MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b
SHA3-384 hash: bca23f8c4a89ab6d9947642675fbea0fe24518676c7b161c40af8092d3715d3e93e5378f6aec087047a22b65b4bf29cc
SHA1 hash: 4d48294e73e3351519bb02e7c9957d20eeb894c5
MD5 hash: 2f317e9245db7871e85474c0d1afffaf
humanhash: edward-uniform-saturn-saturn
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:798 bytes
First seen:2025-08-19 18:04:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:5ogYUxNI7lBKV8+I5xjiLT5wklRFtu6RHUjn:5ogYUslB2ZI5xOf5wya6R0j
TLSH T193010CDE773671665B04CF34726644889136B3C033B02B6ABCD61CB3C8D9A00B22EE6D
Magika txt
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.97.24.65/systemcl/arma2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm5467ca3ecdb388a31f9687f3f93134ae992fbfbe2936cfbd700c3d198b3b65ecb Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm67a4627901da5e02ceacaf688cc103b4944a3cf75b4f1f4316ee638893eaa4104 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/arm71745a1dc09e108e719186017f4d6f10e1835aa4ba3f74b50b8394e3268c66524 Miraiarm elf geofenced mirai ua-wget USA
http://31.97.24.65/systemcl/m68k19abfca0200531ee5ddc2dd7bc4454af84d9ffe0ef2e12cd2a54fc828ebdc659 Miraielf geofenced m68k mirai ua-wget USA
http://31.97.24.65/systemcl/mipsad42066092b60784e1579fb3742cf3a41450dacc13b254e9c3a0c5b84aaf0db4 Miraielf geofenced mips mirai ua-wget USA
http://31.97.24.65/systemcl/mpsl7365564e3fc5bc60caa91eb8b6b87a6d8da423389be87134899fcd0caaeb3242 Miraielf geofenced mips mirai ua-wget USA
http://31.97.24.65/systemcl/ppcabfd19ac36a02a8d3552a65a6e023b7499af427f7ea558cbc5064b8475bd955e Miraielf geofenced mirai PowerPC ua-wget USA
http://31.97.24.65/systemcl/sh4b5d5a320320766751e9a1e31bc6ff850196e0c3f0b5baee15eee600b8a3cdae2 Miraielf geofenced mirai SuperH ua-wget USA
http://31.97.24.65/systemcl/spc2b4e44a8a37c63ce0a2c007bb22d903ae9d13b643b6b556f4d15199926cdd54c Miraielf geofenced mirai sparc ua-wget USA
http://31.97.24.65/systemcl/x862e9b4bb064c078485eab38389da45cfecd1f865d77cd5c199ae3c2fe195daf72 Miraielf geofenced mirai ua-wget USA x86
http://31.97.24.65/systemcl/x86_6447a0fa2b9aa3ebdb48324d5ad43903187a528176193716db81991191b3d3b230 Miraiarc elf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a4bcb7abfbaec31825f3c9/reports/58ffe82d-6a5c-4b01-b68c-6627c63c8680/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ceb5b214-44f4-4f50-9a4d-2aae07dfc12e
Behavior Graph:
Download SVG
%3 guuid=c13c4373-1900-0000-caf0-e233640f0000 pid=3940 /usr/bin/sudo guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947 /tmp/sample.bin guuid=c13c4373-1900-0000-caf0-e233640f0000 pid=3940->guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947 execve guuid=f5bd8475-1900-0000-caf0-e2336e0f0000 pid=3950 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=f5bd8475-1900-0000-caf0-e2336e0f0000 pid=3950 execve guuid=076b10a1-1900-0000-caf0-e23305100000 pid=4101 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=076b10a1-1900-0000-caf0-e23305100000 pid=4101 execve guuid=e09a47a1-1900-0000-caf0-e23306100000 pid=4102 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=e09a47a1-1900-0000-caf0-e23306100000 pid=4102 clone guuid=0449cca1-1900-0000-caf0-e23309100000 pid=4105 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=0449cca1-1900-0000-caf0-e23309100000 pid=4105 execve guuid=b14d83c8-1900-0000-caf0-e23383100000 pid=4227 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=b14d83c8-1900-0000-caf0-e23383100000 pid=4227 execve guuid=b3eec8c8-1900-0000-caf0-e23387100000 pid=4231 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=b3eec8c8-1900-0000-caf0-e23387100000 pid=4231 clone guuid=50dd57c9-1900-0000-caf0-e2338a100000 pid=4234 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=50dd57c9-1900-0000-caf0-e2338a100000 pid=4234 execve guuid=f3a66d00-1a00-0000-caf0-e23314110000 pid=4372 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=f3a66d00-1a00-0000-caf0-e23314110000 pid=4372 execve guuid=7811d500-1a00-0000-caf0-e23318110000 pid=4376 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=7811d500-1a00-0000-caf0-e23318110000 pid=4376 clone guuid=42e6c701-1a00-0000-caf0-e2331d110000 pid=4381 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=42e6c701-1a00-0000-caf0-e2331d110000 pid=4381 execve guuid=ba736339-1a00-0000-caf0-e23384110000 pid=4484 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=ba736339-1a00-0000-caf0-e23384110000 pid=4484 execve guuid=9960db39-1a00-0000-caf0-e23385110000 pid=4485 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=9960db39-1a00-0000-caf0-e23385110000 pid=4485 clone guuid=c51bb23c-1a00-0000-caf0-e23387110000 pid=4487 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=c51bb23c-1a00-0000-caf0-e23387110000 pid=4487 execve guuid=0c7c5474-1a00-0000-caf0-e23305120000 pid=4613 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=0c7c5474-1a00-0000-caf0-e23305120000 pid=4613 execve guuid=cc0ac274-1a00-0000-caf0-e23308120000 pid=4616 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=cc0ac274-1a00-0000-caf0-e23308120000 pid=4616 clone guuid=062fb976-1a00-0000-caf0-e2330d120000 pid=4621 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=062fb976-1a00-0000-caf0-e2330d120000 pid=4621 execve guuid=09b0acac-1a00-0000-caf0-e23389120000 pid=4745 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=09b0acac-1a00-0000-caf0-e23389120000 pid=4745 execve guuid=ea9a2dad-1a00-0000-caf0-e2338a120000 pid=4746 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=ea9a2dad-1a00-0000-caf0-e2338a120000 pid=4746 clone guuid=8ff321ae-1a00-0000-caf0-e2338e120000 pid=4750 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=8ff321ae-1a00-0000-caf0-e2338e120000 pid=4750 execve guuid=4cdd84e6-1a00-0000-caf0-e233fa120000 pid=4858 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=4cdd84e6-1a00-0000-caf0-e233fa120000 pid=4858 execve guuid=bbe5d0e6-1a00-0000-caf0-e233fd120000 pid=4861 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=bbe5d0e6-1a00-0000-caf0-e233fd120000 pid=4861 clone guuid=8626ece7-1a00-0000-caf0-e23302130000 pid=4866 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=8626ece7-1a00-0000-caf0-e23302130000 pid=4866 execve guuid=d443c911-1b00-0000-caf0-e23359130000 pid=4953 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=d443c911-1b00-0000-caf0-e23359130000 pid=4953 execve guuid=18b04b12-1b00-0000-caf0-e2335b130000 pid=4955 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=18b04b12-1b00-0000-caf0-e2335b130000 pid=4955 clone guuid=7ba0cf14-1b00-0000-caf0-e23361130000 pid=4961 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=7ba0cf14-1b00-0000-caf0-e23361130000 pid=4961 execve guuid=e901094c-1b00-0000-caf0-e233c8130000 pid=5064 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=e901094c-1b00-0000-caf0-e233c8130000 pid=5064 execve guuid=1809644c-1b00-0000-caf0-e233cb130000 pid=5067 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=1809644c-1b00-0000-caf0-e233cb130000 pid=5067 clone guuid=b158584d-1b00-0000-caf0-e233cf130000 pid=5071 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=b158584d-1b00-0000-caf0-e233cf130000 pid=5071 execve guuid=5420d785-1b00-0000-caf0-e23334140000 pid=5172 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=5420d785-1b00-0000-caf0-e23334140000 pid=5172 execve guuid=87b45786-1b00-0000-caf0-e23335140000 pid=5173 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=87b45786-1b00-0000-caf0-e23335140000 pid=5173 clone guuid=b4ed8a87-1b00-0000-caf0-e23339140000 pid=5177 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=b4ed8a87-1b00-0000-caf0-e23339140000 pid=5177 execve guuid=03af7dae-1b00-0000-caf0-e23385140000 pid=5253 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=03af7dae-1b00-0000-caf0-e23385140000 