MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af
SHA3-384 hash: f80e82ad958f68ffae76316809e7f42211e8db589b691a1b00aeb36834de9413b3e77daf8c6947224068f08a1f53c11b
SHA1 hash: b484276345d5e2bc795c4ee26f5c56af942f3506
MD5 hash: 0cb8eca69771e9bd44540ff898eafd6e
humanhash: mockingbird-sink-jupiter-jersey
File name:wget.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'029 bytes
First seen:2025-07-15 05:59:55 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:QU/UMUaNI6GUTKHU8N+BUDWUEwU4UUXUNU63kU8xn:BcViDTz8N+inEhZUEG6N8x
TLSH T10A11C1FF5390B51B002D8FCB356A0605974783D7B86E1F7D66C588AB69C5A04F068F4B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.26.192.12/bins/morte.arm1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b Miraimirai opendir
http://194.26.192.12/bins/morte.arm5bb58685e750ea7ea86ef5e8e0272309259225751e891a8180edeb43f00e12237 Miraimirai opendir
http://194.26.192.12/bins/morte.arm6fc5cd925ce297000ca57784ead53c74be59b7f1947fe30fc596b8288b58e34ac Miraimirai opendir
http://194.26.192.12/bins/morte.arm7f668ad9e7208fb93503504745e844534c2f1cd03bb8be6580ceb107b2f3e5c1f Miraimirai opendir
http://194.26.192.12/bins/morte.m68kb34ab7b3235520d509129dbf8ce61fa4aaf07c689caf1086678d209c2bdfb15f Miraimirai opendir
http://194.26.192.12/bins/morte.mipsdb7c3f4a4d9955f60e2428d33081b7516d2b05a554549ef7435ad5f0da26aebc Miraimirai opendir
http://194.26.192.12/bins/morte.mpsl6a381680badfe72a680a7ebbac5a87b69b92bef8cf495dea18c08768ae4a8104 Miraimirai opendir
http://194.26.192.12/bins/morte.ppc4c2307922752b1dda4168efb06f7f577df1e1a6b559b16e290533fa875bbfb67 Miraimirai opendir
http://194.26.192.12/bins/morte.sh4aeaca0a823b1c1ba1fef65021e4435d355d8da6763b976bfecfe002a17023b80 Miraimirai opendir
http://194.26.192.12/bins/morte.spc600fc077b364f1e19774afc961c350ca78168a7c89985b8d649d18a784bb54ca Miraimirai opendir
http://194.26.192.12/bins/morte.x866b89288f82c10313cc04d6801994f61ae0f454a8e49ae902416549475d22563e Miraimirai opendir
http://194.26.192.12/bins/morte.x86_640f3d5843dbea20320950015e6b16d397ead64d3a0cc0c0c9d236ab0c329e5c3c Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6875ee8a19132d9848800657/reports/11fad788-379f-47b4-af79-d6682b480684/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e06f1f52-c6d0-4f48-925c-ae2799c2ff21
Behavior Graph:
Download SVG
%3 guuid=efff2e69-1a00-0000-6456-303f62090000 pid=2402 /usr/bin/sudo guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405 /tmp/sample.bin guuid=efff2e69-1a00-0000-6456-303f62090000 pid=2402->guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405 execve guuid=f628ed6b-1a00-0000-6456-303f66090000 pid=2406 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=f628ed6b-1a00-0000-6456-303f66090000 pid=2406 execve guuid=e9b66978-1a00-0000-6456-303f78090000 pid=2424 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=e9b66978-1a00-0000-6456-303f78090000 pid=2424 execve guuid=99c5af78-1a00-0000-6456-303f79090000 pid=2425 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=99c5af78-1a00-0000-6456-303f79090000 pid=2425 clone guuid=4a5a4579-1a00-0000-6456-303f7d090000 pid=2429 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=4a5a4579-1a00-0000-6456-303f7d090000 pid=2429 execve guuid=092b2c7e-1a00-0000-6456-303f89090000 pid=2441 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=092b2c7e-1a00-0000-6456-303f89090000 pid=2441 execve guuid=2613717e-1a00-0000-6456-303f8a090000 pid=2442 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=2613717e-1a00-0000-6456-303f8a090000 pid=2442 clone guuid=6f02217f-1a00-0000-6456-303f8e090000 pid=2446 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=6f02217f-1a00-0000-6456-303f8e090000 pid=2446 execve guuid=3af6db8f-1a00-0000-6456-303fae090000 pid=2478 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=3af6db8f-1a00-0000-6456-303fae090000 pid=2478 execve guuid=98a61990-1a00-0000-6456-303fb0090000 pid=2480 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=98a61990-1a00-0000-6456-303fb0090000 pid=2480 clone guuid=d6cdbb90-1a00-0000-6456-303fb3090000 pid=2483 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=d6cdbb90-1a00-0000-6456-303fb3090000 pid=2483 execve guuid=8cdaa794-1a00-0000-6456-303fbe090000 pid=2494 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=8cdaa794-1a00-0000-6456-303fbe090000 pid=2494 execve