MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30
SHA3-384 hash: 4e2875e83efc64665e6836821c91351d84345c5471741699a6fe5a735b761ddc342ae6f0cfd0023ada85389688ddafcd
SHA1 hash: 222941ca9db9e819ecd6f60e25ad8b1f7c668dc4
MD5 hash: 149b3646a7ceae6a43ae432a85482994
humanhash: lamp-cold-arkansas-glucose
File name:gay.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:862 bytes
First seen:2025-08-08 07:12:26 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:p4j91k8nFNIZ6wW04K1qpHT8a64Zx8rWO5hxyps:CFNI+KM+5ys
TLSH T10A11909F31B327A6C4085D12315984AC9E04D2D050E9970EF8CDC6F58AF9D9D7914EB7
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.156.87.122/gay.arm93eef4b6fd9b0c949eaa85c29298b365fc51ee7026290b620f6c44e3e97c4e6f Miraiarm elf geofenced mirai ua-wget USA
http://45.156.87.122/gay.arm59c71826adfc67e1ca70ec47622fb4922b25edd9c3d1788bf1e73cd4c1172a370 Miraiarm elf geofenced mirai ua-wget USA
http://45.156.87.122/gay.arm6298fa8a531d5cb77b25f2d5f9d4c7e75372889709db770683f32035da1321c43 Miraiarm elf geofenced mirai ua-wget USA
http://45.156.87.122/gay.arm73cfaea15af8b986472356181e98bd904e338c8b427062e7896766b375a4ade54 Miraiarm elf geofenced mirai ua-wget USA
http://45.156.87.122/gay.m68kac42b72130f244193fea49a5371885b0395397d56efe251c1346986405b553f7 Miraielf geofenced m68k mirai ua-wget USA
http://45.156.87.122/gay.mips3d72f04ad1f702519ab09dd03cd713a06aaf7f95ea87d6103b69e8ad60b49870 Miraielf geofenced mips mirai ua-wget USA
http://45.156.87.122/gay.mpsld3f801b6fb73d93f84df678bec7e672e50bdba52b1847c0565e58bcd4b9dab20 Miraielf geofenced mips mirai ua-wget USA
http://45.156.87.122/gay.ppc06e4ce514ed9501a984ed5295d70a0e73c19a3fa397b53e754043dd505b815b2 Miraielf geofenced mirai PowerPC ua-wget USA
http://45.156.87.122/gay.sh476dea2b073a65a84f345f8963f36e3312516ff793f800d82caf03203b391e307 Miraielf geofenced mirai SuperH ua-wget USA
http://45.156.87.122/gay.spcn/an/aelf ua-wget
http://45.156.87.122/gay.x8686eadefe2403fd5ea229f3aac4c46c600bebedb87309ae50360494ce90abaab6 Miraielf geofenced mirai ua-wget USA x86
http://45.156.87.122/gay.x86_64e8ba336421a38e3c3a1f1c967d87b8747d9d6f5bc5cf93c87d94a3ef6d73aef8 Miraielf geofenced mirai ua-wget USA x86

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6895a3a66d7bffa0a79fe0e2/reports/6ace8f8d-262d-4cce-892e-f0cdc7fdec07/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e0dc6e96-a24b-4644-83c8-ed9ece5c28f9
Behavior Graph:
Download SVG
%3 guuid=123d69f5-1c00-0000-9a23-0294240c0000 pid=3108 /usr/bin/sudo guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113 /tmp/sample.bin guuid=123d69f5-1c00-0000-9a23-0294240c0000 pid=3108->guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113 execve guuid=0fd09df7-1c00-0000-9a23-02942a0c0000 pid=3114 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=0fd09df7-1c00-0000-9a23-02942a0c0000 pid=3114 execve guuid=0e8f8406-1d00-0000-9a23-0294530c0000 pid=3155 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=0e8f8406-1d00-0000-9a23-0294530c0000 pid=3155 execve guuid=f3de1807-1d00-0000-9a23-0294540c0000 pid=3156 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=f3de1807-1d00-0000-9a23-0294540c0000 pid=3156 clone guuid=f691d807-1d00-0000-9a23-0294560c0000 pid=3158 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=f691d807-1d00-0000-9a23-0294560c0000 pid=3158 execve guuid=0730da13-1d00-0000-9a23-0294690c0000 pid=3177 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=0730da13-1d00-0000-9a23-0294690c0000 pid=3177 execve guuid=e6c23714-1d00-0000-9a23-02946a0c0000 pid=3178 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=e6c23714-1d00-0000-9a23-02946a0c0000 pid=3178 clone guuid=581af414-1d00-0000-9a23-02946d0c0000 pid=3181 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=581af414-1d00-0000-9a23-02946d0c0000 pid=3181 execve guuid=88ae0921-1d00-0000-9a23-02947a0c0000 pid=3194 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=88ae0921-1d00-0000-9a23-02947a0c0000 pid=3194 execve guuid=99666021-1d00-0000-9a23-02947b0c0000 pid=3195 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=99666021-1d00-0000-9a23-02947b0c0000 pid=3195 clone guuid=75041f22-1d00-0000-9a23-02947d0c0000 pid=3197 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=75041f22-1d00-0000-9a23-02947d0c0000 pid=3197 execve guuid=ab11e62e-1d00-0000-9a23-02947e0c0000 pid=3198 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=ab11e62e-1d00-0000-9a23-02947e0c0000 pid=3198 execve guuid=5ec84c2f-1d00-0000-9a23-02947f0c0000 pid=3199 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=5ec84c2f-1d00-0000-9a23-02947f0c0000 pid=3199 clone guuid=ca960630-1d00-0000-9a23-0294820c0000 pid=3202 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=ca960630-1d00-0000-9a23-0294820c0000 pid=3202 execve guuid=377e473e-1d00-0000-9a23-02949d0c0000 pid=3229 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=377e473e-1d00-0000-9a23-02949d0c0000 pid=3229 execve guuid=e740873e-1d00-0000-9a23-02949e0c0000 pid=3230 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=e740873e-1d00-0000-9a23-02949e0c0000 pid=3230 clone guuid=c171153f-1d00-0000-9a23-0294a10c0000 pid=3233 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=c171153f-1d00-0000-9a23-0294a10c0000 pid=3233 execve guuid=6589d84a-1d00-0000-9a23-0294aa0c0000 pid=3242 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=6589d84a-1d00-0000-9a23-0294aa0c0000 pid=3242 execve guuid=b9ca294b-1d00-0000-9a23-0294ab0c0000 pid=3243 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=b9ca294b-1d00-0000-9a23-0294ab0c0000 pid=3243 clone guuid=a96ae34b-1d00-0000-9a23-0294ad0c0000 pid=3245 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=a96ae34b-1d00-0000-9a23-0294ad0c0000 pid=3245 execve guuid=085caf57-1d00-0000-9a23-0294af0c0000 pid=3247 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=085caf57-1d00-0000-9a23-0294af0c0000 pid=3247 execve guuid=9f160158-1d00-0000-9a23-0294b10c0000 pid=3249 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=9f160158-1d00-0000-9a23-0294b10c0000 pid=3249 clone guuid=f5a20a58-1d00-0000-9a23-0294b20c0000 pid=3250 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=f5a20a58-1d00-0000-9a23-0294b20c0000 pid=3250 execve guuid=204afe66-1d00-0000-9a23-0294c60c0000 pid=3270 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=204afe66-1d00-0000-9a23-0294c60c0000 pid=3270 execve guuid=24ca7467-1d00-0000-9a23-0294c70c0000 pid=3271 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=24ca7467-1d00-0000-9a23-0294c70c0000 pid=3271 clone guuid=23e98167-1d00-0000-9a23-0294c80c0000 pid=3272 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=23e98167-1d00-0000-9a23-0294c80c0000 pid=3272 execve guuid=63042e73-1d00-0000-9a23-0294cf0c0000 pid=3279 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=63042e73-1d00-0000-9a23-0294cf0c0000 pid=3279 execve guuid=82536573-1d00-0000-9a23-0294d10c0000 pid=3281 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=82536573-1d00-0000-9a23-0294d10c0000 pid=3281 clone guuid=cdd0f773-1d00-0000-9a23-0294d30c0000 pid=3283 /usr/bin/wget net send-data guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=cdd0f773-1d00-0000-9a23-0294d30c0000 pid=3283 execve guuid=e5d40b79-1d00-0000-9a23-0294e20c0000 pid=3298 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=e5d40b79-1d00-0000-9a23-0294e20c0000 