MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d
SHA3-384 hash: d5038e0226329c76b0d0972ef7e79f66cdb9840f3b2caca251754a0b15a1effe9475e9aecc54792e2087a901f1324f9c
SHA1 hash: d45af0283b35587253fe2e9958006daef83ffca1
MD5 hash: afac81170d9bb2a4b663041e66a25ce9
humanhash: rugby-earth-mexico-india
File name:x86.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'146 bytes
First seen:2025-11-16 19:20:31 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:AxoaqWNIQkD7vKCScDvSp3g0cSsMDufDJb1v:8NIxKCJ74QPthv
TLSH T1D621E4FA2019512652087B11B16A48366CBBF7E270729EF454BFE42351CF5D03B23E76
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/691a2431a130a437f88f1615/reports/25db00d8-f661-483f-8486-9e3fd77bc295/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-11-16T16:47:00Z UTC
Last seen:
2025-11-17T10:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7c98a9a9-2dfc-47aa-b3b3-e622c2a75079
Behavior Graph:
Download SVG
%3 guuid=013677ee-1800-0000-7c52-653f5a130000 pid=4954 /usr/bin/sudo guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963 /tmp/sample.bin guuid=013677ee-1800-0000-7c52-653f5a130000 pid=4954->guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963 execve guuid=a555a5f0-1800-0000-7c52-653f65130000 pid=4965 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=a555a5f0-1800-0000-7c52-653f65130000 pid=4965 execve guuid=d77681f7-1800-0000-7c52-653f81130000 pid=4993 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=d77681f7-1800-0000-7c52-653f81130000 pid=4993 execve guuid=a981c9f7-1800-0000-7c52-653f82130000 pid=4994 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=a981c9f7-1800-0000-7c52-653f82130000 pid=4994 clone guuid=5ffe39f9-1800-0000-7c52-653f87130000 pid=4999 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=5ffe39f9-1800-0000-7c52-653f87130000 pid=4999 execve guuid=aa2fb7fd-1800-0000-7c52-653f92130000 pid=5010 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=aa2fb7fd-1800-0000-7c52-653f92130000 pid=5010 execve guuid=2db256fe-1800-0000-7c52-653f96130000 pid=5014 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=2db256fe-1800-0000-7c52-653f96130000 pid=5014 clone guuid=5ab3e9ff-1800-0000-7c52-653f9f130000 pid=5023 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=5ab3e9ff-1800-0000-7c52-653f9f130000 pid=5023 execve guuid=47c89205-1900-0000-7c52-653fb5130000 pid=5045 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=47c89205-1900-0000-7c52-653fb5130000 pid=5045 execve guuid=65d0ce05-1900-0000-7c52-653fb7130000 pid=5047 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=65d0ce05-1900-0000-7c52-653fb7130000 pid=5047 clone guuid=4665f506-1900-0000-7c52-653fbd130000 pid=5053 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=4665f506-1900-0000-7c52-653fbd130000 pid=5053 execve guuid=156b590c-1900-0000-7c52-653fce130000 pid=5070 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=156b590c-1900-0000-7c52-653fce130000 pid=5070 execve guuid=9a37920c-1900-0000-7c52-653fd0130000 pid=5072 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=9a37920c-1900-0000-7c52-653fd0130000 pid=5072 clone guuid=288c090d-1900-0000-7c52-653fd6130000 pid=5078 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=288c090d-1900-0000-7c52-653fd6130000 pid=5078 execve guuid=9c363912-1900-0000-7c52-653fe9130000 pid=5097 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=9c363912-1900-0000-7c52-653fe9130000 pid=5097 execve guuid=328dba12-1900-0000-7c52-653feb130000 pid=5099 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=328dba12-1900-0000-7c52-653feb130000 pid=5099 clone guuid=18e62b13-1900-0000-7c52-653fef130000 pid=5103 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=18e62b13-1900-0000-7c52-653fef130000 pid=5103 execve guuid=7e9d8317-1900-0000-7c52-653ff8130000 pid=5112 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=7e9d8317-1900-0000-7c52-653ff8130000 pid=5112 execve guuid=a7a2d717-1900-0000-7c52-653ffa130000 pid=5114 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=a7a2d717-1900-0000-7c52-653ffa130000 pid=5114 clone guuid=36474518-1900-0000-7c52-653ffd130000 pid=5117 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=36474518-1900-0000-7c52-653ffd130000 pid=5117 execve guuid=76d24f1d-1900-0000-7c52-653f09140000 pid=5129 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=76d24f1d-1900-0000-7c52-653f09140000 pid=5129 execve guuid=2d2ba91d-1900-0000-7c52-653f0c140000 pid=5132 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=2d2ba91d-1900-0000-7c52-653f0c140000 pid=5132 clone guuid=391cba1d-1900-0000-7c52-653f0d140000 pid=5133 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=391cba1d-1900-0000-7c52-653f0d140000 pid=5133 execve guuid=cd8dd523-1900-0000-7c52-653f1e140000 pid=5150 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=cd8dd523-1900-0000-7c52-653f1e140000 pid=5150 execve guuid=1c274c24-1900-0000-7c52-653f20140000 pid=5152 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=1c274c24-1900-0000-7c52-653f20140000 pid=5152 clone guuid=c8000f25-1900-0000-7c52-653f24140000 pid=5156 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=c8000f25-1900-0000-7c52-653f24140000 pid=5156 execve guuid=6f30a92a-1900-0000-7c52-653f2f140000 pid=5167 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=6f30a92a-1900-0000-7c52-653f2f140000 pid=5167 execve guuid=25a3ea2a-1900-0000-7c52-653f31140000 pid=5169 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=25a3ea2a-1900-0000-7c52-653f31140000 