MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d
SHA3-384 hash: 79cf6d2f2c7f964bf56a082435e98bc5caf17ecfabec77496500cd5f48558916550bd77df3153cd880d83e8b8fff37be
SHA1 hash: 44901b351faf62b9e3b37aa5ba2310e5dab98784
MD5 hash: 52c1de08e82af436934826817d02966e
humanhash: monkey-spaghetti-east-maryland
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'160 bytes
First seen:2025-07-02 05:24:12 UTC
Last seen:2025-07-03 05:53:41 UTC
File type: sh
MIME type:text/plain
ssdeep 12:0pbnD6x+VpbnDucArE+VpbnDoNI+3BEA+VpbnDxTKRiH+VpbnDGNZIq+VpbnDpQk:OjI4NI6sNKBWN+L58Ou6uRFY3CSxn
TLSH T161212FFF0311502BC01DDFD230694610824A8287B86C4BB96BDE4EB76E84EC5FC49E5B
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.87.245/00101010101001/morte.arm0e1c862fb7b3927bbf3f71b5c83949151be2dfedd584eb482c173ce2e851dd3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm5a67885abc3a05d82c9083e3df77c227e91f38aa242bc9988caf35b3a447ca596 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm661dfc5c73839259cb55254701e29c43307b89acaecf4c14b51be5d209ce80d5b Miraimirai opendir
http://196.251.87.245/00101010101001/morte.arm795d5407a92ac4b36ed3d0f10b3fb494fed6ae21491b9f5fce152b85b78fb2e12 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.m68k7c5e6035418ce9f52bdb00eaff5e23d3d7a41f7a75554249c6cf6e44ce34ae3f Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mipsa81cd95a99e545fa8df1f913d95d4609dcae0c7933e1b5012a728b9ea9f4e46c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.mpslf4d2edf5cb22fd836842fb0c277395557f3a1329cc90c280cc12839c3e6fd72c Miraimirai opendir
http://196.251.87.245/00101010101001/morte.ppc437732d5bde3a06c54a001342f0ad3735088bc10d3aaeb69d038520c3a00a9db Miraimirai opendir
http://196.251.87.245/00101010101001/morte.sh4e0fadfca7d4f0704722720c739c817d05fa639fdbb6edbd961d0083f73342c80 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.spcb98844c282ecfff203dabee396106d9726de54c4821bd35208239f7621d774b9 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.x864fef063a9f02ba436aa8231ae6e68833cc7007d4acd4c911b0742fc6edb7f3e0 Miraimirai opendir
http://196.251.87.245/00101010101001/morte.x86_645f40e73a84e77e83a454da3ee487429836e3bdec4ceffc19d0d26c4901a911dd Miraimirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
12
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6864c285900df8e7f8654f64linux22vpnfull_triage
Tags:
downloader phishing trojan agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/00b2aa9b-1ec9-4889-9770-ade81219b20d
Behavior Graph:
Download SVG
%3 guuid=df8918d3-1600-0000-96a5-3740ef0d0000 pid=3567 /usr/bin/sudo guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574 /tmp/sample.bin guuid=df8918d3-1600-0000-96a5-3740ef0d0000 pid=3567->guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574 execve guuid=e3e77cd5-1600-0000-96a5-3740f70d0000 pid=3575 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=e3e77cd5-1600-0000-96a5-3740f70d0000 pid=3575 execve guuid=37f1ead8-1600-0000-96a5-3740030e0000 pid=3587 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=37f1ead8-1600-0000-96a5-3740030e0000 pid=3587 execve guuid=b97a2bd9-1600-0000-96a5-3740050e0000 pid=3589 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=b97a2bd9-1600-0000-96a5-3740050e0000 pid=3589 clone guuid=aab087da-1600-0000-96a5-37400b0e0000 pid=3595 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=aab087da-1600-0000-96a5-37400b0e0000 pid=3595 execve guuid=034926dd-1600-0000-96a5-3740140e0000 pid=3604 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=034926dd-1600-0000-96a5-3740140e0000 pid=3604 execve guuid=9bc07bdd-1600-0000-96a5-3740150e0000 pid=3605 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=9bc07bdd-1600-0000-96a5-3740150e0000 pid=3605 clone guuid=a89b1ade-1600-0000-96a5-3740180e0000 pid=3608 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=a89b1ade-1600-0000-96a5-3740180e0000 pid=3608 execve guuid=4133e3e0-1600-0000-96a5-3740220e0000 pid=3618 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=4133e3e0-1600-0000-96a5-3740220e0000 pid=3618 execve guuid=c1b125e1-1600-0000-96a5-3740240e0000 pid=3620 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=c1b125e1-1600-0000-96a5-3740240e0000 pid=3620 clone guuid=8f4cb7e1-1600-0000-96a5-3740290e0000 pid=3625 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=8f4cb7e1-1600-0000-96a5-3740290e0000 pid=3625 execve guuid=c028d3e4-1600-0000-96a5-3740370e0000 pid=3639 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=c028d3e4-1600-0000-96a5-3740370e0000 pid=3639 execve guuid=903a00e5-1600-0000-96a5-3740390e0000 pid=3641 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=903a00e5-1600-0000-96a5-3740390e0000 pid=3641 clone guuid=874e70e5-1600-0000-96a5-37403c0e0000 pid=3644 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=874e70e5-1600-0000-96a5-37403c0e0000 pid=3644 execve guuid=ec1ca7e8-1600-0000-96a5-3740420e0000 pid=3650 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=ec1ca7e8-1600-0000-96a5-3740420e0000 pid=3650 execve guuid=cfa408e9-1600-0000-96a5-3740460e0000 pid=3654 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=cfa408e9-1600-0000-96a5-3740460e0000 pid=3654 clone guuid=fa529ae9-1600-0000-96a5-3740480e0000 pid=3656 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=fa529ae9-1600-0000-96a5-3740480e0000 pid=3656 execve guuid=c2fd2dec-1600-0000-96a5-3740530e0000 pid=3667 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=c2fd2dec-1600-0000-96a5-3740530e0000 pid=3667 execve guuid=de1477ec-1600-0000-96a5-3740540e0000 pid=3668 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=de1477ec-1600-0000-96a5-3740540e0000 pid=3668 clone guuid=60ec0ced-1600-0000-96a5-3740570e0000 pid=3671 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=60ec0ced-1600-0000-96a5-3740570e0000 pid=3671 execve guuid=12f7c9ef-1600-0000-96a5-3740610e0000 pid=3681 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=12f7c9ef-1600-0000-96a5-3740610e0000 pid=3681 execve guuid=4725fcef-1600-0000-96a5-3740620e0000 pid=3682 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=4725fcef-1600-0000-96a5-3740620e0000 pid=3682 clone guuid=d4eb4af1-1600-0000-96a5-3740670e0000 pid=3687 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=d4eb4af1-1600-0000-96a5-3740670e0000 pid=3687 execve guuid=a1c61cf4-1600-0000-96a5-3740680e0000 pid=3688 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=a1c61cf4-1600-0000-96a5-3740680e0000 pid=3688 execve guuid=61a268f4-1600-0000-96a5-3740690e0000 pid=3689 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=61a268f4-1600-0000-96a5-3740690e0000 pid=3689 clone guuid=0a7374f4-1600-0000-96a5-37406a0e0000 pid=3690 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=0a7374f4-1600-0000-96a5-37406a0e0000 pid=3690 execve guuid=f3e006f8-1600-0000-96a5-37406b0e0000 pid=3691 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=f3e006f8-1600-0000-96a5-37406b0e0000 pid=3691 execve guuid=ddbf4af8-1600-0000-96a5-37406c0e0000 pid=3692 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=ddbf4af8-1600-0000-96a5-37406c0e0000 pid=3692 clone guuid=e1d7ddf8-1600-0000-96a5-37406e0e0000 pid=3694 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=e1d7ddf8-1600-0000-96a5-37406e0e0000 pid=3694 execve guuid=a8ea48fc-1600-0000-96a5-3740750e0000 pid=3701 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=a8ea48fc-1600-0000-96a5-3740750e0000 pid=3701 execve guuid=2abb81fc-1600-0000-96a5-3740770e0000 pid=3703 /usr/bin/dash guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=2abb81fc-1600-0000-96a5-3740770e0000 pid=3703 clone guuid=f213f6fc-1600-0000-96a5-37407b0e0000 pid=3707 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=f213f6fc-1600-0000-96a5-37407b0e0000 pid=3707 execve guuid=50081003-1700-0000-96a5-3740860e0000 pid=3718 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=50081003-1700-0000-96a5-3740860e0000 pid=3718 execve guuid=b3da5c03-1700-0000-96a5-3740870e0000 pid=3719 /home/sandbox/morte.x86 net guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=b3da5c03-1700-0000-96a5-3740870e0000 pid=3719 execve guuid=43c2fc03-1700-0000-96a5-37408d0e0000 pid=3725 /usr/bin/wget net send-data write-file guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=43c2fc03-1700-0000-96a5-37408d0e0000 pid=3725 execve guuid=3b41ca09-1700-0000-96a5-3740a20e0000 pid=3746 /usr/bin/chmod guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=3b41ca09-1700-0000-96a5-3740a20e0000 