MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2
SHA3-384 hash: 8b0b84c5191135c4a5277e16610440c92935373e5226b813c631d240aeff894de8cb4cb67bd73352d5e56bb3e0376d47
SHA1 hash: 56ecb388dc5512709bfacb4d79a210ab09c85ede
MD5 hash: 4b665e506432273332b2d3cb029c997e
humanhash: india-india-fourteen-five
File name:col.sh
Download: download sample
File size:5'158 bytes
First seen:2026-04-13 18:00:42 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:IKhEcfEnsTE1OCxACxm5FbTvXRtnfB9/HrZ:dz
TLSH T15EB1B4C812A354747DF68E6372698A28B9C9B182DDC58F80D4EDF4F5588CF08BD416B3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.107.133/bins/px867a71a50005dfa90d36e25147c9ee7718e9f650f1af14bc08a1a71e59df3b61b2 Miraielf mirai ua-wget
http://196.251.107.133/bins/pmips93fd5d044909555935ed9a14e895f470efa5ac1553365937d0486e063f0839cc Miraielf mirai ua-wget
http://196.251.107.133/bins/pmpsl5f320c2c06b5cf0d494f311cdf118e294868d0181560104c02d6f05eef1e9e3b Miraielf mirai ua-wget
http://196.251.107.133/bins/parm064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f Miraielf mirai ua-wget
http://196.251.107.133/bins/parm516aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3 Miraielf mirai ua-wget
http://196.251.107.133/bins/parm6bc0cb910005577e7c03e54c3330eb941224c795b4cbd9b1ae7efa9fc1c721893 Miraielf mirai ua-wget
http://196.251.107.133/bins/parm78ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec Miraielf mirai ua-wget
http://196.251.107.133/bins/pm68kaa640ee976ff58f087abcd029c2ca2db1c6a4c56220a093b54f1362460fad53f Miraielf mirai ua-wget
http://196.251.107.133/bins/psh4303bf1629f8a98593d5b774c3e42e86ae2c68aa981066c4995fbb2870c004dd0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox mirai
Link:
https://www.filescan.io/uploads/69dd2f625ea31bc68a26f5cc/reports/81bd07ec-17f3-43e6-9357-a6040737c528/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-13T12:31:00Z UTC
Last seen:
2026-04-13T23:54:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-04-13 18:01:13 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j3n3m26vqx6ynnggylxh4zq3hzc3aijmlspmdnrupxuwl4xsgcza._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260413-wlwtbagx3x/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4edbb66bd585fd86b4c6c2ee7e661b3e45b0212c5c9ec1b6347de965f2f230b2

(this sample)

Mirai

elf a6373452bf6d8007e0356b5740a07b6f68a0723d6a88e137aadd0cfb87f088be

Mirai

elf 40ecc5dfd9303a36754443afa232239e63f8101acec453029077ac703a8a3942

  
URLhaus
https://urlhaus.abuse.ch/url/3817109/
  
Delivery method
Distributed via web download
  
Dropping
MD5 71dbdaed262fff6f61cd265c9e91dc43
  
Dropping
SHA256 40ecc5dfd9303a36754443afa232239e63f8101acec453029077ac703a8a3942

Comments