MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800
SHA3-384 hash: 65f2cc2563b1cb7cf2f0f4341fca939c109771c47d39d155210e2a702c92dbafa3c7562c360352128cddcd030dd68cd0
SHA1 hash: b1523bfa20f0a6827ee0078de793796ee530fb90
MD5 hash: 332d235a20949850cf15586dcdedd476
humanhash: iowa-moon-apart-mirror
File name:example.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'555 bytes
First seen:2025-08-11 07:36:17 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:8jC/G77B752QOHv2QOD1N1zL46446hH+aVz2pRDRA7f7g2J:8jEG77B74YxHh46446hH+aVz2pRDRA7x
TLSH T1D55152C84061A8134ECC8E8DB1E9C069670A88E918CF7B68DC7E4C71CC9253CBD6B91E
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.73.207/villain.armf07a1b83b81510743ee23761745ee45e645842913fb3120693e6e8c0d5bbf4fe Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.arm525ea8b89b18072591b655e094800584bd66cb10f8df6869db12dece8d40297ec Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.arm665645e8f98e512a5346eaf9439f5373484eb2cdae06a11e544c169945d433dd3 Miraielf geofenced mirai ua-wget USA
http://196.251.73.207/villain.arm73d7320862218df8a838c54293ff5d2b2b586f8156a24afdb2663412eee5c7dfe Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.m68k913087cf423d053624f065971c179f32b695ad4187e10358672a4330de2cd0fd Miraielf geofenced mirai ua-wget USA
http://196.251.73.207/villain.mips7a8729ab95a999bebf68d7d96bda025f87176ffed176fa54e882e46ac75472b4 Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.mpslb1c1b0123eb9d4b435ac38f13138b7800d8159636a938062c87530219edc2ff1 Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.ppc6c465b0ab802f25af21d28252dc3f33150b7ad9e45bbf00efc7d770ffca9a0cb Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.sh4af81e4f3b2621e6a67d6d9ea1617812ed0a750dbb5403e8473b58397ec908702 Miraielf geofenced mirai ua-wget USA
http://196.251.73.207/villain.spcn/an/an/a
http://196.251.73.207/villain.x86923563cc83fc4423d54509112bd3db6047408fcc3ee5ee10cc5c89021ba34938 Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget
http://196.251.73.207/villain.x86_640e8b4e8de3614d75c8e00a0393298dfc657054468aa9ebd241d7cf385daf5859 Mirai32-bit arm botnet botnet-killer elf malware mips mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8c38828b-6bf7-47fa-b32c-9d31053b4902
Behavior Graph:
Download SVG
%3 guuid=16834230-1600-0000-e306-e855cd0c0000 pid=3277 /usr/bin/sudo guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285 /tmp/sample.bin guuid=16834230-1600-0000-e306-e855cd0c0000 pid=3277->guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285 execve guuid=8c7b2432-1600-0000-e306-e855d70c0000 pid=3287 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=8c7b2432-1600-0000-e306-e855d70c0000 pid=3287 execve guuid=45c4dc7b-1600-0000-e306-e8555a0d0000 pid=3418 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=45c4dc7b-1600-0000-e306-e8555a0d0000 pid=3418 execve guuid=4cbe4e7c-1600-0000-e306-e8555c0d0000 pid=3420 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=4cbe4e7c-1600-0000-e306-e8555c0d0000 pid=3420 clone guuid=ac28397d-1600-0000-e306-e855600d0000 pid=3424 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=ac28397d-1600-0000-e306-e855600d0000 pid=3424 execve guuid=fce41f84-1600-0000-e306-e855700d0000 pid=3440 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=fce41f84-1600-0000-e306-e855700d0000 pid=3440 execve guuid=c3cd9b84-1600-0000-e306-e855720d0000 pid=3442 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=c3cd9b84-1600-0000-e306-e855720d0000 pid=3442 clone guuid=ce116b86-1600-0000-e306-e855770d0000 pid=3447 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=ce116b86-1600-0000-e306-e855770d0000 pid=3447 execve