MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd
SHA3-384 hash: 5d70fa6bd62fe201457ce2f571cf8d07677ceecb88bd6951641d687f826be62496ae57986b9ecf7c2620dd4b00ea63f2
SHA1 hash: 52435df26df43c37b32cb4d9c70a2f9158be95a9
MD5 hash: 2895483c88619024debc577264c30f60
humanhash: massachusetts-cold-edward-undress
File name:goahead.sh
Download: download sample
File size:326 bytes
First seen:2026-02-13 08:38:59 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:QnQNFn8Na2ZQII5eEdcgbSoOjVxi8LUTidaSSE8qa4aYeeHnQNFn8Na2ZQIIQ1dd:lswzI9Edcg2EOt4swzIddcg2xW
TLSH T1BDE04FE504548EA0BCC069CF34A58A133423D25E18C56F96EFDC25F6449CC04B852B07
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://139.177.197.168/mpsl73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f Miraielf mirai
http://139.177.197.168/mips4e589892f95fe0035dbda7f3c189adee300dd94ee2de6bff873822f450080696 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.61648931.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2026-02-13T06:05:00Z UTC
Last seen:
2026-02-13T14:26:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/045dee22-d55f-4a31-bac4-4d659a15562f
Behavior Graph:
Download SVG
%3 guuid=a79c377e-1800-0000-abf5-ac0e3e0d0000 pid=3390 /usr/bin/sudo guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398 /tmp/sample.bin guuid=a79c377e-1800-0000-abf5-ac0e3e0d0000 pid=3390->guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398 execve guuid=c2b5bd80-1800-0000-abf5-ac0e470d0000 pid=3399 /usr/bin/rm guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=c2b5bd80-1800-0000-abf5-ac0e470d0000 pid=3399 execve guuid=65175e81-1800-0000-abf5-ac0e490d0000 pid=3401 /usr/bin/wget net guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=65175e81-1800-0000-abf5-ac0e490d0000 pid=3401 execve guuid=47f3ad8a-1800-0000-abf5-ac0e5f0d0000 pid=3423 /usr/bin/chmod guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=47f3ad8a-1800-0000-abf5-ac0e5f0d0000 pid=3423 execve guuid=1fcf938b-1800-0000-abf5-ac0e610d0000 pid=3425 /usr/bin/dash guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=1fcf938b-1800-0000-abf5-ac0e610d0000 pid=3425 clone guuid=8e13a78b-1800-0000-abf5-ac0e620d0000 pid=3426 /usr/bin/rm guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=8e13a78b-1800-0000-abf5-ac0e620d0000 pid=3426 execve guuid=b02d3a8c-1800-0000-abf5-ac0e640d0000 pid=3428 /usr/bin/wget net guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=b02d3a8c-1800-0000-abf5-ac0e640d0000 pid=3428 execve guuid=da4ecf93-1800-0000-abf5-ac0e730d0000 pid=3443 /usr/bin/chmod guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=da4ecf93-1800-0000-abf5-ac0e730d0000 pid=3443 execve guuid=5d5b5094-1800-0000-abf5-ac0e750d0000 pid=3445 /usr/bin/dash guuid=10617880-1800-0000-abf5-ac0e460d0000 pid=3398->guuid=5d5b5094-1800-0000-abf5-ac0e750d0000 pid=3445 clone 64ebb26b-1512-5fe2-84d5-70106fbc0554 139.177.197.168:80 guuid=65175e81-1800-0000-abf5-ac0e490d0000 pid=3401->64ebb26b-1512-5fe2-84d5-70106fbc0554 con guuid=b02d3a8c-1800-0000-abf5-ac0e640d0000 pid=3428->64ebb26b-1512-5fe2-84d5-70106fbc0554 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-13 09:14:45 UTC
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cslwittilfxhbdcyo2cektszlwvyidjxlwiudiuaqyvp4k3ayk6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260213-kkemvsg12h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1497644e68596e708c587684454e595dab840d375d9141a280862afe2b60c2bd

(this sample)

Mirai

elf 73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f

  
URLhaus
https://urlhaus.abuse.ch/url/3776901/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3776903/
  
URLhaus
https://urlhaus.abuse.ch/url/3776916/
  
Dropping
MD5 2afb82587a0fe4b043e775a45cb94736
  
Dropping
SHA256 73d23e3291eca6018be1e0c85b13aa48e9cd9e36cebcc642cfed72e6fdd8a17f

Comments