pid=5253 execve guuid=1ea50aaf-1b00-0000-caf0-e23386140000 pid=5254 /home/sandbox/x86 net guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=1ea50aaf-1b00-0000-caf0-e23386140000 pid=5254 execve guuid=3a8ef5c0-1b00-0000-caf0-e23389140000 pid=5257 /usr/bin/wget net send-data write-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=3a8ef5c0-1b00-0000-caf0-e23389140000 pid=5257 execve guuid=f92d8bff-1b00-0000-caf0-e23395140000 pid=5269 /usr/bin/chmod guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=f92d8bff-1b00-0000-caf0-e23395140000 pid=5269 execve guuid=0fb23900-1c00-0000-caf0-e23396140000 pid=5270 /usr/bin/dash guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=0fb23900-1c00-0000-caf0-e23396140000 pid=5270 clone guuid=1f486e01-1c00-0000-caf0-e23398140000 pid=5272 /usr/bin/rm delete-file guuid=b75f1375-1900-0000-caf0-e2336b0f0000 pid=3947->guuid=1f486e01-1c00-0000-caf0-e23398140000 pid=5272 execve 2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b 31.97.24.65:80 guuid=f5bd8475-1900-0000-caf0-e2336e0f0000 pid=3950->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 138B guuid=0449cca1-1900-0000-caf0-e23309100000 pid=4105->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=50dd57c9-1900-0000-caf0-e2338a100000 pid=4234->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=42e6c701-1a00-0000-caf0-e2331d110000 pid=4381->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=c51bb23c-1a00-0000-caf0-e23387110000 pid=4487->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=062fb976-1a00-0000-caf0-e2330d120000 pid=4621->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=8ff321ae-1a00-0000-caf0-e2338e120000 pid=4750->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 139B guuid=8626ece7-1a00-0000-caf0-e23302130000 pid=4866->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 138B guuid=7ba0cf14-1b00-0000-caf0-e23361130000 pid=4961->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 138B guuid=b158584d-1b00-0000-caf0-e233cf130000 pid=5071->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 138B guuid=b4ed8a87-1b00-0000-caf0-e23339140000 pid=5177->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 138B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=1ea50aaf-1b00-0000-caf0-e23386140000 pid=5254->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b77ddec0-1b00-0000-caf0-e23387140000 pid=5255 /home/sandbox/x86 guuid=1ea50aaf-1b00-0000-caf0-e23386140000 pid=5254->guuid=b77ddec0-1b00-0000-caf0-e23387140000 pid=5255 clone guuid=e820e9c0-1b00-0000-caf0-e23388140000 pid=5256 /home/sandbox/x86 net send-data zombie guuid=1ea50aaf-1b00-0000-caf0-e23386140000 pid=5254->guuid=e820e9c0-1b00-0000-caf0-e23388140000 pid=5256 clone guuid=e820e9c0-1b00-0000-caf0-e23388140000 pid=5256->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b 87.121.84.220:61459 guuid=e820e9c0-1b00-0000-caf0-e23388140000 pid=5256->dfbb6132-9b3a-5fcc-ae73-0a5bea22ee6b send: 43B guuid=3a8ef5c0-1b00-0000-caf0-e23389140000 pid=5257->2a9d8f2c-02a8-5bc6-bed0-102afd2a5f7b send: 141B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-19 18:05:53 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4uu6vdugu6mcxoxcg5eeno22m64tmzstjfbucmlfl45ugwsktefq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250819-wnvzsswnw3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e529ea8e86a7982bbae2374846bb5a67b936665349434131655f3b435a4a990b

(this sample)

Mirai

elf 54a7a9385c2b4ad70c88de9a4fa9a881534ffef1624eb7ae262b5cffcc56f0f5

Mirai

elf a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

  
URLhaus
https://urlhaus.abuse.ch/url/3606906/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3606907/
  
Dropping
MD5 6ae4f401306df7b289cbe99923b8b28d
  
Dropping
SHA256 a2812bf91c1836b0749615f8c92f49b055ed1152a0cfcb03cffb4473388ae1f9

Comments