pid=3298 execve guuid=ff706a79-1d00-0000-9a23-0294e30c0000 pid=3299 /usr/bin/dash guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=ff706a79-1d00-0000-9a23-0294e30c0000 pid=3299 clone guuid=2bd67479-1d00-0000-9a23-0294e40c0000 pid=3300 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=2bd67479-1d00-0000-9a23-0294e40c0000 pid=3300 execve guuid=34355384-1d00-0000-9a23-0294e60c0000 pid=3302 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=34355384-1d00-0000-9a23-0294e60c0000 pid=3302 execve guuid=115fb084-1d00-0000-9a23-0294e70c0000 pid=3303 /home/sandbox/gay.x86 delete-file net guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=115fb084-1d00-0000-9a23-0294e70c0000 pid=3303 execve guuid=d91ced84-1d00-0000-9a23-0294e90c0000 pid=3305 /usr/bin/wget net send-data write-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=d91ced84-1d00-0000-9a23-0294e90c0000 pid=3305 execve guuid=d586a190-1d00-0000-9a23-0294020d0000 pid=3330 /usr/bin/chmod guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=d586a190-1d00-0000-9a23-0294020d0000 pid=3330 execve guuid=c7fce290-1d00-0000-9a23-0294040d0000 pid=3332 /home/sandbox/gay.x86_64 delete-file net guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=c7fce290-1d00-0000-9a23-0294040d0000 pid=3332 execve guuid=71c60291-1d00-0000-9a23-0294070d0000 pid=3335 /usr/bin/rm delete-file guuid=104640f7-1c00-0000-9a23-0294290c0000 pid=3113->guuid=71c60291-1d00-0000-9a23-0294070d0000 pid=3335 execve 707c8371-5364-5552-b1fc-099e6ca7e9b8 45.156.87.122:80 guuid=0fd09df7-1c00-0000-9a23-02942a0c0000 pid=3114->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 135B guuid=f691d807-1d00-0000-9a23-0294560c0000 pid=3158->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=581af414-1d00-0000-9a23-02946d0c0000 pid=3181->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=75041f22-1d00-0000-9a23-02947d0c0000 pid=3197->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=ca960630-1d00-0000-9a23-0294820c0000 pid=3202->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=c171153f-1d00-0000-9a23-0294a10c0000 pid=3233->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=a96ae34b-1d00-0000-9a23-0294ad0c0000 pid=3245->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 136B guuid=f5a20a58-1d00-0000-9a23-0294b20c0000 pid=3250->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 135B guuid=23e98167-1d00-0000-9a23-0294c80c0000 pid=3272->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 135B guuid=cdd0f773-1d00-0000-9a23-0294d30c0000 pid=3283->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 135B guuid=2bd67479-1d00-0000-9a23-0294e40c0000 pid=3300->707c8371-5364-5552-b1fc-099e6ca7e9b8 send: 135B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=115fb084-1d00-0000-9a23-0294e70c0000 pid=3303->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=faade084-1d00-0000-9a23-0294e80c0000 pid=3304 /home/sandbox/gay.x86 dns net send-data zombie guuid=115fb084-1d00-0000-9a23-0294e70c0000 pid=3303->guuid=faade084-1d00-0000-9a23-0294e80c0000 pid=3304 clone guuid=faade084-1d00-0000-9a23-0294e80c0000 pid=3304->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B 6929ac99-af18-58b9-8058-b174d77c8a35 idk.daga.house:1995 guuid=faade084-1d00-0000-9a23-0294e80c0000 pid=3304->6929ac99-af18-58b9-8058-b174d77c8a35 send: 9B guuid=cb240285-1d00-0000-9a23-0294ea0c0000 pid=3306 /home/sandbox/gay.x86 guuid=faade084-1d00-0000-9a23-0294e80c0000 pid=3304->guuid=cb240285-1d00-0000-9a23-0294ea0c0000 pid=3306 clone b0bcd75a-9d6a-5920-b056-0a86a887ff09 idk.daga.house:80 guuid=d91ced84-1d00-0000-9a23-0294e90c0000 pid=3305->b0bcd75a-9d6a-5920-b056-0a86a887ff09 send: 138B guuid=c7fce290-1d00-0000-9a23-0294040d0000 pid=3332->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b6e0f990-1d00-0000-9a23-0294050d0000 pid=3333 /home/sandbox/gay.x86_64 dns net send-data zombie guuid=c7fce290-1d00-0000-9a23-0294040d0000 pid=3332->guuid=b6e0f990-1d00-0000-9a23-0294050d0000 pid=3333 clone guuid=b6e0f990-1d00-0000-9a23-0294050d0000 pid=3333->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 32B guuid=b6e0f990-1d00-0000-9a23-0294050d0000 pid=3333->6929ac99-af18-58b9-8058-b174d77c8a35 send: 11B guuid=2c1d0491-1d00-0000-9a23-0294080d0000 pid=3336 /home/sandbox/gay.x86_64 guuid=b6e0f990-1d00-0000-9a23-0294050d0000 pid=3333->guuid=2c1d0491-1d00-0000-9a23-0294080d0000 pid=3336 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30/
Threat name:
Document-HTML.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-08 07:15:49 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xhn4h5ueemrbps3rbup7jh3rqtulrxavn3lgi3gma5flkumfmya._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250808-h2f6xacm81/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e5cede1fb4211910be5b8868ffa4fb8c2745c6e0ab76b32366603a55aa8c2b30

(this sample)

Mirai

elf 93eef4b6fd9b0c949eaa85c29298b365fc51ee7026290b620f6c44e3e97c4e6f

  
URLhaus
https://urlhaus.abuse.ch/url/3598999/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c9914318d17d8e71315c43d40b7f44a0
  
Dropping
SHA256 93eef4b6fd9b0c949eaa85c29298b365fc51ee7026290b620f6c44e3e97c4e6f

Comments