MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b
SHA3-384 hash:	ff4e43ebfb0d660dd0bc398b13133a38d6371adece3ed61d18db8a103accb84402ae0869f263b230c3a85b29917326c5
SHA1 hash:	4f049ab31f01d1b0f7cae19abf54fae0f5c2d77c
MD5 hash:	85f41161a9f7fa6ac52cf0e32d682879
humanhash:	oranges-juliet-item-jig
File name:	massload
Download:	download sample
File size:	1'886 bytes
First seen:	2025-04-20 12:48:20 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:80BfpIbLmWIwfGxTTtHWvwpGxZz74s1t8HGx5D3Zsxuo3xj:80VyLmWIwSWvwoE4pJ2R
TLSH	T13741629866B2DE2AFD03AF40B1518301E887EEF12287CA66D5DD14F3C09CC287447E6B
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://95.215.108.183/skid.mips	n/a	n/a	ddos elf mirai
http://95.215.108.183/skid.mipsel	n/a	n/a	ddos elf mirai
http://95.215.108.183/skid.armv5l	9878b4183be068b638e04656a02c5679f02a5a982e472cc1c497cc654345f3b6	Mirai	ddos elf mirai
http://95.215.108.183/skid.armv7l	n/a	n/a	ddos elf mirai
http://95.215.108.183/ppc	n/a	n/a	elf ua-wget
http://95.215.108.183/sh4	n/a	n/a	elf ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6804ed45280f5f89a0d25f83linux22vpnfull_triage

Tags:

downloader mirai agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6804ed44e9c1e257979dbf66/reports/68a25ab6-879e-47b5-abcc-bf335bc459b0/overview

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-04-20 12:49:10 UTC

File Type:

Text (Shell)

AV detection:

10 of 24 (41.67%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=j7z45ritef3fklb2dr5p75ps4qbklrnkq7tbnvyjnyl4twuuuy5q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250420-p2c8ksvzcw/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4ff3cec5132176552c3a1c7afff5f2e402a5c5aa87e616d7096e17c9da94a63b

(this sample)

elf a6bef16e1015b9bac15bbbb795ef87e0f5cde37e13914c1766981871fda2c115

URLhaus

https://urlhaus.abuse.ch/url/3514725/

Delivery method

Distributed via web download

Dropping

MD5 b65339bd3830c7d1fe37faf34f6edc4a

Dropping

SHA256 a6bef16e1015b9bac15bbbb795ef87e0f5cde37e13914c1766981871fda2c115

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample