MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea
SHA3-384 hash: 46deb1c323b248868652c106dae5c0c2113a9d3febec0094670c7ab3a12fbc30fba1158d732b998a35d01eb19143f521
SHA1 hash: c43c4c0d7b3bdd74ad48882190b377233306c050
MD5 hash: 2cf231b4168c74dbba438758c70e509e
humanhash: vegan-tennis-virginia-steak
File name:g
Download: download sample
File size:1'025 bytes
First seen:2025-05-01 05:52:15 UTC
Last seen:2025-05-02 03:45:32 UTC
File type: sh
MIME type:text/plain
ssdeep 24:yRk5zOt+MB08xJxDksSxnkxnmksSx3xJksSxSx0ksi6jn:4k5CEA0gzDksOomksOhJksOO0kszj
TLSH T13B11DACF40A8CE7278408EDD75935915A4C6C9D90BCF8FC6E44E01B6A1CCA4DB261E7D
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.26.90.217/vv/armv4la82594f321a14d22c63b44b8b3f4e5dcb725aeda14db201cfe59d6b37cb8093f Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv5ld64ce359bc97c9643e66057dbd0ea9ed69d5272487e873119dc7a01134f852bc Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv6l176858d674f19ed1c385ebfd952caea9f6a76f4b44828d6b8f21985476a35df0 Miraielf gafgyt mirai ua-wget
http://94.26.90.217/vv/armv7lae5dbccdfcd0e48e2065b462be5879d1c103e3dc9c553ce8eb319c6385580d78 Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68131268c8b2e86d0ac5aa29linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive obfuscated
Link:
https://www.filescan.io/uploads/68130c43218c4a98adea9164/reports/8c68a0d1-9624-4d85-b8d7-07e4ab954ab1/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-05-01 05:56:07 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c3unuyjgokzes4wk2vcjbcgrhqffe733pjohj7usfq6hywi2qpva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250501-gm2nmatkt8/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 16e8da612672b24972cad5449088d13c0a527f7b7a5c74fe922c3c7c591a83ea

(this sample)

Mirai

elf 35c14500814ac5bc2c71312bb1323f3be34afa878c7f06cefb0bf26f983564db

  
URLhaus
https://urlhaus.abuse.ch/url/3531248/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9aff45bce598a65ad3f904f1bda32707
  
Dropping
SHA256 35c14500814ac5bc2c71312bb1323f3be34afa878c7f06cefb0bf26f983564db

Comments