MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737
SHA3-384 hash:	e3003b97475cd2105ff3c8b8a6a76ab8f46ca0c0c179a890e6f17d513dac416a444c254ff3ccc96851f1606b6b8b3263
SHA1 hash:	fd67d39c3966590c807dca8079f44854cb789521
MD5 hash:	2b51083331493eb7486930ef2f0d975d
humanhash:	hotel-nevada-mirror-nuts
File name:	tp
Download:	download sample
File size:	461 bytes
First seen:	2025-05-20 15:49:27 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:mtA83OtA86M8B4VtA8z6NYqXtAKNIh54ToGjtA3KLKhtXtoe5T:mK83OK88B8K8z6yqKKNIf4T/KgKhtXS2
TLSH	T1E7F08CF9627B42EB85855E1AF1568C04A0BAD7EE60B7CFED7C6FB11E21685207412E00
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://213.209.143.44/arm5	829188885aebea92bb695e713ffb1b1dd889bb7f59d4774cfd61f0b3be2eb98f	Mirai	elf mirai
http://213.209.143.44/arm6	32ee9608c05bd0b9e569a4be873e4c82bcb1ad7c63e408c2c43cd3e9859bf4f4	Mirai	elf mirai
http://213.209.143.44/arm7	d272c1dc14542558532ea0b5f242882a062f2f0fe15f1ad51390507972f6f462	Mirai	elf mirai
http://213.209.143.44/x86	5b28f780409f28c7947f3984accd20a33bcf043af7a4918082ffa10fbb05b1dd	Mirai	elf mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=682cbda7c28c67d6664265a3linux22vpnfull_triage

Tags:

backdoor agent overt

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Mirai

Link:

https://www.hybrid-analysis.com/sample/3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737/

Threat name:

Linux.Downloader.SAgnt

Status:

Malicious

First seen:

2025-05-20 16:48:56 UTC

File Type:

Text (Shell)

AV detection:

11 of 37 (29.73%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gye42clwnmyitmwspcjhemw4rrt5m32asaog74kl3eqsewx3u43q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250520-v6jh2s1qs2/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 3609cd09766b3089b2d278927232dc8c67d66f40901c6ff14bd921225afba737

(this sample)

Mirai

elf fb574f83574d6aa9e39583b4ace7d4bc14bbfbbf7c6c19c8c6a941ec7ed84249

URLhaus

https://urlhaus.abuse.ch/url/3548237/

Delivery method

Distributed via web download

Dropping

MD5 a4f8fc707b89242a7170cb1918387b1b

Dropping

SHA256 fb574f83574d6aa9e39583b4ace7d4bc14bbfbbf7c6c19c8c6a941ec7ed84249

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample