MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f
SHA3-384 hash: b11646a8d60350353150d8123fcfd612d681a1532a185deee6da26cd83d341ccb73ee4b2a0852685a486c350aa01a0d3
SHA1 hash: d43942a075b5f980326cbec53189ba83eb5c0241
MD5 hash: f42d5fc3566dde0c688c2faaadd94509
humanhash: juliet-solar-single-washington
File name:wget2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'053 bytes
First seen:2025-10-02 05:37:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:St5t+tEYoYYZEYcZA5t+tEYhXYhBEYu5t+tEYmGNI7Ym+SEYKe5t+tEYagYLKwZc:A3oasWNIQo7vK/ZKOKE14gyuKjulJoUv
TLSH T14A115BF92015512A1701AF1070EA08396DBBFBE2A03ADEF554BFE42351DB9D03726E35
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.62/UnHAnaAW.arm22902a825f4b5e45d050e75fd997518f670dcc1ed147719e025a97334e1fcd91 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm54bab044accc55cd8b091514d74bfb44eaaea95272ee653e93948925e24b25c7a Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm69f32df4b92beb06bfed9f04284c434379715cfcba0a62fa6bd568928c146dfd4 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.arm751bb3572999cd4a4b25fd0cc06b061674df3373767c789ceff16b677a2e4bdc5 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.sh4139cf5e5c3b4a3175dfda683eaefe4e6bd5310afa3d6d679363a224a6c69feea Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.62/UnHAnaAW.ppc74e244774df73843123066181b2bb2ee1b7a62fedc22e6e936adc6e21307e42c Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.62/UnHAnaAW.mips1aeffd0f72ac38ac1af0f86a925957eb88cff0184d6628b48ee9f452dcf8ce9c Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.mpslf91fa8a4c5e27570471adaa1d53a68ad32a4c38f8f9f12d74bbf5614b3baaf14 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.62/UnHAnaAW.spcb19d8245d8adeb27944deefd2ae7662e4bda0c3098c964e94b5326acbec78755 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.62/UnHAnaAW.x8642efa473fa16cd174a1394892b7163f4e47c0434d1138d120135451514465617 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.x86_645c4b64e559c1332e9f65c611909524c68ad73d63878cd6e36602c17303d0985b Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.62/UnHAnaAW.i586n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/68de106a74e5a289899d8b84/reports/dc2b7a50-2312-455d-a9d7-327ddcd646c9/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-10-02T02:52:00Z UTC
Last seen:
2025-10-02T10:28:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3b9297eb-6197-4242-a800-dd1a825a8509
Behavior Graph:
Download SVG
%3 guuid=e638515d-1800-0000-fc8d-f72968080000 pid=2152 /usr/bin/sudo guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160 /tmp/sample.bin guuid=e638515d-1800-0000-fc8d-f72968080000 pid=2152->guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160 execve guuid=1be4815f-1800-0000-fc8d-f72972080000 pid=2162 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=1be4815f-1800-0000-fc8d-f72972080000 pid=2162 execve guuid=952df965-1800-0000-fc8d-f72987080000 pid=2183 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=952df965-1800-0000-fc8d-f72987080000 pid=2183 execve guuid=4c266366-1800-0000-fc8d-f7298a080000 pid=2186 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=4c266366-1800-0000-fc8d-f7298a080000 pid=2186 clone guuid=45991467-1800-0000-fc8d-f7298e080000 pid=2190 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=45991467-1800-0000-fc8d-f7298e080000 pid=2190 execve guuid=b4bc3f6c-1800-0000-fc8d-f7299b080000 pid=2203 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=b4bc3f6c-1800-0000-fc8d-f7299b080000 pid=2203 execve guuid=0f3d836c-1800-0000-fc8d-f7299d080000 pid=2205 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=0f3d836c-1800-0000-fc8d-f7299d080000 pid=2205 clone guuid=846e156d-1800-0000-fc8d-f729a1080000 pid=2209 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=846e156d-1800-0000-fc8d-f729a1080000 pid=2209 execve guuid=1ea37371-1800-0000-fc8d-f729b1080000 pid=2225 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=1ea37371-1800-0000-fc8d-f729b1080000 pid=2225 execve guuid=4121ab71-1800-0000-fc8d-f729b2080000 pid=2226 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=4121ab71-1800-0000-fc8d-f729b2080000 pid=2226 clone guuid=a01e3472-1800-0000-fc8d-f729b6080000 pid=2230 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=a01e3472-1800-0000-fc8d-f729b6080000 pid=2230 execve guuid=811a8e77-1800-0000-fc8d-f729c8080000 pid=2248 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=811a8e77-1800-0000-fc8d-f729c8080000 pid=2248 execve guuid=7700ec77-1800-0000-fc8d-f729ca080000 pid=2250 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=7700ec77-1800-0000-fc8d-f729ca080000 pid=2250 clone guuid=4420af79-1800-0000-fc8d-f729d1080000 pid=2257 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=4420af79-1800-0000-fc8d-f729d1080000 pid=2257 execve guuid=19794584-1800-0000-fc8d-f729eb080000 pid=2283 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=19794584-1800-0000-fc8d-f729eb080000 pid=2283 execve guuid=c7368384-1800-0000-fc8d-f729ec080000 pid=2284 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=c7368384-1800-0000-fc8d-f729ec080000 pid=2284 clone guuid=502a2c85-1800-0000-fc8d-f729f0080000 pid=2288 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=502a2c85-1800-0000-fc8d-f729f0080000 pid=2288 execve guuid=098d978e-1800-0000-fc8d-f729fe080000 pid=2302 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=098d978e-1800-0000-fc8d-f729fe080000 pid=2302 execve guuid=9917ea8e-1800-0000-fc8d-f729ff080000 pid=2303 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=9917ea8e-1800-0000-fc8d-f729ff080000 pid=2303 clone guuid=1b60f78e-1800-0000-fc8d-f72900090000 pid=2304 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=1b60f78e-1800-0000-fc8d-f72900090000 pid=2304 execve guuid=94cb7394-1800-0000-fc8d-f7290c090000 pid=2316 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=94cb7394-1800-0000-fc8d-f7290c090000 pid=2316 execve guuid=0c79f394-1800-0000-fc8d-f7290d090000 pid=2317 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=0c79f394-1800-0000-fc8d-f7290d090000 pid=2317 clone guuid=a5a2c296-1800-0000-fc8d-f72914090000 pid=2324 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=a5a2c296-1800-0000-fc8d-f72914090000 pid=2324 execve guuid=c9406a9b-1800-0000-fc8d-f7291b090000 pid=2331 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=c9406a9b-1800-0000-fc8d-f7291b090000 pid=2331 execve guuid=ce77b69b-1800-0000-fc8d-f7291c090000 pid=2332 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=ce77b69b-1800-0000-fc8d-f7291c090000 pid=2332 clone guuid=c56d3a9c-1800-0000-fc8d-f72920090000 pid=2336 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=c56d3a9c-1800-0000-fc8d-f72920090000 pid=2336 execve guuid=c33b9da5-1800-0000-fc8d-f72930090000 pid=2352 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=c33b9da5-1800-0000-fc8d-f72930090000 pid=2352 execve guuid=8216eda5-1800-0000-fc8d-f72932090000 pid=2354 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=8216eda5-1800-0000-fc8d-f72932090000 pid=2354 clone guuid=d92e98a7-1800-0000-fc8d-f72938090000 pid=2360 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=d92e98a7-1800-0000-fc8d-f72938090000 pid=2360 execve guuid=b96429ac-1800-0000-fc8d-f72942090000 pid=2370 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=b96429ac-1800-0000-fc8d-f72942090000 pid=2370 execve guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371 /home/sandbox/UnHAnaAW.x86 net guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371 execve guuid=07ae99ac-1800-0000-fc8d-f72947090000 pid=2375 /usr/bin/wget net send-data write-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=07ae99ac-1800-0000-fc8d-f72947090000 pid=2375 execve guuid=787420c3-1800-0000-fc8d-f72969090000 pid=2409 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=787420c3-1800-0000-fc8d-f72969090000 pid=2409 execve guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410 /home/sandbox/UnHAnaAW.x86_64 net guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410 execve guuid=f44ac22f-1a00-0000-fc8d-f729a40b0000 pid=2980 /usr/bin/wget net guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=f44ac22f-1a00-0000-fc8d-f729a40b0000 pid=2980 execve guuid=88003b34-1a00-0000-fc8d-f729ab0b0000 pid=2987 /usr/bin/chmod guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=88003b34-1a00-0000-fc8d-f729ab0b0000 pid=2987 execve guuid=376c4235-1a00-0000-fc8d-f729ac0b0000 pid=2988 /usr/bin/dash guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=376c4235-1a00-0000-fc8d-f729ac0b0000 pid=2988 clone guuid=db865e35-1a00-0000-fc8d-f729ad0b0000 pid=2989 /usr/bin/rm delete-file guuid=57c93c5f-1800-0000-fc8d-f72970080000 pid=2160->guuid=db865e35-1a00-0000-fc8d-f729ad0b0000 pid=2989 execve eaaaaddb-f5f1-5090-9f4d-096f63c93adc 213.209.143.62:80 guuid=1be4815f-1800-0000-fc8d-f72972080000 pid=2162->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=45991467-1800-0000-fc8d-f7298e080000 pid=2190->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=846e156d-1800-0000-fc8d-f729a1080000 pid=2209->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=a01e3472-1800-0000-fc8d-f729b6080000 pid=2230->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=4420af79-1800-0000-fc8d-f729d1080000 pid=2257->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=502a2c85-1800-0000-fc8d-f729f0080000 pid=2288->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=1b60f78e-1800-0000-fc8d-f72900090000 pid=2304->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=a5a2c296-1800-0000-fc8d-f72914090000 pid=2324->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 142B guuid=c56d3a9c-1800-0000-fc8d-f72920090000 pid=2336->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B guuid=d92e98a7-1800-0000-fc8d-f72938090000 pid=2360->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=acfd88ac-1800-0000-fc8d-f72944090000 pid=2372 /home/sandbox/UnHAnaAW.x86 guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371->guuid=acfd88ac-1800-0000-fc8d-f72944090000 pid=2372 clone guuid=e6368dac-1800-0000-fc8d-f72945090000 pid=2373 /home/sandbox/UnHAnaAW.x86 guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371->guuid=e6368dac-1800-0000-fc8d-f72945090000 pid=2373 clone guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=9f5565ac-1800-0000-fc8d-f72943090000 pid=2371->guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374 clone guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 1491f2a5-a4ef-5eb9-bced-3da3f0c99427 213.209.143.62:1024 guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 9B guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376 clone guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377 clone guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378 clone guuid=722eb9ac-1800-0000-fc8d-f7294b090000 pid=2379 /home/sandbox/UnHAnaAW.x86 guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=722eb9ac-1800-0000-fc8d-f7294b090000 pid=2379 clone guuid=a96cbdac-1800-0000-fc8d-f7294c090000 pid=2380 /home/sandbox/UnHAnaAW.x86 guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=a96cbdac-1800-0000-fc8d-f7294c090000 pid=2380 clone guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=6dc490ac-1800-0000-fc8d-f72946090000 pid=2374->guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381 clone guuid=07ae99ac-1800-0000-fc8d-f72947090000 pid=2375->eaaaaddb-f5f1-5090-9f4d-096f63c93adc send: 144B guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376|send-data send-data to 160 IP addresses review logs to see them all guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376->guuid=fecea7ac-1800-0000-fc8d-f72948090000 pid=2376|send-data send guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377|send-data send-data to 160 IP addresses review logs to see them all guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377->guuid=cc11b0ac-1800-0000-fc8d-f72949090000 pid=2377|send-data send guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con cd2f2aee-1aa8-57a5-83e8-15eb14a2a941 31.10.9.231:8080 guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378->cd2f2aee-1aa8-57a5-83e8-15eb14a2a941 send: 40B guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378|send-data