MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6
SHA3-384 hash: d79ceff4250e1266b71740007513261bc3221b9df7ded73f6089870ccd3538dfb1c182ee218d4431844ae2b3a0cfbd4c
SHA1 hash: a196571130452296bf5e8e5cdb87c6114726d8e8
MD5 hash: cb14e9bf9f9efcc1e92689a87298f6ec
humanhash: mockingbird-fanta-north-berlin
File name:w.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:814 bytes
First seen:2025-11-15 21:15:46 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:HbTXb1NI7pb9KQbdGbBvbjUbgMbRtXbMbTubS:3MXJET
TLSH T1B201ADED29D113790564CF586066C4D870058EC534611F5DA8CE2FF2A9D9F19FF12E6C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://2.56.122.3/arm8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40 Mirai32-bit elf mirai Mozi
http://2.56.122.3/arm5ed8fefaec32f423d47ad8929b6e8f869f3d7043245ba1e99ceacd75bfe3b5f2b Miraielf mirai ua-wget
http://2.56.122.3/arm640547b593a0eefa0a818a539874f66ffa195bb438d5995acf7d06829f707e65f Miraielf mirai ua-wget
http://2.56.122.3/arm776a151de07cea965b0320057263aee27eaa4ec57db4f8db1afc59267e305c1e0 Miraielf mirai ua-wget
http://2.56.122.3/m68k856c35fa5043b8ee8e231651eb9a61aeae031be335679e4f6f37af7974d8f276 Miraielf mirai ua-wget
http://2.56.122.3/mips47438305b91bceec94d75dd203d18fab47d287dacc9282632af9dd4694849c93 Mirai32-bit elf mirai Mozi
http://2.56.122.3/mpsl0d7dd6f504d74271e4883aa266d4ed0c1f74bf84694af0976dc654a6ac3e65d0 Miraielf mirai ua-wget
http://2.56.122.3/ppce489b2d7708986566570ba14dfdfdc83c5d6774f276cd8370a6fdd2f0ad9e9d7 Miraielf mirai ua-wget
http://2.56.122.3/sh4dc08f53196b64a4ad0e6bbd22652f96f39e332dc7cd49eab14515bf9eefb99ef Miraielf mirai ua-wget
http://2.56.122.3/spcc62b9aa9ae196e2bde6dd30bcd5e338e78f25a4ecaa313d1b7c318974716bfae Miraielf mirai ua-wget
http://2.56.122.3/x861bf5f1ecf1b1d84c30ef45537304c3d416ec239c89769f0fa986c67bbc1ee9d4 Mirai32-bit elf mirai Mozi
http://2.56.122.3/x86_648e4cd99dcb2c2ab654079b0051a29580ff9f9bb1c8b59da2430b2197054cc4c4 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/6918eda68d0a7764432c301b/reports/a9766a52-2839-4ba2-8864-2b101d9ddc96/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-15T19:30:00Z UTC
Last seen:
2025-11-16T01:36:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1289f5e7-0fb2-4864-92d4-ba0a828f6f78
Behavior Graph:
Download SVG
%3 guuid=6d0b3253-1900-0000-fb48-ae48ee080000 pid=2286 /usr/bin/sudo guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293 /tmp/sample.bin guuid=6d0b3253-1900-0000-fb48-ae48ee080000 pid=2286->guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293 execve guuid=aa711957-1900-0000-fb48-ae48f6080000 pid=2294 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=aa711957-1900-0000-fb48-ae48f6080000 pid=2294 execve guuid=4f78e6a0-1900-0000-fb48-ae4878090000 pid=2424 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=4f78e6a0-1900-0000-fb48-ae4878090000 pid=2424 execve guuid=34f825a1-1900-0000-fb48-ae487a090000 pid=2426 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=34f825a1-1900-0000-fb48-ae487a090000 pid=2426 clone guuid=10b18fa2-1900-0000-fb48-ae487f090000 pid=2431 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=10b18fa2-1900-0000-fb48-ae487f090000 pid=2431 execve guuid=bc1bb4ae-1900-0000-fb48-ae489e090000 pid=2462 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=bc1bb4ae-1900-0000-fb48-ae489e090000 pid=2462 execve guuid=e679f8ae-1900-0000-fb48-ae489f090000 pid=2463 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=e679f8ae-1900-0000-fb48-ae489f090000 pid=2463 clone guuid=432344b0-1900-0000-fb48-ae48a3090000 pid=2467 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=432344b0-1900-0000-fb48-ae48a3090000 pid=2467 execve guuid=f6f69ee4-1900-0000-fb48-ae48250a0000 pid=2597 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=f6f69ee4-1900-0000-fb48-ae48250a0000 pid=2597 execve guuid=d07707e5-1900-0000-fb48-ae48270a0000 pid=2599 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=d07707e5-1900-0000-fb48-ae48270a0000 pid=2599 clone guuid=62d6cae5-1900-0000-fb48-ae482b0a0000 pid=2603 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=62d6cae5-1900-0000-fb48-ae482b0a0000 pid=2603 execve guuid=f3a6cc2c-1a00-0000-fb48-ae48c40a0000 pid=2756 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=f3a6cc2c-1a00-0000-fb48-ae48c40a0000 pid=2756 execve guuid=c5721c2d-1a00-0000-fb48-ae48c50a0000 pid=2757 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=c5721c2d-1a00-0000-fb48-ae48c50a0000 pid=2757 clone guuid=50f3dd2d-1a00-0000-fb48-ae48c80a0000 pid=2760 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=50f3dd2d-1a00-0000-fb48-ae48c80a0000 pid=2760 execve guuid=be8aa83d-1a00-0000-fb48-ae48da0a0000 pid=2778 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=be8aa83d-1a00-0000-fb48-ae48da0a0000 pid=2778 execve guuid=ece3e43d-1a00-0000-fb48-ae48db0a0000 pid=2779 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=ece3e43d-1a00-0000-fb48-ae48db0a0000 pid=2779 clone guuid=e171843e-1a00-0000-fb48-ae48df0a0000 pid=2783 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=e171843e-1a00-0000-fb48-ae48df0a0000 pid=2783 execve guuid=cb17b7b6-1a00-0000-fb48-ae48a10b0000 pid=2977 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=cb17b7b6-1a00-0000-fb48-ae48a10b0000 pid=2977 execve guuid=ba2e0cb7-1a00-0000-fb48-ae48a30b0000 pid=2979 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=ba2e0cb7-1a00-0000-fb48-ae48a30b0000 pid=2979 clone guuid=2bec76b9-1a00-0000-fb48-ae48a90b0000 pid=2985 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=2bec76b9-1a00-0000-fb48-ae48a90b0000 pid=2985 execve guuid=33b024fb-1a00-0000-fb48-ae483f0c0000 pid=3135 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=33b024fb-1a00-0000-fb48-ae483f0c0000 pid=3135 execve guuid=7c31b9fb-1a00-0000-fb48-ae48410c0000 pid=3137 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=7c31b9fb-1a00-0000-fb48-ae48410c0000 pid=3137 clone guuid=c0f4b0fc-1a00-0000-fb48-ae48450c0000 pid=3141 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=c0f4b0fc-1a00-0000-fb48-ae48450c0000 pid=3141 execve guuid=5a332f6c-1b00-0000-fb48-ae48ca0c0000 pid=3274 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=5a332f6c-1b00-0000-fb48-ae48ca0c0000 pid=3274 execve guuid=b2817f6c-1b00-0000-fb48-ae48cb0c0000 pid=3275 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=b2817f6c-1b00-0000-fb48-ae48cb0c0000 pid=3275 clone guuid=8a23866d-1b00-0000-fb48-ae48ce0c0000 pid=3278 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=8a23866d-1b00-0000-fb48-ae48ce0c0000 pid=3278 execve guuid=6c9a1bbb-1b00-0000-fb48-ae48420d0000 pid=3394 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=6c9a1bbb-1b00-0000-fb48-ae48420d0000 pid=3394 execve guuid=7f307bbb-1b00-0000-fb48-ae48430d0000 pid=3395 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=7f307bbb-1b00-0000-fb48-ae48430d0000 pid=3395 clone guuid=00a612bc-1b00-0000-fb48-ae48470d0000 pid=3399 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=00a612bc-1b00-0000-fb48-ae48470d0000 pid=3399 execve guuid=51f064d2-1b00-0000-fb48-ae486f0d0000 pid=3439 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=51f064d2-1b00-0000-fb48-ae486f0d0000 pid=3439 execve guuid=0bccd8d2-1b00-0000-fb48-ae48710d0000 pid=3441 /usr/bin/dash guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=0bccd8d2-1b00-0000-fb48-ae48710d0000 pid=3441 clone guuid=a7f3e8d3-1b00-0000-fb48-ae48750d0000 pid=3445 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=a7f3e8d3-1b00-0000-fb48-ae48750d0000 pid=3445 execve guuid=eb8af01e-1c00-0000-fb48-ae48110e0000 pid=3601 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=eb8af01e-1c00-0000-fb48-ae48110e0000 pid=3601 execve guuid=a849551f-1c00-0000-fb48-ae48130e0000 pid=3603 /home/sandbox/x86 net guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=a849551f-1c00-0000-fb48-ae48130e0000 pid=3603 execve guuid=bb06d920-1c00-0000-fb48-ae481e0e0000 pid=3614 /usr/bin/busybox net send-data write-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=bb06d920-1c00-0000-fb48-ae481e0e0000 pid=3614 execve guuid=6687404c-1c00-0000-fb48-ae487a0e0000 pid=3706 /usr/bin/chmod guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=6687404c-1c00-0000-fb48-ae487a0e0000 pid=3706 execve guuid=baf88b4c-1c00-0000-fb48-ae487c0e0000 pid=3708 /home/sandbox/x86_64 net guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=baf88b4c-1c00-0000-fb48-ae487c0e0000 pid=3708 execve guuid=b8effb4c-1c00-0000-fb48-ae48800e0000 pid=3712 /usr/bin/rm delete-file guuid=cfb9c856-1900-0000-fb48-ae48f5080000 pid=2293->guuid=b8effb4c-1c00-0000-fb48-ae48800e0000 pid=3712 execve 546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe 2.56.122.3:80 guuid=aa711957-1900-0000-fb48-ae48f6080000 pid=2294->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 76B guuid=10b18fa2-1900-0000-fb48-ae487f090000 pid=2431->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=432344b0-1900-0000-fb48-ae48a3090000 pid=2467->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=62d6cae5-1900-0000-fb48-ae482b0a0000 pid=2603->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=50f3dd2d-1a00-0000-fb48-ae48c80a0000 pid=2760->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=e171843e-1a00-0000-fb48-ae48df0a0000 pid=2783->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=2bec76b9-1a00-0000-fb48-ae48a90b0000 pid=2985->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 77B guuid=c0f4b0fc-1a00-0000-fb48-ae48450c0000 pid=3141->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 76B guuid=8a23866d-1b00-0000-fb48-ae48ce0c0000 pid=3278->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 76B guuid=00a612bc-1b00-0000-fb48-ae48470d0000 pid=3399->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 76B guuid=a7f3e8d3-1b00-0000-fb48-ae48750d0000 pid=3445->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 76B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a849551f-1c00-0000-fb48-ae48130e0000 pid=3603->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604 /usr/bin/dash guuid=a849551f-1c00-0000-fb48-ae48130e0000 pid=3603->guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604 execve guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613 /home/sandbox/bin/busybox dns net send-data zombie guuid=a849551f-1c00-0000-fb48-ae48130e0000 pid=3603->guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613 clone guuid=5694b51f-1c00-0000-fb48-ae48150e0000 pid=3605 /usr/bin/rm guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604->guuid=5694b51f-1c00-0000-fb48-ae48150e0000 pid=3605 execve guuid=cb04f11f-1c00-0000-fb48-ae48170e0000 pid=3607 /usr/bin/mkdir guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604->guuid=cb04f11f-1c00-0000-fb48-ae48170e0000 pid=3607 execve guuid=7cbd4120-1c00-0000-fb48-ae48180e0000 pid=3608 /usr/bin/mv guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604->guuid=7cbd4120-1c00-0000-fb48-ae48180e0000 pid=3608 execve guuid=7168a720-1c00-0000-fb48-ae481b0e0000 pid=3611 /usr/bin/chmod zombie guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604->guuid=7168a720-1c00-0000-fb48-ae481b0e0000 pid=3611 execve guuid=a880ab20-1c00-0000-fb48-ae481c0e0000 pid=3612 /usr/bin/dash guuid=4258811f-1c00-0000-fb48-ae48140e0000 pid=3604->guuid=a880ab20-1c00-0000-fb48-ae481c0e0000 pid=3612 clone guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 561B fb431040-bd1b-53e3-953b-942f4864a9fb mientrung.click:4320 guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613->fb431040-bd1b-53e3-953b-942f4864a9fb send: 22B guuid=78d5e120-1c00-0000-fb48-ae481f0e0000 pid=3615 /home/sandbox/bin/busybox guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613->guuid=78d5e120-1c00-0000-fb48-ae481f0e0000 pid=3615 clone guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616 /home/sandbox/bin/busybox net net-scan send-data guuid=e0ddd420-1c00-0000-fb48-ae481d0e0000 pid=3613->guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616 clone guuid=bb06d920-1c00-0000-fb48-ae481e0e0000 pid=3614->546d3cd5-2cf0-51d0-9ea4-cba93c2e6fbe send: 79B guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616|send-data send-data to 4097 IP addresses review logs to see them all guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616->guuid=cfa1e520-1c00-0000-fb48-ae48200e0000 pid=3616|send-data send guuid=baf88b4c-1c00-0000-fb48-ae487c0e0000 pid=3708->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e0ffac4c-1c00-0000-fb48-ae487d0e0000 pid=3709 /usr/bin/dash guuid=baf88b4c-1c00-0000-fb48-ae487c0e0000 pid=3708->guuid=e0ffac4c-1c00-0000-fb48-ae487d0e0000 pid=3709 execve guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711 /home/sandbox/x86_64 dns net send-data zombie guuid=baf88b4c-1c00-0000-fb48-ae487c0e0000 pid=3708->guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711 clone guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 33B guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711->fb431040-bd1b-53e3-953b-942f4864a9fb send: 13B guuid=4a9f024d-1c00-0000-fb48-ae48810e0000 pid=3713 /home/sandbox/x86_64 guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711->guuid=4a9f024d-1c00-0000-fb48-ae48810e0000 pid=3713 clone guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714 /home/sandbox/x86_64 net net-scan send-data guuid=b3f3f24c-1c00-0000-fb48-ae487f0e0000 pid=3711->guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714 clone guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714|send-data send-data to 4097 IP addresses review logs to see them all guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714->guuid=8ebe074d-1c00-0000-fb48-ae48820e0000 pid=3714|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6/
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-15 21:16:25 UTC
File Type:
Text (Shell)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ukyydrnkn6pr4zv4m7wylqvb45mux7ngyv3e4zsnjiez3eo4tla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251115-z4l9dadj6t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fd158c0e2d537cf8f335e33f6c2e150f3aca5fed362bb273326a504cec8ee4d6

(this sample)

Mirai

elf 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

  
URLhaus
https://urlhaus.abuse.ch/url/3709523/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3709544/
  
Dropping
MD5 e0ecce9a58fa9cd38f425847c1f99734
  
Dropping
SHA256 8fb022bc65b816891acacc9b7af5ed67a7bb3765ab090b32ee31e2ba439b8a40

Comments