guuid=42de9390-1600-0000-e306-e8558f0d0000 pid=3471 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=42de9390-1600-0000-e306-e8558f0d0000 pid=3471 execve guuid=08d01191-1600-0000-e306-e855910d0000 pid=3473 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=08d01191-1600-0000-e306-e855910d0000 pid=3473 clone guuid=3b741293-1600-0000-e306-e855980d0000 pid=3480 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3b741293-1600-0000-e306-e855980d0000 pid=3480 execve guuid=5fdef59a-1600-0000-e306-e855a90d0000 pid=3497 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=5fdef59a-1600-0000-e306-e855a90d0000 pid=3497 execve guuid=3c0d6a9b-1600-0000-e306-e855ac0d0000 pid=3500 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3c0d6a9b-1600-0000-e306-e855ac0d0000 pid=3500 clone guuid=07d1eb9d-1600-0000-e306-e855ae0d0000 pid=3502 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=07d1eb9d-1600-0000-e306-e855ae0d0000 pid=3502 execve guuid=c0ee08dc-1600-0000-e306-e8552c0e0000 pid=3628 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=c0ee08dc-1600-0000-e306-e8552c0e0000 pid=3628 execve guuid=ea7744dc-1600-0000-e306-e8552d0e0000 pid=3629 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=ea7744dc-1600-0000-e306-e8552d0e0000 pid=3629 clone guuid=60bcf8dc-1600-0000-e306-e855310e0000 pid=3633 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=60bcf8dc-1600-0000-e306-e855310e0000 pid=3633 execve guuid=a0de2662-1700-0000-e306-e855bf0f0000 pid=4031 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=a0de2662-1700-0000-e306-e855bf0f0000 pid=4031 execve guuid=9ab2a562-1700-0000-e306-e855c10f0000 pid=4033 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=9ab2a562-1700-0000-e306-e855c10f0000 pid=4033 clone guuid=9efea363-1700-0000-e306-e855c50f0000 pid=4037 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=9efea363-1700-0000-e306-e855c50f0000 pid=4037 execve guuid=3eff50b0-1700-0000-e306-e85584100000 pid=4228 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3eff50b0-1700-0000-e306-e85584100000 pid=4228 execve guuid=8393aeb0-1700-0000-e306-e85586100000 pid=4230 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=8393aeb0-1700-0000-e306-e85586100000 pid=4230 clone guuid=7eef7fb1-1700-0000-e306-e85589100000 pid=4233 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=7eef7fb1-1700-0000-e306-e85589100000 pid=4233 execve guuid=7241e3bb-1700-0000-e306-e855a6100000 pid=4262 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=7241e3bb-1700-0000-e306-e855a6100000 pid=4262 execve guuid=51bf50bc-1700-0000-e306-e855a8100000 pid=4264 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=51bf50bc-1700-0000-e306-e855a8100000 pid=4264 clone guuid=130148bd-1700-0000-e306-e855ad100000 pid=4269 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=130148bd-1700-0000-e306-e855ad100000 pid=4269 execve guuid=933ddfc8-1700-0000-e306-e855cd100000 pid=4301 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=933ddfc8-1700-0000-e306-e855cd100000 pid=4301 execve guuid=c8f158c9-1700-0000-e306-e855cf100000 pid=4303 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=c8f158c9-1700-0000-e306-e855cf100000 pid=4303 clone guuid=6abd1cca-1700-0000-e306-e855d3100000 pid=4307 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=6abd1cca-1700-0000-e306-e855d3100000 pid=4307 execve guuid=42461a97-1800-0000-e306-e855c2120000 pid=4802 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=42461a97-1800-0000-e306-e855c2120000 pid=4802 execve guuid=bf6d8997-1800-0000-e306-e855c3120000 pid=4803 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=bf6d8997-1800-0000-e306-e855c3120000 pid=4803 clone guuid=211af098-1800-0000-e306-e855c9120000 pid=4809 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=211af098-1800-0000-e306-e855c9120000 pid=4809 execve guuid=714469a6-1800-0000-e306-e855ec120000 pid=4844 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=714469a6-1800-0000-e306-e855ec120000 pid=4844 execve guuid=73f2aea6-1800-0000-e306-e855ee120000 pid=4846 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=73f2aea6-1800-0000-e306-e855ee120000 pid=4846 clone guuid=d6e0dca8-1800-0000-e306-e855f5120000 pid=4853 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=d6e0dca8-1800-0000-e306-e855f5120000 pid=4853 execve guuid=1b47cbd5-1800-0000-e306-e85554130000 pid=4948 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=1b47cbd5-1800-0000-e306-e85554130000 pid=4948 execve guuid=16d24dd6-1800-0000-e306-e85556130000 pid=4950 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=16d24dd6-1800-0000-e306-e85556130000 pid=4950 clone guuid=af1242d7-1800-0000-e306-e8555b130000 pid=4955 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=af1242d7-1800-0000-e306-e8555b130000 pid=4955 execve guuid=d62ed4e3-1800-0000-e306-e85579130000 pid=4985 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=d62ed4e3-1800-0000-e306-e85579130000 pid=4985 execve guuid=1b3044e4-1800-0000-e306-e8557b130000 pid=4987 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=1b3044e4-1800-0000-e306-e8557b130000 pid=4987 clone guuid=18ad38e5-1800-0000-e306-e8557f130000 pid=4991 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=18ad38e5-1800-0000-e306-e8557f130000 pid=4991 execve guuid=619550f1-1800-0000-e306-e85599130000 pid=5017 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=619550f1-1800-0000-e306-e85599130000 pid=5017 execve guuid=f166d2f1-1800-0000-e306-e8559b130000 pid=5019 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=f166d2f1-1800-0000-e306-e8559b130000 pid=5019 clone guuid=e73e8ff3-1800-0000-e306-e855a0130000 pid=5024 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=e73e8ff3-1800-0000-e306-e855a0130000 pid=5024 execve guuid=7c0dcc3a-1900-0000-e306-e8553d140000 pid=5181 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=7c0dcc3a-1900-0000-e306-e8553d140000 pid=5181 execve guuid=d932423b-1900-0000-e306-e8553e140000 pid=5182 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=d932423b-1900-0000-e306-e8553e140000 pid=5182 clone guuid=808f313d-1900-0000-e306-e85543140000 pid=5187 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=808f313d-1900-0000-e306-e85543140000 pid=5187 execve guuid=98ea9843-1900-0000-e306-e8554e140000 pid=5198 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=98ea9843-1900-0000-e306-e8554e140000 pid=5198 execve guuid=cd41ee43-1900-0000-e306-e85550140000 pid=5200 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=cd41ee43-1900-0000-e306-e85550140000 pid=5200 clone guuid=2a8db145-1900-0000-e306-e85556140000 pid=5206 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=2a8db145-1900-0000-e306-e85556140000 pid=5206 execve guuid=132a7752-1900-0000-e306-e8557c140000 pid=5244 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=132a7752-1900-0000-e306-e8557c140000 pid=5244 execve guuid=812ee752-1900-0000-e306-e85580140000 pid=5248 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=812ee752-1900-0000-e306-e85580140000 pid=5248 clone guuid=9558ea53-1900-0000-e306-e85587140000 pid=5255 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=9558ea53-1900-0000-e306-e85587140000 pid=5255 execve guuid=3aeafa5b-1900-0000-e306-e855a0140000 pid=5280 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3aeafa5b-1900-0000-e306-e855a0140000 pid=5280 execve guuid=2b55515c-1900-0000-e306-e855a1140000 