send-data to 1024 IP addresses review logs to see them all guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378->guuid=4afcb3ac-1800-0000-fc8d-f7294a090000 pid=2378|send-data send guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381|send-data send-data to 384 IP addresses review logs to see them all guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381->guuid=94fbc0ac-1800-0000-fc8d-f7294d090000 pid=2381|send-data send guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 191dff31-3ba9-595b-9e5c-dc6cfa1beabf 0.0.0.0:23455 guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410->191dff31-3ba9-595b-9e5c-dc6cfa1beabf con guuid=4d839b2f-1a00-0000-fc8d-f729a10b0000 pid=2977 /home/sandbox/UnHAnaAW.x86_64 guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410->guuid=4d839b2f-1a00-0000-fc8d-f729a10b0000 pid=2977 clone guuid=49f3a82f-1a00-0000-fc8d-f729a20b0000 pid=2978 /home/sandbox/UnHAnaAW.x86_64 guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410->guuid=49f3a82f-1a00-0000-fc8d-f729a20b0000 pid=2978 clone guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979 /home/sandbox/UnHAnaAW.x86_64 net send-data zombie guuid=19aa7bc3-1800-0000-fc8d-f7296a090000 pid=2410->guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979 clone guuid=4f197636-2400-0000-fc8d-f729d8140000 pid=5336 /home/sandbox/UnHAnaAW.x86_64 guuid=4d839b2f-1a00-0000-fc8d-f729a10b0000 pid=2977->guuid=4f197636-2400-0000-fc8d-f729d8140000 pid=5336 clone guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337 /home/sandbox/UnHAnaAW.x86_64 net zombie guuid=4d839b2f-1a00-0000-fc8d-f729a10b0000 pid=2977->guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337 clone guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 send: 11B guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981 clone guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982 clone guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983 clone guuid=eca7e02f-1a00-0000-fc8d-f729a80b0000 pid=2984 /home/sandbox/UnHAnaAW.x86_64 net guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=eca7e02f-1a00-0000-fc8d-f729a80b0000 pid=2984 clone guuid=2f47e82f-1a00-0000-fc8d-f729a90b0000 pid=2985 /home/sandbox/UnHAnaAW.x86_64 guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=2f47e82f-1a00-0000-fc8d-f729a90b0000 pid=2985 clone guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=c815af2f-1a00-0000-fc8d-f729a30b0000 pid=2979->guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986 clone guuid=f44ac22f-1a00-0000-fc8d-f729a40b0000 pid=2980->eaaaaddb-f5f1-5090-9f4d-096f63c93adc con guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981|send-data send-data to 4097 IP addresses review logs to see them all guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981->guuid=ce4ec62f-1a00-0000-fc8d-f729a50b0000 pid=2981|send-data send guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 570d2890-c8ce-5abd-b6bf-54d2439c91e4 95.101.174.118:80 guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982->570d2890-c8ce-5abd-b6bf-54d2439c91e4 send: 40B e9fb1cc2-f13b-55fa-8f4b-d3d9a4bea87a 95.58.66.149:80 guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982->e9fb1cc2-f13b-55fa-8f4b-d3d9a4bea87a send: 40B guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982|send-data send-data to 4097 IP addresses review logs to see them all guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982->guuid=d575cd2f-1a00-0000-fc8d-f729a60b0000 pid=2982|send-data send guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983|send-data send-data to 4096 IP addresses review logs to see them all guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983->guuid=6d1fd62f-1a00-0000-fc8d-f729a70b0000 pid=2983|send-data send guuid=eca7e02f-1a00-0000-fc8d-f729a80b0000 pid=2984->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=e8dba135-2400-0000-fc8d-f729d6140000 pid=5334 /home/sandbox/UnHAnaAW.x86_64 guuid=eca7e02f-1a00-0000-fc8d-f729a80b0000 pid=2984->guuid=e8dba135-2400-0000-fc8d-f729d6140000 pid=5334 