MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560
SHA3-384 hash: a48c671ebfc313de435ceaa3a91add38f99b2d970628c02846f94b51ff581243fb2ef5d642f5af5f7dcec519e8513cf3
SHA1 hash: 0497df2a7409aacd4c99a7b3002f90a9b3a0417b
MD5 hash: 1ef0f2c018b4317ddef137f8b38aec79
humanhash: oranges-nitrogen-salami-georgia
File name:curl.sh
Download: download sample
File size:509 bytes
First seen:2025-05-02 14:32:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:p3MsM43Mr3A8z7Ai3AKNIh5akJL3A3KLKni3oe2:jJ8z7AVKNIfakKgKJl
TLSH T192F0E9F6612A0363C101BE16F37B82D4B07757E71152CD75B07A702EE52C478B5A2A10
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/mips2d8559c3a323ebfd0536bf99910632c2b4ce22e557553ad2dd88d63dda06fcc2 Miraielf mirai
http://213.209.143.44/mipsela28ef23eab368ee0cf4c519dc023f8ea21f2ab99e3cb4c2b7961ddefe8d4ba1a Miraielf mirai
http://213.209.143.44/arm5829188885aebea92bb695e713ffb1b1dd889bb7f59d4774cfd61f0b3be2eb98f Miraielf mirai
http://213.209.143.44/arm632ee9608c05bd0b9e569a4be873e4c82bcb1ad7c63e408c2c43cd3e9859bf4f4 Miraielf mirai
http://213.209.143.44/arm7d272c1dc14542558532ea0b5f242882a062f2f0fe15f1ad51390507972f6f462 Miraielf mirai
http://213.209.143.44/x865b28f780409f28c7947f3984accd20a33bcf043af7a4918082ffa10fbb05b1dd Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6814db004355f44aee686b8clinux22vpnfull_triage
Tags:
mirai virus hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6814d7700b64e174c414d8e9/reports/dcf6bded-c316-46bd-a737-81435a19a627/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560/
Threat name:
Script.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-05-02 14:15:23 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fti4mgdllssbmulx6lu2rayzsjwortlejrltrmlwblwmpvywuvqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250502-rwc2qscq9y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 2cd1c6186b5ca4165177f2e9a88319926ce8cd644c5738b1760aecc7d716a560

(this sample)

elf efd2a9e9a88c25c629a9c6cb57b70bd98b9a9fc1c0c791dd870fb6f72dd944d0

  
URLhaus
https://urlhaus.abuse.ch/url/3532739/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b1323bb445568eab23074f612e82e605
  
Dropping
SHA256 efd2a9e9a88c25c629a9c6cb57b70bd98b9a9fc1c0c791dd870fb6f72dd944d0

Comments