pid=5281 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=2b55515c-1900-0000-e306-e855a1140000 pid=5281 clone guuid=63b5025d-1900-0000-e306-e855a3140000 pid=5283 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=63b5025d-1900-0000-e306-e855a3140000 pid=5283 execve guuid=88ecc763-1900-0000-e306-e855a4140000 pid=5284 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=88ecc763-1900-0000-e306-e855a4140000 pid=5284 execve guuid=2ffb2b64-1900-0000-e306-e855a5140000 pid=5285 /home/sandbox/villain.spc guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=2ffb2b64-1900-0000-e306-e855a5140000 pid=5285 execve guuid=87dd9964-1900-0000-e306-e855a6140000 pid=5286 /usr/bin/busybox net send-data guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=87dd9964-1900-0000-e306-e855a6140000 pid=5286 execve guuid=5afaaf68-1900-0000-e306-e855a7140000 pid=5287 /usr/bin/curl net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=5afaaf68-1900-0000-e306-e855a7140000 pid=5287 execve guuid=3749737b-1900-0000-e306-e855b3140000 pid=5299 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3749737b-1900-0000-e306-e855b3140000 pid=5299 execve guuid=3042a87b-1900-0000-e306-e855b4140000 pid=5300 /home/sandbox/villain.x86 delete-file net guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3042a87b-1900-0000-e306-e855b4140000 pid=5300 execve guuid=4205cd7b-1900-0000-e306-e855b6140000 pid=5302 /usr/bin/busybox net send-data write-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=4205cd7b-1900-0000-e306-e855b6140000 pid=5302 execve guuid=3179948b-1900-0000-e306-e855b9140000 pid=5305 /usr/bin/chmod guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=3179948b-1900-0000-e306-e855b9140000 pid=5305 execve guuid=8b30f08b-1900-0000-e306-e855ba140000 pid=5306 /home/sandbox/villain.x86 delete-file net guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=8b30f08b-1900-0000-e306-e855ba140000 pid=5306 execve guuid=0174238c-1900-0000-e306-e855bc140000 pid=5308 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=0174238c-1900-0000-e306-e855bc140000 pid=5308 clone guuid=c0b7598c-1900-0000-e306-e855bd140000 pid=5309 /usr/bin/dash guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=c0b7598c-1900-0000-e306-e855bd140000 pid=5309 clone guuid=bd1db78c-1900-0000-e306-e855bf140000 pid=5311 /usr/bin/rm delete-file guuid=df6be931-1600-0000-e306-e855d50c0000 pid=3285->guuid=bd1db78c-1900-0000-e306-e855bf140000 pid=5311 execve 3ba94dba-2c49-5eb6-a8aa-0f169648a3da 196.251.73.207:80 guuid=8c7b2432-1600-0000-e306-e855d70c0000 pid=3287->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=ac28397d-1600-0000-e306-e855600d0000 pid=3424->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 88B guuid=ce116b86-1600-0000-e306-e855770d0000 pid=3447->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=3b741293-1600-0000-e306-e855980d0000 pid=3480->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=07d1eb9d-1600-0000-e306-e855ae0d0000 pid=3502->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=60bcf8dc-1600-0000-e306-e855310e0000 pid=3633->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=9efea363-1700-0000-e306-e855c50f0000 pid=4037->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=7eef7fb1-1700-0000-e306-e85589100000 pid=4233->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=130148bd-1700-0000-e306-e855ad100000 pid=4269->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=6abd1cca-1700-0000-e306-e855d3100000 pid=4307->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=211af098-1800-0000-e306-e855c9120000 pid=4809->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=d6e0dca8-1800-0000-e306-e855f5120000 pid=4853->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=af1242d7-1800-0000-e306-e8555b130000 pid=4955->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 90B guuid=18ad38e5-1800-0000-e306-e8557f130000 pid=4991->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=e73e8ff3-1800-0000-e306-e855a0130000 pid=5024->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=808f313d-1900-0000-e306-e85543140000 pid=5187->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 88B guuid=2a8db145-1900-0000-e306-e85556140000 pid=5206->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=9558ea53-1900-0000-e306-e85587140000 pid=5255->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 88B guuid=63b5025d-1900-0000-e306-e855a3140000 pid=5283->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B guuid=87dd9964-1900-0000-e306-e855a6140000 pid=5286->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 88B guuid=5afaaf68-1900-0000-e306-e855a7140000 pid=5287->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=3042a87b-1900-0000-e306-e855b4140000 pid=5300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6389c67b-1900-0000-e306-e855b5140000 pid=5301 /home/sandbox/villain.x86 dns net send-data zombie guuid=3042a87b-1900-0000-e306-e855b4140000 pid=5300->guuid=6389c67b-1900-0000-e306-e855b5140000 pid=5301 clone guuid=6389c67b-1900-0000-e306-e855b5140000 pid=5301->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B 78c08d02-5975-5582-a19e-d63d3f82c332 idk.daga.house:2323 guuid=6389c67b-1900-0000-e306-e855b5140000 pid=5301->78c08d02-5975-5582-a19e-d63d3f82c332 send: 10B guuid=313ad77b-1900-0000-e306-e855b7140000 pid=5303 /home/sandbox/villain.x86 guuid=6389c67b-1900-0000-e306-e855b5140000 pid=5301->guuid=313ad77b-1900-0000-e306-e855b7140000 pid=5303 clone guuid=4205cd7b-1900-0000-e306-e855b6140000 pid=5302->3ba94dba-2c49-5eb6-a8aa-0f169648a3da send: 88B guuid=59f7e77b-1900-0000-e306-e855b8140000 pid=5304 /home/sandbox/villain.x86 guuid=313ad77b-1900-0000-e306-e855b7140000 pid=5303->guuid=59f7e77b-1900-0000-e306-e855b8140000 pid=5304 clone guuid=8b30f08b-1900-0000-e306-e855ba140000 pid=5306->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9f531c8c-1900-0000-e306-e855bb140000 pid=5307 /home/sandbox/villain.x86 delete-file dns net send-data zombie guuid=8b30f08b-1900-0000-e306-e855ba140000 pid=5306->guuid=9f531c8c-1900-0000-e306-e855bb140000 pid=5307 clone guuid=9f531c8c-1900-0000-e306-e855bb140000 pid=5307->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B guuid=9f531c8c-1900-0000-e306-e855bb140000 pid=5307->78c08d02-5975-5582-a19e-d63d3f82c332 send: 10B guuid=c06a778c-1900-0000-e306-e855be140000 pid=5310 /home/sandbox/villain.x86 guuid=9f531c8c-1900-0000-e306-e855bb140000 pid=5307->guuid=c06a778c-1900-0000-e306-e855be140000 pid=5310 clone guuid=8214be8c-1900-0000-e306-e855c0140000 pid=5312 /home/sandbox/villain.x86 guuid=c06a778c-1900-0000-e306-e855be140000 pid=5310->guuid=8214be8c-1900-0000-e306-e855c0140000 pid=5312 clone
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-11 08:22:18 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4i4jnms2ljbnusytu2kh72vr3xpdy4lsq3wxd7n4zq6jpnkkvaaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250811-j9s14sylv7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e23896b25a5a42da4b13a6947feab1ddde3c717286ed71fdbccc3c97b54aa800

(this sample)

Mirai

elf f07a1b83b81510743ee23761745ee45e645842913fb3120693e6e8c0d5bbf4fe

  
URLhaus
https://urlhaus.abuse.ch/url/3600591/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6d4786d6d07e17d5d600af13ee2f2836
  
Dropping
SHA256 f07a1b83b81510743ee23761745ee45e645842913fb3120693e6e8c0d5bbf4fe

Comments