guuid=fe527895-1a00-0000-6456-303fc1090000 pid=2497 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=fe527895-1a00-0000-6456-303fc1090000 pid=2497 clone guuid=5b2b2e96-1a00-0000-6456-303fc4090000 pid=2500 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=5b2b2e96-1a00-0000-6456-303fc4090000 pid=2500 execve guuid=719a249b-1a00-0000-6456-303fcd090000 pid=2509 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=719a249b-1a00-0000-6456-303fcd090000 pid=2509 execve guuid=6727669b-1a00-0000-6456-303fcf090000 pid=2511 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=6727669b-1a00-0000-6456-303fcf090000 pid=2511 clone guuid=a494f89b-1a00-0000-6456-303fd3090000 pid=2515 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=a494f89b-1a00-0000-6456-303fd3090000 pid=2515 execve guuid=c800569f-1a00-0000-6456-303fda090000 pid=2522 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=c800569f-1a00-0000-6456-303fda090000 pid=2522 execve guuid=750b959f-1a00-0000-6456-303fdb090000 pid=2523 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=750b959f-1a00-0000-6456-303fdb090000 pid=2523 clone guuid=892e37a0-1a00-0000-6456-303fdd090000 pid=2525 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=892e37a0-1a00-0000-6456-303fdd090000 pid=2525 execve guuid=44b072a3-1a00-0000-6456-303fe3090000 pid=2531 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=44b072a3-1a00-0000-6456-303fe3090000 pid=2531 execve guuid=ad7caea3-1a00-0000-6456-303fe4090000 pid=2532 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=ad7caea3-1a00-0000-6456-303fe4090000 pid=2532 clone guuid=b8a625a4-1a00-0000-6456-303fe8090000 pid=2536 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=b8a625a4-1a00-0000-6456-303fe8090000 pid=2536 execve guuid=82c029a7-1a00-0000-6456-303fee090000 pid=2542 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=82c029a7-1a00-0000-6456-303fee090000 pid=2542 execve guuid=506280a7-1a00-0000-6456-303fef090000 pid=2543 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=506280a7-1a00-0000-6456-303fef090000 pid=2543 clone guuid=ae5c23a8-1a00-0000-6456-303ff2090000 pid=2546 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=ae5c23a8-1a00-0000-6456-303ff2090000 pid=2546 execve guuid=67414ceb-1a00-0000-6456-303fa10a0000 pid=2721 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=67414ceb-1a00-0000-6456-303fa10a0000 pid=2721 execve guuid=4e1cb6eb-1a00-0000-6456-303fa20a0000 pid=2722 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=4e1cb6eb-1a00-0000-6456-303fa20a0000 pid=2722 clone guuid=dcdb0fed-1a00-0000-6456-303fa70a0000 pid=2727 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=dcdb0fed-1a00-0000-6456-303fa70a0000 pid=2727 execve guuid=8e4747f2-1a00-0000-6456-303fb30a0000 pid=2739 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=8e4747f2-1a00-0000-6456-303fb30a0000 pid=2739 execve guuid=ce6f8ff2-1a00-0000-6456-303fb50a0000 pid=2741 /usr/bin/dash guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=ce6f8ff2-1a00-0000-6456-303fb50a0000 pid=2741 clone guuid=6f5472f3-1a00-0000-6456-303fba0a0000 pid=2746 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=6f5472f3-1a00-0000-6456-303fba0a0000 pid=2746 execve guuid=843391f6-1a00-0000-6456-303fc40a0000 pid=2756 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=843391f6-1a00-0000-6456-303fc40a0000 pid=2756 execve guuid=c726ddf6-1a00-0000-6456-303fc60a0000 pid=2758 /home/sandbox/morte.x86 net guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=c726ddf6-1a00-0000-6456-303fc60a0000 pid=2758 execve guuid=3eae33f7-1a00-0000-6456-303fc80a0000 pid=2760 /usr/bin/wget net send-data write-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=3eae33f7-1a00-0000-6456-303fc80a0000 pid=2760 execve guuid=4a4576fb-1a00-0000-6456-303fd50a0000 pid=2773 /usr/bin/chmod guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=4a4576fb-1a00-0000-6456-303fd50a0000 pid=2773 execve guuid=777db6fb-1a00-0000-6456-303fd70a0000 pid=2775 /home/sandbox/morte.x86_64 mprotect-exec net guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=777db6fb-1a00-0000-6456-303fd70a0000 pid=2775 execve guuid=74881ffc-1a00-0000-6456-303fdb0a0000 pid=2779 /usr/bin/rm delete-file guuid=062c626b-1a00-0000-6456-303f65090000 pid=2405->guuid=74881ffc-1a00-0000-6456-303fdb0a0000 pid=2779 execve 