=4273 clone guuid=a5a496f7-1700-0000-86a5-dab5b1100000 pid=4273->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 70526f79-017c-5e8c-885a-fd4188280584 67.211.216.57:3778 guuid=a5a496f7-1700-0000-86a5-dab5b1100000 pid=4273->70526f79-017c-5e8c-885a-fd4188280584 send: 1368B guuid=692a3923-1900-0000-86a5-dab522140000 pid=5154->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=692a3923-1900-0000-86a5-dab522140000 pid=5154->70526f79-017c-5e8c-885a-fd4188280584 send: 1188B guuid=27e0bb23-1900-0000-86a5-dab525140000 pid=5157->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 98B guuid=3f7b5930-1900-0000-86a5-dab531140000 pid=5169->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=6bb7ca32-1900-0000-86a5-dab535140000 pid=5173 /usr/bin/openssl dns net send-data zombie guuid=3f7b5930-1900-0000-86a5-dab531140000 pid=5169->guuid=6bb7ca32-1900-0000-86a5-dab535140000 pid=5173 execve guuid=6bb7ca32-1900-0000-86a5-dab535140000 pid=5173->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=6bb7ca32-1900-0000-86a5-dab535140000 pid=5173->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 924B guuid=edaac072-1900-0000-86a5-dab590140000 pid=5264->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 95B guuid=617bd27e-1900-0000-86a5-dab59f140000 pid=5279->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=f4c14481-1900-0000-86a5-dab5a0140000 pid=5280 /usr/bin/openssl dns net send-data zombie guuid=617bd27e-1900-0000-86a5-dab59f140000 pid=5279->guuid=f4c14481-1900-0000-86a5-dab5a0140000 pid=5280 execve guuid=f4c14481-1900-0000-86a5-dab5a0140000 pid=5280->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B guuid=f4c14481-1900-0000-86a5-dab5a0140000 pid=5280->1655a27d-2817-523c-b82e-ffa20d1e4c08 send: 925B guuid=1a2a44c2-1900-0000-86a5-dab5a5140000 pid=5285->e0bbff35-760d-5374-96c2-6a4c5f25a645 send: 95B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7
Threat name:
Linux.Downloader.ShellAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-08-06 12:20:05 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2efb5bnhbgctyun6mubmz26ndftn4lpc4mubhafmvdw26uyb32tq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250806-pgqyyawwbz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh d10a1e85a709853c51be6502ccebcd1966de2de2e3281380aca8edaf5301dea7

(this sample)

Mirai

elf a9371e13c7b581f6f8515eef479a470f0ee3beac9f23fd10f3b1f49ab3484946

Mirai

elf 98f6eb636832e43224c90d5155a81449e55711d58730032b42b2cac6c22fd178

  
URLhaus
https://urlhaus.abuse.ch/url/3597449/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7dec6ba2265295ee84c65b384cc5fff3
  
Dropping
SHA256 98f6eb636832e43224c90d5155a81449e55711d58730032b42b2cac6c22fd178

Comments