MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f
SHA3-384 hash: a8eb759724b2502c66ef44184eeb19fa6e7ee545ba1d39cd1c4c6dddc7a856c0e4016e0915facd88a66b90bd87fe7d19
SHA1 hash: 1b8441b3450e6bc1f947e62d35e865084987f413
MD5 hash: a0a6e601c989e1afc082f70fb4a77629
humanhash: maine-charlie-sixteen-indigo
File name:and
Download: download sample
File size:3'543 bytes
First seen:2025-04-01 13:46:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:xwEsWXTfp1AgzpxgIrVdhs41asKcKE1O7DwOF77vBH8:L31Ag71V044sSO
TLSH T1DA711ACB2363B92D0A8FC48076D5860A75117ED3F08A2758D55812736947EADF4E4FDC
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.77.241.152/an/an/ash
http://103.77.241.152/most-armca2d87db6526d58c00a5b4d5d6cfd569f5d2f7c1cc1a2c76d5990577b9a7b9fb Miraielf mirai
http://103.77.241.152/most-arm5457ac3463c32393c1ca5b86684c1aaa30f883746ca5e42cd5b41d5b0d85fb94e Miraielf mirai
http://103.77.241.152/most-arm60c499a0a944b9d28b259e55f4c5c3e5d6eaaeb6105f9b2c7f94b6c44fb93b319 Miraielf mirai
http://103.77.241.152/most-arm73698882933571d7fd599291ad8778f5ecfd8015c0cecccbbb2484af69ed5e5f4 Miraielf mirai
http://103.77.241.152/most-m68k38027e621a2b5608d47465a785658004d1274354e82a25e735e6bf34d0cabd09 Miraielf mirai
http://103.77.241.152/most-mips448d05b73582cdf2e1cd8ca002a9f117b8aa8dee7a839a7643abe77a802f85ad Miraielf mirai
http://103.77.241.152/most-mpsle046eae1f9862254c2126c741696f6f3a7ccb1682382e6a4ec43a0b07cd594f3 Miraielf mirai
http://103.77.241.152/most-ppce046eae1f9862254c2126c741696f6f3a7ccb1682382e6a4ec43a0b07cd594f3 Miraielf
http://103.77.241.152/most-sh445c3040bb3b4d691f36366bce288bc953d13d2174d7ad33e5521d0c6e6695e76 Miraielf mirai
http://103.77.241.152/most-spc45c3040bb3b4d691f36366bce288bc953d13d2174d7ad33e5521d0c6e6695e76 Miraielf
http://103.77.241.152/most-x8629206f3b73af721c3c74bcbe47763b2177643697a375f6dc5f672eca1054d57a Miraielf mirai
http://103.77.241.152/most-x86_6437655e6676ef77fe577eb4ad5ff1562290bec739bef988fc6aeb36f9802a6700 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ec040fcfd0a37f830b8e2elinux22vpnfull_triage
Tags:
mirai ddos
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67ebee636a150b67eec9df61/reports/62f37e13-8106-449c-bb67-7b290df88a88/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f/
Threat name:
Script-Shell.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2025-04-01 15:03:15 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kldh5ascy7qiy2opmfxkkf7m2krxw6qp7tsaq5cfmc5jcny2fbxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250401-se5k4az1hy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f

(this sample)

sh d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876

  
URLhaus
https://urlhaus.abuse.ch/url/3498138/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f01b47db8eb6ef7d4062864b62539ac5
  
Dropping
SHA256 d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876

Comments