5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 194.26.192.12:80 guuid=f628ed6b-1a00-0000-6456-303f66090000 pid=2406->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B guuid=4a5a4579-1a00-0000-6456-303f7d090000 pid=2429->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=6f02217f-1a00-0000-6456-303f8e090000 pid=2446->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=d6cdbb90-1a00-0000-6456-303fb3090000 pid=2483->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=5b2b2e96-1a00-0000-6456-303fc4090000 pid=2500->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=a494f89b-1a00-0000-6456-303fd3090000 pid=2515->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=892e37a0-1a00-0000-6456-303fdd090000 pid=2525->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 143B guuid=b8a625a4-1a00-0000-6456-303fe8090000 pid=2536->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B guuid=ae5c23a8-1a00-0000-6456-303ff2090000 pid=2546->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B guuid=dcdb0fed-1a00-0000-6456-303fa70a0000 pid=2727->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B guuid=6f5472f3-1a00-0000-6456-303fba0a0000 pid=2746->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 142B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=c726ddf6-1a00-0000-6456-303fc60a0000 pid=2758->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3fcf27f7-1a00-0000-6456-303fc70a0000 pid=2759 /home/sandbox/morte.x86 guuid=c726ddf6-1a00-0000-6456-303fc60a0000 pid=2758->guuid=3fcf27f7-1a00-0000-6456-303fc70a0000 pid=2759 clone guuid=7b953ff7-1a00-0000-6456-303fca0a0000 pid=2762 /home/sandbox/morte.x86 write-config zombie guuid=3fcf27f7-1a00-0000-6456-303fc70a0000 pid=2759->guuid=7b953ff7-1a00-0000-6456-303fca0a0000 pid=2762 clone guuid=3eae33f7-1a00-0000-6456-303fc80a0000 pid=2760->5a8f24c0-6fe9-5b53-9a76-b09c5afd7ee9 send: 145B guuid=adce24fd-1a00-0000-6456-303fe10a0000 pid=2785 /usr/bin/dash guuid=7b953ff7-1a00-0000-6456-303fca0a0000 pid=2762->guuid=adce24fd-1a00-0000-6456-303fe10a0000 pid=2785 execve guuid=777db6fb-1a00-0000-6456-303fd70a0000 pid=2775->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=812d1afc-1a00-0000-6456-303fda0a0000 pid=2778 /home/sandbox/morte.x86_64 zombie guuid=777db6fb-1a00-0000-6456-303fd70a0000 pid=2775->guuid=812d1afc-1a00-0000-6456-303fda0a0000 pid=2778 clone guuid=4dec25fc-1a00-0000-6456-303fdc0a0000 pid=2780 /home/sandbox/morte.x86_64 write-config zombie guuid=812d1afc-1a00-0000-6456-303fda0a0000 pid=2778->guuid=4dec25fc-1a00-0000-6456-303fdc0a0000 pid=2780 clone guuid=d54d9ffc-1a00-0000-6456-303fdf0a0000 pid=2783 /usr/bin/dash guuid=4dec25fc-1a00-0000-6456-303fdc0a0000 pid=2780->guuid=d54d9ffc-1a00-0000-6456-303fdf0a0000 pid=2783 execve guuid=a50b70fd-1a00-0000-6456-303fe30a0000 pid=2787 /home/sandbox/morte.x86_64 dns net send-data guuid=4dec25fc-1a00-0000-6456-303fdc0a0000 pid=2780->guuid=a50b70fd-1a00-0000-6456-303fe30a0000 pid=2787 clone guuid=f2fbcbfc-1a00-0000-6456-303fe00a0000 pid=2784 /usr/bin/cp guuid=d54d9ffc-1a00-0000-6456-303fdf0a0000 pid=2783->guuid=f2fbcbfc-1a00-0000-6456-303fe00a0000 pid=2784 execve guuid=1e9869fd-1a00-0000-6456-303fe20a0000 pid=2786 /usr/bin/cp guuid=adce24fd-1a00-0000-6456-303fe10a0000 pid=2785->guuid=1e9869fd-1a00-0000-6456-303fe20a0000 pid=2786 execve guuid=a50b70fd-1a00-0000-6456-303fe30a0000 pid=2787->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 805B 1bbb4005-5fa7-5147-8924-030d465cc44a vipcncnetwork.com:12121 guuid=a50b70fd-1a00-0000-6456-303fe30a0000 pid=2787->1bbb4005-5fa7-5147-8924-030d465cc44a send: 460B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-15 06:00:42 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=55it2ma2bq2acg47za5p4o25fh4kvaefe6x7gqx6d5lwss32fcxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250715-gqkvaayks3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ef513d301a0c34011b9fc83afe3b5d29f8aa808527aff342fe1f57694b7a28af

(this sample)

Mirai

elf 0f4dd32bbc70a788e271114b388a8199ad1e13aa02b390a354e555c9ff1c89ae

Mirai

elf 1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b

  
URLhaus
https://urlhaus.abuse.ch/url/3583552/
  
Delivery method
Distributed via web download
  
Dropping
MD5 289172bfab002afd1c028e2069cd4b30
  
Dropping
SHA256 1e084f768e6f712bd7a6550bfd1d6651475110be15afdaf20ea165035e41825b

Comments