MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c
SHA3-384 hash:	8ee3db3ac73f616c189ba69eae3ee5c0250fe827a756178caa7a3c631b594a9b57d7e42be918085ea550688f231d9969
SHA1 hash:	3085874d91817819cb979f85ea44e745a41673a6
MD5 hash:	2f3269bde9d6fbdccdfbf3700524a875
humanhash:	north-quiet-batman-whiskey
File name:	dl18
Download:	download sample
File size:	3'741 bytes
First seen:	2025-05-02 19:02:14 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	96:CzEW9yiuqbB6RXsgZnLwkU9II58gfgBhsXFEs1/:wstOZ
TLSH	T1A271B7C803D146216202760F77F63BD49D6482F2AE774FA5F860C969B4785ACF266B1C
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://31.170.22.205/bins/whisper.armv5	55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.armv6	2b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.armv7	e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64	38b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be	5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d	6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs38	1a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.mips	3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a	DDoSAgent	DDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64	b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c	DDoSAgent	DDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le	527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c	DDoSAgent	DDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32	c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n32	90676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.mipsle	e479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2	DDoSAgent	DDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv32	45ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.riscv64	84dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.m68k	c304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.sh4	n/a	n/a	elf
http://31.170.22.205/bins/whisper.i686	2ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.x64	11742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219	DDoSAgent	DDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp	197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e5500	1033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500	a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower8	4d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8	e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c3	95d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc	189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.sparc	25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.sparc64	0e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9	DDoSAgent	DDoSAgent elf
http://31.170.22.205/bins/whisper.armv4	n/a	n/a	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6815c16cd5cdbfe0eb68ba77linux22vpnfull_triage

Tags:

downloader mirai virus hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/681516ebc7418694c8a4a09e/reports/a4e54f4f-fcc2-4e64-83c9-9ebb48fee6d1/overview

Verdict:

Malicious

Labled as:

Bash.MiraiA.Generic

Link:

https://www.hybrid-analysis.com/sample/598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c/

Threat name:

Script-Shell.Trojan.Geninst

Status:

Malicious

First seen:

2025-05-03 00:36:11 UTC

File Type:

Text (Shell)

AV detection:

14 of 37 (37.84%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lggstnlyajppe5fok6m7dzwxmmuou3nkxysc7iwoymhxu4hfmj6a._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 598d29b578025ef274ae5799f1e6d76328ea6daabe242fa2cec30f7a70e5627c

(this sample)

DDoSAgent

elf 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

URLhaus

https://urlhaus.abuse.ch/url/3490235/

Delivery method

Distributed via web download

Dropping

MD5 2f4c13a8e22bcca551ce49a5b20245af

Dropping

SHA256 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample