MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd
SHA3-384 hash: 052e152558648a57361b591f75ff49733a743e8c74140fb955a4981b1e6b34e2e06e184855a42f48c2f673deda68be15
SHA1 hash: 4cf8f7861e57ff6e4baf6d01825fce5b20bdeda5
MD5 hash: 0ef4945c2e02da09f7aca4b5fed9ad7c
humanhash: yankee-cola-ack-social
File name:loader.sh
Download: download sample
File size:835 bytes
First seen:2026-01-21 12:30:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:13++BXzjU35sRZ9ZsnDr3NoMfE9g/LYz+wy:13LXzQ35aDZqf3No6Yg/LYzq
TLSH T1B3014CAB113304732F6485E6D8578AA0F14273833841481FB4BEE795AF0CB94EB207BA
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6970c7ababc6d3ca6deb9eef/reports/5a096223-1208-4f40-b95d-621e5ee58ebf/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-21T09:41:00Z UTC
Last seen:
2026-01-21T12:58:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a Trojan-Downloader.Shell.Agent.bi
Link:
https://opentip.kaspersky.com/4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7c5c8ac9-d314-4a3f-9d75-8a1941e22e4b
Behavior Graph:
Download SVG
%3 guuid=622288f1-1d00-0000-fb46-aca95f090000 pid=2399 /usr/bin/sudo guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400 /tmp/sample.bin guuid=622288f1-1d00-0000-fb46-aca95f090000 pid=2399->guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400 execve guuid=77d002f5-1d00-0000-fb46-aca961090000 pid=2401 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=77d002f5-1d00-0000-fb46-aca961090000 pid=2401 execve guuid=3d31caf5-1d00-0000-fb46-aca962090000 pid=2402 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=3d31caf5-1d00-0000-fb46-aca962090000 pid=2402 execve guuid=fc47246f-1e00-0000-fb46-aca9590a0000 pid=2649 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=fc47246f-1e00-0000-fb46-aca9590a0000 pid=2649 execve guuid=8b93686f-1e00-0000-fb46-aca95b0a0000 pid=2651 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=8b93686f-1e00-0000-fb46-aca95b0a0000 pid=2651 execve guuid=20c772aa-1e00-0000-fb46-aca9ee0a0000 pid=2798 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=20c772aa-1e00-0000-fb46-aca9ee0a0000 pid=2798 execve guuid=1dbaceaa-1e00-0000-fb46-aca9ef0a0000 pid=2799 /usr/bin/dash guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=1dbaceaa-1e00-0000-fb46-aca9ef0a0000 pid=2799 clone guuid=e330d5aa-1e00-0000-fb46-aca9f00a0000 pid=2800 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=e330d5aa-1e00-0000-fb46-aca9f00a0000 pid=2800 execve guuid=95df25ab-1e00-0000-fb46-aca9f20a0000 pid=2802 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=95df25ab-1e00-0000-fb46-aca9f20a0000 pid=2802 execve guuid=37dde9ea-1e00-0000-fb46-aca97c0b0000 pid=2940 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=37dde9ea-1e00-0000-fb46-aca97c0b0000 pid=2940 execve guuid=835890eb-1e00-0000-fb46-aca97d0b0000 pid=2941 /usr/bin/dash guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=835890eb-1e00-0000-fb46-aca97d0b0000 pid=2941 clone guuid=45cc9deb-1e00-0000-fb46-aca97e0b0000 pid=2942 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=45cc9deb-1e00-0000-fb46-aca97e0b0000 pid=2942 execve guuid=13c856ec-1e00-0000-fb46-aca9800b0000 pid=2944 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=13c856ec-1e00-0000-fb46-aca9800b0000 pid=2944 execve guuid=ff46b41c-1f00-0000-fb46-aca9d80b0000 pid=3032 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=ff46b41c-1f00-0000-fb46-aca9d80b0000 pid=3032 execve guuid=7aadf41c-1f00-0000-fb46-aca9da0b0000 pid=3034 /usr/bin/dash guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=7aadf41c-1f00-0000-fb46-aca9da0b0000 pid=3034 clone guuid=8ca5f81c-1f00-0000-fb46-aca9db0b0000 pid=3035 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=8ca5f81c-1f00-0000-fb46-aca9db0b0000 pid=3035 execve guuid=4828321d-1f00-0000-fb46-aca9dd0b0000 pid=3037 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=4828321d-1f00-0000-fb46-aca9dd0b0000 pid=3037 execve guuid=ba16944d-1f00-0000-fb46-aca9430c0000 pid=3139 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=ba16944d-1f00-0000-fb46-aca9430c0000 pid=3139 execve guuid=9c49de4d-1f00-0000-fb46-aca9450c0000 pid=3141 /usr/bin/dash guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=9c49de4d-1f00-0000-fb46-aca9450c0000 pid=3141 clone guuid=5685e34d-1f00-0000-fb46-aca9460c0000 pid=3142 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=5685e34d-1f00-0000-fb46-aca9460c0000 pid=3142 execve guuid=752c3c4e-1f00-0000-fb46-aca9490c0000 pid=3145 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=752c3c4e-1f00-0000-fb46-aca9490c0000 pid=3145 execve guuid=5428b07b-1f00-0000-fb46-aca9820c0000 pid=3202 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=5428b07b-1f00-0000-fb46-aca9820c0000 pid=3202 execve guuid=7756017c-1f00-0000-fb46-aca9830c0000 pid=3203 /tmp/kk.x86 write-config guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=7756017c-1f00-0000-fb46-aca9830c0000 pid=3203 execve guuid=4307087c-1f00-0000-fb46-aca9840c0000 pid=3204 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=4307087c-1f00-0000-fb46-aca9840c0000 pid=3204 execve guuid=d94a627c-1f00-0000-fb46-aca9880c0000 pid=3208 /usr/bin/wget net send-data write-file guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=d94a627c-1f00-0000-fb46-aca9880c0000 pid=3208 execve guuid=138c41ad-1f00-0000-fb46-aca9a20c0000 pid=3234 /usr/bin/chmod guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=138c41ad-1f00-0000-fb46-aca9a20c0000 pid=3234 execve guuid=e93dccad-1f00-0000-fb46-aca9a40c0000 pid=3236 /tmp/kk.x64 write-config zombie guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=e93dccad-1f00-0000-fb46-aca9a40c0000 pid=3236 execve guuid=6fd8d7ad-1f00-0000-fb46-aca9a60c0000 pid=3238 /usr/bin/rm guuid=0795a7f4-1d00-0000-fb46-aca960090000 pid=2400->guuid=6fd8d7ad-1f00-0000-fb46-aca9a60c0000 pid=3238 execve 4543e37f-cb35-5eae-b8dc-421764b87ede 220.158.234.23:80 guuid=3d31caf5-1d00-0000-fb46-aca962090000 pid=2402->4543e37f-cb35-5eae-b8dc-421764b87ede send: 148B guuid=8b93686f-1e00-0000-fb46-aca95b0a0000 pid=2651->4543e37f-cb35-5eae-b8dc-421764b87ede send: 141B guuid=95df25ab-1e00-0000-fb46-aca9f20a0000 pid=2802->4543e37f-cb35-5eae-b8dc-421764b87ede send: 141B guuid=13c856ec-1e00-0000-fb46-aca9800b0000 pid=2944->4543e37f-cb35-5eae-b8dc-421764b87ede send: 140B guuid=4828321d-1f00-0000-fb46-aca9dd0b0000 pid=3037->4543e37f-cb35-5eae-b8dc-421764b87ede send: 141B guuid=752c3c4e-1f00-0000-fb46-aca9490c0000 