pid=5169 clone guuid=70e3412c-1900-0000-7c52-653f36140000 pid=5174 /usr/bin/wget net send-data write-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=70e3412c-1900-0000-7c52-653f36140000 pid=5174 execve guuid=0f38fe31-1900-0000-7c52-653f45140000 pid=5189 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=0f38fe31-1900-0000-7c52-653f45140000 pid=5189 execve guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191 /home/sandbox/UnHAnaAW.x86 net guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191 execve guuid=e4428f32-1900-0000-7c52-653f4b140000 pid=5195 /usr/bin/wget net send-data guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=e4428f32-1900-0000-7c52-653f4b140000 pid=5195 execve guuid=17571b41-1900-0000-7c52-653f55140000 pid=5205 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=17571b41-1900-0000-7c52-653f55140000 pid=5205 execve guuid=b1bcb441-1900-0000-7c52-653f56140000 pid=5206 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=b1bcb441-1900-0000-7c52-653f56140000 pid=5206 clone guuid=7583d141-1900-0000-7c52-653f57140000 pid=5207 /usr/bin/wget net send-data guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=7583d141-1900-0000-7c52-653f57140000 pid=5207 execve guuid=c6837946-1900-0000-7c52-653f67140000 pid=5223 /usr/bin/chmod guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=c6837946-1900-0000-7c52-653f67140000 pid=5223 execve guuid=303ad046-1900-0000-7c52-653f69140000 pid=5225 /usr/bin/dash guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=303ad046-1900-0000-7c52-653f69140000 pid=5225 clone guuid=1aef0e47-1900-0000-7c52-653f6b140000 pid=5227 /usr/bin/rm delete-file guuid=56cf6ef0-1800-0000-7c52-653f63130000 pid=4963->guuid=1aef0e47-1900-0000-7c52-653f6b140000 pid=5227 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=a555a5f0-1800-0000-7c52-653f65130000 pid=4965->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=5ffe39f9-1800-0000-7c52-653f87130000 pid=4999->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=5ab3e9ff-1800-0000-7c52-653f9f130000 pid=5023->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=4665f506-1900-0000-7c52-653fbd130000 pid=5053->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=288c090d-1900-0000-7c52-653fd6130000 pid=5078->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=18e62b13-1900-0000-7c52-653fef130000 pid=5103->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=36474518-1900-0000-7c52-653ffd130000 pid=5117->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=391cba1d-1900-0000-7c52-653f0d140000 pid=5133->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=c8000f25-1900-0000-7c52-653f24140000 pid=5156->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=70e3412c-1900-0000-7c52-653f36140000 pid=5174->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=36ba7d32-1900-0000-7c52-653f48140000 pid=5192 /home/sandbox/UnHAnaAW.x86 guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191->guuid=36ba7d32-1900-0000-7c52-653f48140000 pid=5192 clone guuid=7d088232-1900-0000-7c52-653f49140000 pid=5193 /home/sandbox/UnHAnaAW.x86 guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191->guuid=7d088232-1900-0000-7c52-653f49140000 pid=5193 clone guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=8d305132-1900-0000-7c52-653f47140000 pid=5191->guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194 clone guuid=0f74177c-1e00-0000-7c52-653fbd140000 pid=5309 /home/sandbox/UnHAnaAW.x86 guuid=36ba7d32-1900-0000-7c52-653f48140000 pid=5192->guuid=0f74177c-1e00-0000-7c52-653fbd140000 pid=5309 clone guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310 /home/sandbox/UnHAnaAW.x86 net zombie guuid=36ba7d32-1900-0000-7c52-653f48140000 pid=5192->guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310 clone guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 21B guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196 clone guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197 clone guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198 clone guuid=63dc9f32-1900-0000-7c52-653f4f140000 pid=5199 /home/sandbox/UnHAnaAW.x86 net guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=63dc9f32-1900-0000-7c52-653f4f140000 pid=5199 clone guuid=3701a432-1900-0000-7c52-653f50140000 pid=5200 /home/sandbox/UnHAnaAW.x86 guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=3701a432-1900-0000-7c52-653f50140000 pid=5200 clone guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201 clone guuid=6e9dedde-2200-0000-7c52-653fc7140000 pid=5319 /home/sandbox/UnHAnaAW.x86 net guuid=dedb8832-1900-0000-7c52-653f4a140000 pid=5194->guuid=6e9dedde-2200-0000-7c52-653fc7140000 pid=5319 clone guuid=e4428f32-1900-0000-7c52-653f4b140000 pid=5195->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 144B guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196|send-data send-data to 4097 IP addresses review logs to see them all guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196->guuid=93969132-1900-0000-7c52-653f4c140000 pid=5196|send-data send guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con d010675d-09df-5acf-ac65-d7226df13b03 88.255.154.73:80 guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197->d010675d-09df-5acf-ac65-d7226df13b03 send: 40B 3e6ba477-80b5-58fa-9b60-bc633a8ac237 88.76.200.250:80 guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197->3e6ba477-80b5-58fa-9b60-bc633a8ac237 send: 