MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb
SHA3-384 hash: b68626e30a7957378eea745867b519581f03c5c636b8d051d058d234c031fe8111b20d8eea4c5d3eb51dd8853bb09c93
SHA1 hash: 1afb3555fb23603431512b70eced5054134f566a
MD5 hash: 3c493e381d5c99a01aa4ac6b4fb9a76b
humanhash: alanine-bulldog-avocado-victor
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:810 bytes
First seen:2025-10-13 05:21:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:j10Rhg10oYk10ZNIl5P10C0LK/10E+OFj10pjML10jTtjw10sSOZp10NtC10SL1q:bYdNI7gKx+IujFT58lqtIwHn
TLSH T1F00125FE763172668E088F24606544869076E2D032514FFADCC618B2F8E96033A35EBD
Magika asm
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://164.68.99.27/systemcl/arm0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44 Miraielf mirai
http://164.68.99.27/systemcl/arm54b3fafa6af227c69f3164a2b4f85e7024361a714347c7f691099ed80736916ab Miraielf mirai
http://164.68.99.27/systemcl/arm6899c7e47c4e8f921e14bed7dcca677ed995ead6369168433011cac67ef6e5a59 Miraielf mirai
http://164.68.99.27/systemcl/arm7527debaef309134677a1c3a450dc5aea1f3a2a6f742fad86a20c80274c749630 Miraielf mirai
http://164.68.99.27/systemcl/m68kb819a17fd9314f13890dce05291b4c14b40477f0546c7481b4c2af576928244e Miraielf mirai
http://164.68.99.27/systemcl/mipsdc49d000be3daa749c372da39aad50bc49e8d944c7c868fb70b7d15e159d79d3 Miraielf mirai
http://164.68.99.27/systemcl/mpslc5da1b833565988e4bb1729244b07d55ff21148392a7143ff5aab70f43788d6b Miraielf mirai
http://164.68.99.27/systemcl/ppcdcd7d4b917223e33897da06b7fdb676d16aa4d7afc0276bb4525c275b0a45b10 Miraielf mirai
http://164.68.99.27/systemcl/sh4n/an/an/a
http://164.68.99.27/systemcl/spcn/an/an/a
http://164.68.99.27/systemcl/x86d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai
http://164.68.99.27/systemcl/x86_64d167fe5abe306825e029bd799bb645048ccae15dca31ea4ac9fcb8b416142a3a Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive exploit mirai
Link:
https://www.filescan.io/uploads/68ec8d2771883144ef339151/reports/d7fc8e4b-741b-4073-8905-d80c023df916/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-10-12T12:33:00Z UTC
Last seen:
2025-10-13T03:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f0b037c6-6824-43b9-9970-bd49ef5e540e
Behavior Graph:
Download SVG
%3 guuid=f02d9f03-1a00-0000-2f9d-ad32eb0a0000 pid=2795 /usr/bin/sudo guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796 /tmp/sample.bin guuid=f02d9f03-1a00-0000-2f9d-ad32eb0a0000 pid=2795->guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796 execve guuid=d16a8a06-1a00-0000-2f9d-ad32ed0a0000 pid=2797 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=d16a8a06-1a00-0000-2f9d-ad32ed0a0000 pid=2797 execve guuid=0e3fa60d-1a00-0000-2f9d-ad32f90a0000 pid=2809 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=0e3fa60d-1a00-0000-2f9d-ad32f90a0000 pid=2809 execve guuid=beebf50d-1a00-0000-2f9d-ad32fa0a0000 pid=2810 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=beebf50d-1a00-0000-2f9d-ad32fa0a0000 pid=2810 clone guuid=11b9ca0e-1a00-0000-2f9d-ad32fe0a0000 pid=2814 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=11b9ca0e-1a00-0000-2f9d-ad32fe0a0000 pid=2814 execve guuid=1378bc13-1a00-0000-2f9d-ad32070b0000 pid=2823 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=1378bc13-1a00-0000-2f9d-ad32070b0000 pid=2823 execve guuid=c77d0314-1a00-0000-2f9d-ad32090b0000 pid=2825 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=c77d0314-1a00-0000-2f9d-ad32090b0000 pid=2825 clone guuid=a7308b14-1a00-0000-2f9d-ad320d0b0000 pid=2829 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=a7308b14-1a00-0000-2f9d-ad320d0b0000 pid=2829 execve guuid=a464c417-1a00-0000-2f9d-ad32130b0000 pid=2835 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=a464c417-1a00-0000-2f9d-ad32130b0000 pid=2835 execve guuid=16471c18-1a00-0000-2f9d-ad32150b0000 pid=2837 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=16471c18-1a00-0000-2f9d-ad32150b0000 pid=2837 clone guuid=85cace18-1a00-0000-2f9d-ad32180b0000 pid=2840 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=85cace18-1a00-0000-2f9d-ad32180b0000 pid=2840 execve guuid=f6db6320-1a00-0000-2f9d-ad32270b0000 pid=2855 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=f6db6320-1a00-0000-2f9d-ad32270b0000 pid=2855 execve guuid=c931ba20-1a00-0000-2f9d-ad32280b0000 pid=2856 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=c931ba20-1a00-0000-2f9d-ad32280b0000 pid=2856 clone guuid=b14c4f21-1a00-0000-2f9d-ad322b0b0000 pid=2859 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=b14c4f21-1a00-0000-2f9d-ad322b0b0000 pid=2859 execve guuid=632b1624-1a00-0000-2f9d-ad32320b0000 pid=2866 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=632b1624-1a00-0000-2f9d-ad32320b0000 pid=2866 execve guuid=26a65024-1a00-0000-2f9d-ad32340b0000 pid=2868 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=26a65024-1a00-0000-2f9d-ad32340b0000 pid=2868 clone guuid=893bd724-1a00-0000-2f9d-ad32370b0000 pid=2871 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=893bd724-1a00-0000-2f9d-ad32370b0000 pid=2871 execve guuid=e44e8e27-1a00-0000-2f9d-ad32400b0000 pid=2880 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=e44e8e27-1a00-0000-2f9d-ad32400b0000 pid=2880 execve guuid=431add27-1a00-0000-2f9d-ad32420b0000 pid=2882 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=431add27-1a00-0000-2f9d-ad32420b0000 pid=2882 clone guuid=4ff4122a-1a00-0000-2f9d-ad32490b0000 pid=2889 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=4ff4122a-1a00-0000-2f9d-ad32490b0000 pid=2889 execve guuid=518d612d-1a00-0000-2f9d-ad32560b0000 pid=2902 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=518d612d-1a00-0000-2f9d-ad32560b0000 pid=2902 execve guuid=a563992d-1a00-0000-2f9d-ad32580b0000 pid=2904 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=a563992d-1a00-0000-2f9d-ad32580b0000 pid=2904 clone guuid=ba8dba2e-1a00-0000-2f9d-ad325d0b0000 pid=2909 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=ba8dba2e-1a00-0000-2f9d-ad325d0b0000 pid=2909 execve guuid=3dd14331-1a00-0000-2f9d-ad32660b0000 pid=2918 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=3dd14331-1a00-0000-2f9d-ad32660b0000 pid=2918 execve guuid=cfbc7a31-1a00-0000-2f9d-ad32670b0000 pid=2919 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=cfbc7a31-1a00-0000-2f9d-ad32670b0000 pid=2919 clone guuid=907d1b32-1a00-0000-2f9d-ad326b0b0000 pid=2923 /usr/bin/wget net send-data guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=907d1b32-1a00-0000-2f9d-ad326b0b0000 pid=2923 execve guuid=7639f333-1a00-0000-2f9d-ad32700b0000 pid=2928 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=7639f333-1a00-0000-2f9d-ad32700b0000 pid=2928 execve guuid=667c3d34-1a00-0000-2f9d-ad32710b0000 pid=2929 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=667c3d34-1a00-0000-2f9d-ad32710b0000 pid=2929 clone guuid=1b494c34-1a00-0000-2f9d-ad32720b0000 pid=2930 /usr/bin/wget net send-data guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=1b494c34-1a00-0000-2f9d-ad32720b0000 pid=2930 execve guuid=3ed12836-1a00-0000-2f9d-ad32770b0000 pid=2935 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=3ed12836-1a00-0000-2f9d-ad32770b0000 pid=2935 execve guuid=86978336-1a00-0000-2f9d-ad32790b0000 pid=2937 /usr/bin/dash guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=86978336-1a00-0000-2f9d-ad32790b0000 pid=2937 clone guuid=d6d89536-1a00-0000-2f9d-ad327a0b0000 pid=2938 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=d6d89536-1a00-0000-2f9d-ad327a0b0000 pid=2938 execve guuid=ac42ab39-1a00-0000-2f9d-ad32830b0000 pid=2947 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=ac42ab39-1a00-0000-2f9d-ad32830b0000 pid=2947 execve guuid=5ad8ee39-1a00-0000-2f9d-ad32840b0000 pid=2948 /home/sandbox/x86 net guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=5ad8ee39-1a00-0000-2f9d-ad32840b0000 pid=2948 execve guuid=96bfd24a-1a00-0000-2f9d-ad32990b0000 pid=2969 /usr/bin/wget net send-data write-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=96bfd24a-1a00-0000-2f9d-ad32990b0000 pid=2969 execve guuid=685c7353-1a00-0000-2f9d-ad32a20b0000 pid=2978 /usr/bin/chmod guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=685c7353-1a00-0000-2f9d-ad32a20b0000 pid=2978 execve guuid=0dd9e253-1a00-0000-2f9d-ad32a40b0000 pid=2980 /home/sandbox/x86_64 net guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=0dd9e253-1a00-0000-2f9d-ad32a40b0000 pid=2980 execve guuid=da932268-1a00-0000-2f9d-ad32d80b0000 pid=3032 /usr/bin/rm delete-file guuid=492c3e06-1a00-0000-2f9d-ad32ec0a0000 pid=2796->guuid=da932268-1a00-0000-2f9d-ad32d80b0000 pid=3032 execve 8e6b5758-71ad-5d15-b2f4-440297d989d0 164.68.99.27:80 guuid=d16a8a06-1a00-0000-2f9d-ad32ed0a0000 pid=2797->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 139B guuid=11b9ca0e-1a00-0000-2f9d-ad32fe0a0000 pid=2814->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=a7308b14-1a00-0000-2f9d-ad320d0b0000 pid=2829->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=85cace18-1a00-0000-2f9d-ad32180b0000 pid=2840->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=b14c4f21-1a00-0000-2f9d-ad322b0b0000 pid=2859->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=893bd724-1a00-0000-2f9d-ad32370b0000 pid=2871->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=4ff4122a-1a00-0000-2f9d-ad32490b0000 pid=2889->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 140B guuid=ba8dba2e-1a00-0000-2f9d-ad325d0b0000 pid=2909->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 139B guuid=907d1b32-1a00-0000-2f9d-ad326b0b0000 pid=2923->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 139B guuid=1b494c34-1a00-0000-2f9d-ad32720b0000 pid=2930->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 139B guuid=d6d89536-1a00-0000-2f9d-ad327a0b0000 pid=2938->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 139B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=5ad8ee39-1a00-0000-2f9d-ad32840b0000 pid=2948->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2d81c44a-1a00-0000-2f9d-ad32970b0000 pid=2967 /home/sandbox/x86 guuid=5ad8ee39-1a00-0000-2f9d-ad32840b0000 pid=2948->guuid=2d81c44a-1a00-0000-2f9d-ad32970b0000 pid=2967 clone guuid=f46fc94a-1a00-0000-2f9d-ad32980b0000 pid=2968 /home/sandbox/x86 net send-data zombie guuid=5ad8ee39-1a00-0000-2f9d-ad32840b0000 pid=2948->guuid=f46fc94a-1a00-0000-2f9d-ad32980b0000 pid=2968 clone guuid=f46fc94a-1a00-0000-2f9d-ad32980b0000 pid=2968->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 741d4b50-67cd-5c90-a3da-6fb4b3d62b18 87.121.84.117:61459 guuid=f46fc94a-1a00-0000-2f9d-ad32980b0000 pid=2968->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 41B guuid=96bfd24a-1a00-0000-2f9d-ad32990b0000 pid=2969->8e6b5758-71ad-5d15-b2f4-440297d989d0 send: 142B guuid=0dd9e253-1a00-0000-2f9d-ad32a40b0000 pid=2980->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26ec0f68-1a00-0000-2f9d-ad32d60b0000 pid=3030 /home/sandbox/x86_64 guuid=0dd9e253-1a00-0000-2f9d-ad32a40b0000 pid=2980->guuid=26ec0f68-1a00-0000-2f9d-ad32d60b0000 pid=3030 clone guuid=bf071868-1a00-0000-2f9d-ad32d70b0000 pid=3031 /home/sandbox/x86_64 net send-data zombie guuid=0dd9e253-1a00-0000-2f9d-ad32a40b0000 pid=2980->guuid=bf071868-1a00-0000-2f9d-ad32d70b0000 pid=3031 clone guuid=bf071868-1a00-0000-2f9d-ad32d70b0000 pid=3031->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bf071868-1a00-0000-2f9d-ad32d70b0000 pid=3031->741d4b50-67cd-5c90-a3da-6fb4b3d62b18 send: 46B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-10-12 12:48:28 UTC
File Type:
Text (Shell)
AV detection:
16 of 36 (44.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nh2pqcowhwnf66kesidz2nw7wltb744jr3fljb56lnl4wjirs5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251013-f35jsavwdy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh eb4fa7c04eb1ecd2fbca24903ce9b6fd9730ff9c4c7655a43df2dabe59288cbb

(this sample)

Mirai

elf fcbc3bd941058d8c9ce4d927794359784701d81960faf767b79af703bb1e5667

Mirai

elf 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

  
URLhaus
https://urlhaus.abuse.ch/url/3670407/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d15671917c0eedad1eb445739878a003
  
Dropping
SHA256 0aa6fd4f78bcee9f77a93153de85f0db4aa2e42464afcad9564ef46528697d44

Comments