pid=3145->4543e37f-cb35-5eae-b8dc-421764b87ede send: 140B guuid=3717157c-1f00-0000-fb46-aca9850c0000 pid=3205 /usr/bin/dash guuid=7756017c-1f00-0000-fb46-aca9830c0000 pid=3203->guuid=3717157c-1f00-0000-fb46-aca9850c0000 pid=3205 execve guuid=356caca4-1f00-0000-fb46-aca9970c0000 pid=3223 /usr/bin/.sshd net send-data zombie guuid=7756017c-1f00-0000-fb46-aca9830c0000 pid=3203->guuid=356caca4-1f00-0000-fb46-aca9970c0000 pid=3223 execve guuid=fe04477c-1f00-0000-fb46-aca9860c0000 pid=3206 /usr/bin/cp guuid=3717157c-1f00-0000-fb46-aca9850c0000 pid=3205->guuid=fe04477c-1f00-0000-fb46-aca9860c0000 pid=3206 execve guuid=e6689e7c-1f00-0000-fb46-aca9890c0000 pid=3209 /usr/bin/chmod guuid=3717157c-1f00-0000-fb46-aca9850c0000 pid=3205->guuid=e6689e7c-1f00-0000-fb46-aca9890c0000 pid=3209 execve guuid=cac9d17c-1f00-0000-fb46-aca98b0c0000 pid=3211 /usr/bin/chattr guuid=3717157c-1f00-0000-fb46-aca9850c0000 pid=3205->guuid=cac9d17c-1f00-0000-fb46-aca98b0c0000 pid=3211 execve guuid=d94a627c-1f00-0000-fb46-aca9880c0000 pid=3208->4543e37f-cb35-5eae-b8dc-421764b87ede send: 140B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=356caca4-1f00-0000-fb46-aca9970c0000 pid=3223->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con c476d878-a463-52dd-90ed-ab9852c36430 15.204.230.147:5480 guuid=356caca4-1f00-0000-fb46-aca9970c0000 pid=3223->c476d878-a463-52dd-90ed-ab9852c36430 send: 270B guuid=29e3fbad-1f00-0000-fb46-aca9a70c0000 pid=3239 /usr/bin/dash guuid=e93dccad-1f00-0000-fb46-aca9a40c0000 pid=3236->guuid=29e3fbad-1f00-0000-fb46-aca9a70c0000 pid=3239 execve guuid=2dccaab0-1f00-0000-fb46-aca9ae0c0000 pid=3246 /usr/bin/.sshd net send-data zombie guuid=e93dccad-1f00-0000-fb46-aca9a40c0000 pid=3236->guuid=2dccaab0-1f00-0000-fb46-aca9ae0c0000 pid=3246 execve guuid=1bd96fae-1f00-0000-fb46-aca9a80c0000 pid=3240 /usr/bin/cp guuid=29e3fbad-1f00-0000-fb46-aca9a70c0000 pid=3239->guuid=1bd96fae-1f00-0000-fb46-aca9a80c0000 pid=3240 execve guuid=ae476baf-1f00-0000-fb46-aca9aa0c0000 pid=3242 /usr/bin/chmod guuid=29e3fbad-1f00-0000-fb46-aca9a70c0000 pid=3239->guuid=ae476baf-1f00-0000-fb46-aca9aa0c0000 pid=3242 execve guuid=ab2af4af-1f00-0000-fb46-aca9ac0c0000 pid=3244 /usr/bin/chattr guuid=29e3fbad-1f00-0000-fb46-aca9a70c0000 pid=3239->guuid=ab2af4af-1f00-0000-fb46-aca9ac0c0000 pid=3244 execve guuid=2dccaab0-1f00-0000-fb46-aca9ae0c0000 pid=3246->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2dccaab0-1f00-0000-fb46-aca9ae0c0000 pid=3246->c476d878-a463-52dd-90ed-ab9852c36430 send: 270B
Score:
51%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-21 11:50:20 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ie46cws6uflzogr7xwjfu6cgi2m3wcsvz7pdow5hyvh55bnz33oq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/260121-pq2rssdv7h/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Modifies rc script
Write file to user bin folder
File and Directory Permissions Modification
Executes dropped EXE
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/4139e15a5ea1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4139e15a5ea157971a3fbd925a78464699bb0a55cfde375ba7c54fde85b9dedd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3761289/
  
Delivery method
Distributed via web download

Comments