clone guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=eca7e02f-1a00-0000-fc8d-f729a80b0000 pid=2984->guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335 clone guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986|send-data send-data to 4097 IP addresses review logs to see them all guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986->guuid=ddeced2f-1a00-0000-fc8d-f729aa0b0000 pid=2986|send-data send guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335|send-data send-data to 4097 IP addresses review logs to see them all guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335->guuid=92b4aa35-2400-0000-fc8d-f729d7140000 pid=5335|send-data send guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338 clone guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339 clone guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340 clone guuid=cca8d536-2400-0000-fc8d-f729dd140000 pid=5341 /home/sandbox/UnHAnaAW.x86_64 net guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=cca8d536-2400-0000-fc8d-f729dd140000 pid=5341 clone guuid=0bc3db36-2400-0000-fc8d-f729de140000 pid=5342 /home/sandbox/UnHAnaAW.x86_64 guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=0bc3db36-2400-0000-fc8d-f729de140000 pid=5342 clone guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=fea07b36-2400-0000-fc8d-f729d9140000 pid=5337->guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343 clone guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338|send-data send-data to 2240 IP addresses review logs to see them all guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338->guuid=a7a5c236-2400-0000-fc8d-f729da140000 pid=5338|send-data send guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339|send-data send-data to 2240 IP addresses review logs to see them all guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339->guuid=6ce7c736-2400-0000-fc8d-f729db140000 pid=5339|send-data send guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340|send-data send-data to 4097 IP addresses review logs to see them all guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340->guuid=5debcc36-2400-0000-fc8d-f729dc140000 pid=5340|send-data send guuid=cca8d536-2400-0000-fc8d-f729dd140000 pid=5341->1491f2a5-a4ef-5eb9-bced-3da3f0c99427 con guuid=68400161-2500-0000-fc8d-f729e0140000 pid=5344 /home/sandbox/UnHAnaAW.x86_64 guuid=cca8d536-2400-0000-fc8d-f729dd140000 pid=5341->guuid=68400161-2500-0000-fc8d-f729e0140000 pid=5344 clone guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345 /home/sandbox/UnHAnaAW.x86_64 net net-scan send-data guuid=cca8d536-2400-0000-fc8d-f729dd140000 pid=5341->guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345 clone guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343|send-data send-data to 4097 IP addresses review logs to see them all guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343->guuid=9f75e136-2400-0000-fc8d-f729df140000 pid=5343|send-data send guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345|send-data send-data to 3456 IP addresses review logs to see them all guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345->guuid=91f40661-2500-0000-fc8d-f729e1140000 pid=5345|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f/
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 05:43:25 UTC
File Type:
Text
AV detection:
16 of 36 (44.44%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5xlcyp2wnz7aeq6npethaeb4ioar6el5rwbpzrzikuhl5o4bhe7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251002-gdbe3shn8v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh edd62c3f566e7e0243cd792670103c43811f117d8d82fcc728550ebebb81393f

(this sample)

Mirai

elf dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932

  
URLhaus
https://urlhaus.abuse.ch/url/3639134/
  
Delivery method
Distributed via web download
  
Dropping
MD5 98e684e57fccda6c85ef49abf6e8fd3b
  
Dropping
SHA256 dc1ae6bd7479988304e363f7aac58204577b47bf4140676d9a4524ef16a18932
  
URLhaus
https://urlhaus.abuse.ch/url/3639178/

Comments