MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378
SHA3-384 hash: e10c0c0d948b49f2cc97ce2609818ba0f966c827366f0e553da9e8c7cee1a25ec4f32746d498b235fdfbd7f189b750ce
SHA1 hash: 66664c6d7553e302fc0bb89974475d429533bd7e
MD5 hash: e5cd8f90bf54e855b5e5e5d1445d711e
humanhash: artist-quiet-king-avocado
File name:wget.sh
Download: download sample
File size:392 bytes
First seen:2026-02-18 19:06:06 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hMfchX9+kEDdqaIuOA9yDB2/vXUgoDu/fMhU+Q7ZYLdyr:ua/MIuz9yd2nXeDuHMUn
TLSH T103E0D8C9059B44E141881D6B72BBD40C99C6878ECE019EB8BCBE7067A758B08A1C6180
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2243.29234.12746.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69960db497feb4afd64ac693/reports/01385bf0-a9e7-4a53-bce4-a52f005aec1d/overview
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/46e45952-06fc-45e3-9512-e1448b4efdbd
Behavior Graph:
Download SVG
%3 guuid=5ea69b22-1a00-0000-48a4-b3b695090000 pid=2453 /usr/bin/sudo guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460 /tmp/sample.bin guuid=5ea69b22-1a00-0000-48a4-b3b695090000 pid=2453->guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460 execve guuid=e8880926-1a00-0000-48a4-b3b69e090000 pid=2462 /usr/bin/rm guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460->guuid=e8880926-1a00-0000-48a4-b3b69e090000 pid=2462 execve guuid=b0b97326-1a00-0000-48a4-b3b6a1090000 pid=2465 /usr/bin/wget net send-data write-file guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460->guuid=b0b97326-1a00-0000-48a4-b3b6a1090000 pid=2465 execve guuid=8440953e-1b00-0000-48a4-b3b6ea0b0000 pid=3050 /usr/bin/chmod guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460->guuid=8440953e-1b00-0000-48a4-b3b6ea0b0000 pid=3050 execve guuid=7763183f-1b00-0000-48a4-b3b6ec0b0000 pid=3052 /usr/bin/dash guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460->guuid=7763183f-1b00-0000-48a4-b3b6ec0b0000 pid=3052 clone guuid=d6552a40-1b00-0000-48a4-b3b6f20b0000 pid=3058 /usr/bin/wget net send-data write-file guuid=46738225-1a00-0000-48a4-b3b69c090000 pid=2460->guuid=d6552a40-1b00-0000-48a4-b3b6f20b0000 pid=3058 execve 90d03414-d2d8-5070-b639-14da4b2ee60c 103.251.236.118:80 guuid=b0b97326-1a00-0000-48a4-b3b6a1090000 pid=2465->90d03414-d2d8-5070-b639-14da4b2ee60c send: 145B guuid=d6552a40-1b00-0000-48a4-b3b6f20b0000 pid=3058->90d03414-d2d8-5070-b639-14da4b2ee60c send: 145B
Score:
47%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378
Threat name:
Linux.Trojan.Dakkatoni
Create hunting rule
Status:
Malicious
First seen:
2026-02-18 19:10:54 UTC
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kjzypcqc7q66kv3pe7okfhvq7csbkbtkuna4zam2sf335wz5kn4a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260218-xsa1vsft6e/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf

sh 5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3780698/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3780701/
  
Dropped by
SHA256 8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf
  
Dropped by
MD5 8e58d9bb5a794a825d9a25d59ee279e1
  
URLhaus
https://urlhaus.abuse.ch/url/3780705/
  
URLhaus
https://urlhaus.abuse.ch/url/3780696/
  
URLhaus
https://urlhaus.abuse.ch/url/3780697/
  
URLhaus
https://urlhaus.abuse.ch/url/3780702/
  
URLhaus
https://urlhaus.abuse.ch/url/3780706/
  
URLhaus
https://urlhaus.abuse.ch/url/3780719/

Comments