40B guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197|send-data send-data to 4097 IP addresses review logs to see them all guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197->guuid=96629632-1900-0000-7c52-653f4d140000 pid=5197|send-data send guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 71587b74-859d-5e70-b1b2-e803d1bcfea3 62.192.142.159:8080 guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198->71587b74-859d-5e70-b1b2-e803d1bcfea3 send: 40B guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198|send-data send-data to 4097 IP addresses review logs to see them all guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198->guuid=d1f59a32-1900-0000-7c52-653f4e140000 pid=5198|send-data send guuid=63dc9f32-1900-0000-7c52-653f4f140000 pid=5199->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=d3a04c8d-1e00-0000-7c52-653fc5140000 pid=5317 /home/sandbox/UnHAnaAW.x86 guuid=63dc9f32-1900-0000-7c52-653f4f140000 pid=5199->guuid=d3a04c8d-1e00-0000-7c52-653fc5140000 pid=5317 clone guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=63dc9f32-1900-0000-7c52-653f4f140000 pid=5199->guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318 clone guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 75628a88-5297-5564-8352-73fc9da60239 94.120.222.10:23 guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201->75628a88-5297-5564-8352-73fc9da60239 send: 40B guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201|send-data send-data to 4097 IP addresses review logs to see them all guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201->guuid=a16da732-1900-0000-7c52-653f51140000 pid=5201|send-data send guuid=7583d141-1900-0000-7c52-653f57140000 pid=5207->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311 clone guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312 clone guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313 clone guuid=7a81577c-1e00-0000-7c52-653fc2140000 pid=5314 /home/sandbox/UnHAnaAW.x86 net guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=7a81577c-1e00-0000-7c52-653fc2140000 pid=5314 clone guuid=0b5c5b7c-1e00-0000-7c52-653fc3140000 pid=5315 /home/sandbox/UnHAnaAW.x86 guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=0b5c5b7c-1e00-0000-7c52-653fc3140000 pid=5315 clone guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6445227c-1e00-0000-7c52-653fbe140000 pid=5310->guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316 clone guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311|send-data send-data to 4097 IP addresses review logs to see them all guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311->guuid=5e49427c-1e00-0000-7c52-653fbf140000 pid=5311|send-data send guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312|send-data send-data to 4097 IP addresses review logs to see them all guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312->guuid=79244c7c-1e00-0000-7c52-653fc0140000 pid=5312|send-data send guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313|send-data send-data to 4097 IP addresses review logs to see them all guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313->guuid=9578517c-1e00-0000-7c52-653fc1140000 pid=5313|send-data send guuid=7a81577c-1e00-0000-7c52-653fc2140000 pid=5314->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=503688b5-2300-0000-7c52-653fc9140000 pid=5321 /home/sandbox/UnHAnaAW.x86 guuid=7a81577c-1e00-0000-7c52-653fc2140000 pid=5314->guuid=503688b5-2300-0000-7c52-653fc9140000 pid=5321 clone guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=7a81577c-1e00-0000-7c52-653fc2140000 pid=5314->guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322 clone guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316|send-data send-data to 4097 IP addresses review logs to see them all guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316->guuid=5cb05f7c-1e00-0000-7c52-653fc4140000 pid=5316|send-data send guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318|send-data send-data to 4097 IP addresses review logs to see them all guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318->guuid=d3a95b8d-1e00-0000-7c52-653fc6140000 pid=5318|send-data send f7867669-cdd0-5280-ab8d-caa3eb1a3e64 45.133.73.125:52219 guuid=6e9dedde-2200-0000-7c52-653fc7140000 pid=5319->f7867669-cdd0-5280-ab8d-caa3eb1a3e64 con guuid=a54df6de-2200-0000-7c52-653fc8140000 pid=5320 /home/sandbox/UnHAnaAW.x86 guuid=6e9dedde-2200-0000-7c52-653fc7140000 pid=5319->guuid=a54df6de-2200-0000-7c52-653fc8140000 pid=5320 clone guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322|send-data send-data to 4097 IP addresses review logs to see them all guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322->guuid=75ce8db5-2300-0000-7c52-653fca140000 pid=5322|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-11-16 19:21:21 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3j2u2uepyo47vytclff5qvi4gtnpsv2vf5pmmhs2pvc3d7kho56q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251116-x2tvbswmfz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh da754d508fc3b9fae262594bd8551c34daf957552f5ec61e5a7d45b1fd47777d

(this sample)

Mirai

elf 22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91

  
URLhaus
https://urlhaus.abuse.ch/url/3710022/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f42fc7ce4933c752481704986aad715
  
Dropping
SHA256 22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91

Comments