MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13
SHA3-384 hash: 5e717a8dfcd553c5514c605a9480af3be1213fef8e5a9277b11d7f658af203cb51b384c29e9b3fb34cdde9780afdb060
SHA1 hash: 3592a449875e7ffc67a1c9cd0d1259f42139529e
MD5 hash: b9c798f62b515eb796b0c5957a1be4ee
humanhash: freddie-ceiling-ack-missouri
File name:ipc.sh
Download: download sample
File size:402 bytes
First seen:2025-12-21 15:13:28 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:zFVmVMFdVlpyLMFdVUeUaYElMFdVQNIl5DFzCMFdV4a0LKijcjLX6:PdrdmeUa+dGNIl5D7dL0LK3vK
TLSH T1C8E065CFB0310AAB050D8E1DF662D88CB052D7D903979BA86EDBC02E48A6A047329D74
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.64/spl/armn/an/aelf ua-wget
http://130.12.180.64/spl/arm5n/an/aelf ua-wget
http://130.12.180.64/spl/arm6n/an/aelf ua-wget
http://130.12.180.64/spl/arm7n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/69480eda84afa5547b5b6cf3/reports/f4c7e15c-b196-4f1a-b51e-f61fe63a24bf/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T12:37:00Z UTC
Last seen:
2025-12-21T15:30:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1663c39d-2a5d-4151-85da-6ca2eb195687
Behavior Graph:
Download SVG
%3 guuid=a3694ff1-1700-0000-7887-b26b5a040000 pid=1114 /usr/bin/sudo guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120 /tmp/sample.bin guuid=a3694ff1-1700-0000-7887-b26b5a040000 pid=1114->guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120 execve guuid=507d51f3-1700-0000-7887-b26b61040000 pid=1121 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=507d51f3-1700-0000-7887-b26b61040000 pid=1121 execve guuid=b9c18ef3-1700-0000-7887-b26b63040000 pid=1123 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=b9c18ef3-1700-0000-7887-b26b63040000 pid=1123 execve guuid=7caac7f3-1700-0000-7887-b26b64040000 pid=1124 /usr/bin/wget net send-data guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=7caac7f3-1700-0000-7887-b26b64040000 pid=1124 execve guuid=3346a0f6-1700-0000-7887-b26b6e040000 pid=1134 /usr/bin/chmod guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=3346a0f6-1700-0000-7887-b26b6e040000 pid=1134 execve guuid=c7eee5f6-1700-0000-7887-b26b70040000 pid=1136 /usr/bin/dash guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=c7eee5f6-1700-0000-7887-b26b70040000 pid=1136 clone guuid=33afeff6-1700-0000-7887-b26b71040000 pid=1137 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=33afeff6-1700-0000-7887-b26b71040000 pid=1137 execve guuid=f7052af7-1700-0000-7887-b26b72040000 pid=1138 /usr/bin/wget net send-data guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=f7052af7-1700-0000-7887-b26b72040000 pid=1138 execve guuid=53c956f9-1700-0000-7887-b26b79040000 pid=1145 /usr/bin/chmod guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=53c956f9-1700-0000-7887-b26b79040000 pid=1145 execve guuid=cd3496f9-1700-0000-7887-b26b7b040000 pid=1147 /usr/bin/dash guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=cd3496f9-1700-0000-7887-b26b7b040000 pid=1147 clone guuid=ce92a9f9-1700-0000-7887-b26b7c040000 pid=1148 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=ce92a9f9-1700-0000-7887-b26b7c040000 pid=1148 execve guuid=ddd6e1f9-1700-0000-7887-b26b7e040000 pid=1150 /usr/bin/wget net send-data guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=ddd6e1f9-1700-0000-7887-b26b7e040000 pid=1150 execve guuid=1d070ffc-1700-0000-7887-b26b85040000 pid=1157 /usr/bin/chmod guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=1d070ffc-1700-0000-7887-b26b85040000 pid=1157 execve guuid=f8f55afc-1700-0000-7887-b26b86040000 pid=1158 /usr/bin/dash guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=f8f55afc-1700-0000-7887-b26b86040000 pid=1158 clone guuid=57a468fc-1700-0000-7887-b26b87040000 pid=1159 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=57a468fc-1700-0000-7887-b26b87040000 pid=1159 execve guuid=bd46adfc-1700-0000-7887-b26b88040000 pid=1160 /usr/bin/wget net send-data guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=bd46adfc-1700-0000-7887-b26b88040000 pid=1160 execve guuid=39d9eafe-1700-0000-7887-b26b8d040000 pid=1165 /usr/bin/chmod guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=39d9eafe-1700-0000-7887-b26b8d040000 pid=1165 execve guuid=654a33ff-1700-0000-7887-b26b8f040000 pid=1167 /usr/bin/dash guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=654a33ff-1700-0000-7887-b26b8f040000 pid=1167 clone guuid=b8b43eff-1700-0000-7887-b26b90040000 pid=1168 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=b8b43eff-1700-0000-7887-b26b90040000 pid=1168 execve guuid=4ba27fff-1700-0000-7887-b26b91040000 pid=1169 /usr/bin/rm guuid=1f6520f3-1700-0000-7887-b26b60040000 pid=1120->guuid=4ba27fff-1700-0000-7887-b26b91040000 pid=1169 execve f22fee75-ab34-540d-95fe-696883c6f4ad 130.12.180.64:80 guuid=7caac7f3-1700-0000-7887-b26b64040000 pid=1124->f22fee75-ab34-540d-95fe-696883c6f4ad send: 135B guuid=f7052af7-1700-0000-7887-b26b72040000 pid=1138->f22fee75-ab34-540d-95fe-696883c6f4ad send: 136B guuid=ddd6e1f9-1700-0000-7887-b26b7e040000 pid=1150->f22fee75-ab34-540d-95fe-696883c6f4ad send: 136B guuid=bd46adfc-1700-0000-7887-b26b88040000 pid=1160->f22fee75-ab34-540d-95fe-696883c6f4ad send: 136B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:14:24 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ja2utjltmmqo563xsalqyycpbtvcdxkre4gjz4d5p6v7glvxlyjq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmelbasjcs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 483549a5736320eefb7790170c604f0cea21dd51270c9cf07d7fabf32eb75e13

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3739287/
  
Delivery method
Distributed via web download

Comments