MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24a204f0443399de0d7656d47765d269891031d5f30ec909266290fa3410d162. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24a204f0443399de0d7656d47765d269891031d5f30ec909266290fa3410d162
SHA3-384 hash: ca5690ccb15c85e8156e04cdd5d868357275b97dcc291705c38655a3d3ea2486964421f2532ec04cbed4fd2cb6c0da69
SHA1 hash: a5b3e0486ebccc1083797d4ef11b2d513c3ebc37
MD5 hash: 41204aa5964a8fad2426987e85106674
humanhash: fanta-friend-equal-river
File name:wget.sh
Download: download sample
File size:780 bytes
First seen:2025-11-22 11:59:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3VjKw3Vdo9oPVnkFUA1VUkQUW1HTCU61CQpzdsPQtEOXIWu:gj2kz4kQRTCfqQrXru
TLSH T13601A5CE6B577BB10869ED297A628C5D4050538C1E3E17E87C8C09BC4891E927168E1D
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/6921a5e2eecb08e4aa44ad78/reports/d74e6722-8aa6-485b-9913-ca38b0306a90/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/103e478b-a2da-4de0-be7e-f395949d83e5
Behavior Graph:
Download SVG
%3 guuid=ed6d7a6b-1900-0000-15c5-ddf9510e0000 pid=3665 /usr/bin/sudo guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671 /tmp/sample.bin guuid=ed6d7a6b-1900-0000-15c5-ddf9510e0000 pid=3665->guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671 execve guuid=f3f6596d-1900-0000-15c5-ddf9580e0000 pid=3672 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=f3f6596d-1900-0000-15c5-ddf9580e0000 pid=3672 execve guuid=48d23671-1900-0000-15c5-ddf9590e0000 pid=3673 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=48d23671-1900-0000-15c5-ddf9590e0000 pid=3673 execve guuid=22168571-1900-0000-15c5-ddf95a0e0000 pid=3674 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=22168571-1900-0000-15c5-ddf95a0e0000 pid=3674 clone guuid=01c40573-1900-0000-15c5-ddf95f0e0000 pid=3679 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=01c40573-1900-0000-15c5-ddf95f0e0000 pid=3679 execve guuid=c39f4673-1900-0000-15c5-ddf9630e0000 pid=3683 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=c39f4673-1900-0000-15c5-ddf9630e0000 pid=3683 execve guuid=8fbef976-1900-0000-15c5-ddf96e0e0000 pid=3694 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=8fbef976-1900-0000-15c5-ddf96e0e0000 pid=3694 execve guuid=035a3777-1900-0000-15c5-ddf9700e0000 pid=3696 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=035a3777-1900-0000-15c5-ddf9700e0000 pid=3696 clone guuid=8fe90f78-1900-0000-15c5-ddf9740e0000 pid=3700 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=8fe90f78-1900-0000-15c5-ddf9740e0000 pid=3700 execve guuid=b2fe7478-1900-0000-15c5-ddf9760e0000 pid=3702 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=b2fe7478-1900-0000-15c5-ddf9760e0000 pid=3702 execve guuid=17cc3f7c-1900-0000-15c5-ddf98b0e0000 pid=3723 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=17cc3f7c-1900-0000-15c5-ddf98b0e0000 pid=3723 execve guuid=7baa767c-1900-0000-15c5-ddf98f0e0000 pid=3727 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=7baa767c-1900-0000-15c5-ddf98f0e0000 pid=3727 clone guuid=303af07c-1900-0000-15c5-ddf9920e0000 pid=3730 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=303af07c-1900-0000-15c5-ddf9920e0000 pid=3730 execve guuid=3dca2c7d-1900-0000-15c5-ddf9940e0000 pid=3732 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=3dca2c7d-1900-0000-15c5-ddf9940e0000 pid=3732 execve guuid=cacd0d85-1900-0000-15c5-ddf9b60e0000 pid=3766 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=cacd0d85-1900-0000-15c5-ddf9b60e0000 pid=3766 execve guuid=3c275485-1900-0000-15c5-ddf9b80e0000 pid=3768 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=3c275485-1900-0000-15c5-ddf9b80e0000 pid=3768 clone guuid=e0466986-1900-0000-15c5-ddf9bd0e0000 pid=3773 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=e0466986-1900-0000-15c5-ddf9bd0e0000 pid=3773 execve guuid=7f36af86-1900-0000-15c5-ddf9bf0e0000 pid=3775 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=7f36af86-1900-0000-15c5-ddf9bf0e0000 pid=3775 execve guuid=48af8f8b-1900-0000-15c5-ddf9d30e0000 pid=3795 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=48af8f8b-1900-0000-15c5-ddf9d30e0000 pid=3795 execve guuid=cfdfcf8b-1900-0000-15c5-ddf9d60e0000 pid=3798 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=cfdfcf8b-1900-0000-15c5-ddf9d60e0000 pid=3798 clone guuid=56bbe98c-1900-0000-15c5-ddf9de0e0000 pid=3806 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=56bbe98c-1900-0000-15c5-ddf9de0e0000 pid=3806 execve guuid=e7e6378d-1900-0000-15c5-ddf9e10e0000 pid=3809 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=e7e6378d-1900-0000-15c5-ddf9e10e0000 pid=3809 execve guuid=d0ebdb91-1900-0000-15c5-ddf9f70e0000 pid=3831 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=d0ebdb91-1900-0000-15c5-ddf9f70e0000 pid=3831 execve guuid=76c42a92-1900-0000-15c5-ddf9fa0e0000 pid=3834 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=76c42a92-1900-0000-15c5-ddf9fa0e0000 pid=3834 clone guuid=033f5893-1900-0000-15c5-ddf9fe0e0000 pid=3838 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=033f5893-1900-0000-15c5-ddf9fe0e0000 pid=3838 execve guuid=ef5de993-1900-0000-15c5-ddf9040f0000 pid=3844 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=ef5de993-1900-0000-15c5-ddf9040f0000 pid=3844 execve guuid=80ee2d98-1900-0000-15c5-ddf90a0f0000 pid=3850 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=80ee2d98-1900-0000-15c5-ddf90a0f0000 pid=3850 execve guuid=60d69198-1900-0000-15c5-ddf90c0f0000 pid=3852 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=60d69198-1900-0000-15c5-ddf90c0f0000 pid=3852 clone guuid=ab05a099-1900-0000-15c5-ddf9120f0000 pid=3858 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=ab05a099-1900-0000-15c5-ddf9120f0000 pid=3858 execve guuid=e920ff99-1900-0000-15c5-ddf9140f0000 pid=3860 /usr/bin/busybox net send-data write-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=e920ff99-1900-0000-15c5-ddf9140f0000 pid=3860 execve guuid=0b17d29d-1900-0000-15c5-ddf9210f0000 pid=3873 /usr/bin/chmod guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=0b17d29d-1900-0000-15c5-ddf9210f0000 pid=3873 execve guuid=2890489e-1900-0000-15c5-ddf9220f0000 pid=3874 /usr/bin/dash guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=2890489e-1900-0000-15c5-ddf9220f0000 pid=3874 clone guuid=498e109f-1900-0000-15c5-ddf9280f0000 pid=3880 /usr/bin/rm delete-file guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=498e109f-1900-0000-15c5-ddf9280f0000 pid=3880 execve guuid=94d6509f-1900-0000-15c5-ddf92a0f0000 pid=3882 /usr/bin/rm guuid=057a236d-1900-0000-15c5-ddf9570e0000 pid=3671->guuid=94d6509f-1900-0000-15c5-ddf92a0f0000 pid=3882 execve 9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 31.172.87.151:80 guuid=f3f6596d-1900-0000-15c5-ddf9580e0000 pid=3672->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 79B guuid=c39f4673-1900-0000-15c5-ddf9630e0000 pid=3683->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 79B guuid=b2fe7478-1900-0000-15c5-ddf9760e0000 pid=3702->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 80B guuid=3dca2c7d-1900-0000-15c5-ddf9940e0000 pid=3732->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 80B guuid=7f36af86-1900-0000-15c5-ddf9bf0e0000 pid=3775->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 80B guuid=e7e6378d-1900-0000-15c5-ddf9e10e0000 pid=3809->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 80B guuid=ef5de993-1900-0000-15c5-ddf9040f0000 pid=3844->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 79B guuid=e920ff99-1900-0000-15c5-ddf9140f0000 pid=3860->9bdadf25-dd2b-53d3-9ce0-c8283c364bf0 send: 79B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/24a204f0443399de0d7656d47765d269891031d5f30ec909266290fa3410d162
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24a204f0443399de0d7656d47765d269891031d5f30ec909266290fa3410d162/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-22 11:53:59 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=esraj4cegom54dlwk3khozosngeramov6mhmscjgmkipunaq2fra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251122-n6l6lswngw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 24a204f0443399de0d7656d47765d269891031d5f30ec909266290fa3410d162

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3713953/
  
Delivery method
Distributed via web download

Comments