pid=3746 execve guuid=314b2d0a-1700-0000-96a5-3740a30e0000 pid=3747 /home/sandbox/morte.x86_64 mprotect-exec net guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=314b2d0a-1700-0000-96a5-3740a30e0000 pid=3747 execve guuid=3834f80c-1700-0000-96a5-3740b20e0000 pid=3762 /usr/bin/rm guuid=6f0842d5-1600-0000-96a5-3740f60d0000 pid=3574->guuid=3834f80c-1700-0000-96a5-3740b20e0000 pid=3762 execve d047be9e-0261-5db6-bcf1-f98b662bc156 196.251.87.245:80 guuid=e3e77cd5-1600-0000-96a5-3740f70d0000 pid=3575->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B guuid=aab087da-1600-0000-96a5-37400b0e0000 pid=3595->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=a89b1ade-1600-0000-96a5-3740180e0000 pid=3608->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=8f4cb7e1-1600-0000-96a5-3740290e0000 pid=3625->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=874e70e5-1600-0000-96a5-37403c0e0000 pid=3644->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=fa529ae9-1600-0000-96a5-3740480e0000 pid=3656->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=60ec0ced-1600-0000-96a5-3740570e0000 pid=3671->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 154B guuid=d4eb4af1-1600-0000-96a5-3740670e0000 pid=3687->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B guuid=0a7374f4-1600-0000-96a5-37406a0e0000 pid=3690->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B guuid=e1d7ddf8-1600-0000-96a5-37406e0e0000 pid=3694->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B guuid=f213f6fc-1600-0000-96a5-37407b0e0000 pid=3707->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 153B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=b3da5c03-1700-0000-96a5-3740870e0000 pid=3719->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eb33f303-1700-0000-96a5-37408a0e0000 pid=3722 /home/sandbox/morte.x86 guuid=b3da5c03-1700-0000-96a5-3740870e0000 pid=3719->guuid=eb33f303-1700-0000-96a5-37408a0e0000 pid=3722 clone guuid=8c6df703-1700-0000-96a5-37408b0e0000 pid=3723 /home/sandbox/morte.x86 delete-file dns net send-data zombie guuid=b3da5c03-1700-0000-96a5-3740870e0000 pid=3719->guuid=8c6df703-1700-0000-96a5-37408b0e0000 pid=3723 clone guuid=8c6df703-1700-0000-96a5-37408b0e0000 pid=3723->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 37B f2314dec-3f4f-5fb5-9b72-f7ca6bdedfc6 vip.jbvipnetwork.cc:12121 guuid=8c6df703-1700-0000-96a5-37408b0e0000 pid=3723->f2314dec-3f4f-5fb5-9b72-f7ca6bdedfc6 con guuid=d6041a04-1700-0000-96a5-37408e0e0000 pid=3726 /home/sandbox/morte.x86 guuid=8c6df703-1700-0000-96a5-37408b0e0000 pid=3723->guuid=d6041a04-1700-0000-96a5-37408e0e0000 pid=3726 clone guuid=43c2fc03-1700-0000-96a5-37408d0e0000 pid=3725->d047be9e-0261-5db6-bcf1-f98b662bc156 send: 156B guuid=314b2d0a-1700-0000-96a5-3740a30e0000 pid=3747->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f77ebf5e-2af7-5b09-86f4-388588a8b445 0.0.0.0:12121 guuid=314b2d0a-1700-0000-96a5-3740a30e0000 pid=3747->f77ebf5e-2af7-5b09-86f4-388588a8b445 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d/
Verdict:
Malicious
Threat:
Script-Shell.Downloader.Heuristic
Link:
https://tip.neiki.dev/file/e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-02 05:24:19 UTC
File Type:
Text (Shell)
AV detection:
14 of 38 (36.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xo32pznt4pymnurzplaycbkirp6gxj4it5p3jxnh7jjf2r7t5oq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250702-f4hreasqy7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e5ddbd3f2d9f1f863691cbd60c082a445fe35d3c44fafda6ed3fd292ea3f9f5d

(this sample)

Mirai

elf 7819f29ddb9555bd58cbc40c139d1e2432b078d9ca147cf753e785d42287fefb

Mirai

elf e283b3319bdd755a22c892ae2ab04fa5fa44c5fe5bf3d37c7a3ebd52e7533aa9

  
URLhaus
https://urlhaus.abuse.ch/url/3572926/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3571666/
  
Dropping
MD5 c20f573973a8a629057b42d64868a53b
  
Dropping
SHA256 e283b3319bdd755a22c892ae2ab04fa5fa44c5fe5bf3d37c7a3ebd52e7533aa9
  
URLhaus
https://urlhaus.abuse.ch/url/3573018/
  
URLhaus
https://urlhaus.abuse.ch/url/3571680/
  
URLhaus
https://urlhaus.abuse.ch/url/3572987/
  
URLhaus
https://urlhaus.abuse.ch/url/3571569/
  
URLhaus
https://urlhaus.abuse.ch/url/3571669/

Comments