MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684
SHA3-384 hash: 51dbe490cf2c069c14c009ad9073b889e3cab9725da309ba7adadef1537de6c466f06f0599f6bc120761cd1bb442c068
SHA1 hash: a9f789c76dbe277b76ae2e9710f3008bedbb3b67
MD5 hash: 0c91d447ac915e414946a3e9f9e895bd
humanhash: white-moon-neptune-thirteen
File name:5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684.sh
Download: download sample
File size:11'972 bytes
First seen:2026-02-22 13:20:31 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuolB6csht+O+v1fsn+h4+tIiKkC1ymysuKNpUj4waYvjKlWXaEXHArCAr8ywiW:cCua6p4hvZ5mN9oKNpivAwRt
TLSH T14732667B21F08B32D7D410C963B61A614E72A70B496614B9F4FE5739AF2DA0370E7B21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.132.125.229/av.shn/an/an/a
http://194.156.102.210/bins/bins.shn/an/an/a
http://2.192.102.162:81/bins/bins.shn/an/an/a
http://156.248.148.165:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai
Link:
https://www.filescan.io/uploads/699b039b10e80629d4ed2ff9/reports/e37eda40-8cdf-4b1e-b422-441a687774dd/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2b7eb604-ffd6-4e27-8fd8-8a645e25b514
Behavior Graph:
Download SVG
%3 guuid=eeae09ff-2000-0000-de04-8f74650b0000 pid=2917 /usr/bin/sudo guuid=26d3f301-2100-0000-de04-8f74660b0000 pid=2918 /tmp/sample.bin guuid=eeae09ff-2000-0000-de04-8f74650b0000 pid=2917->guuid=26d3f301-2100-0000-de04-8f74660b0000 pid=2918 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lsgdiui6wkag3okeg63rkust7j2qgqrnuobj6pz2soi7nl55q2ca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qm4mnadw4e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5c8c34511eb2806db94437b7155253fa7503422da3829f3f3a9391f6afbd8684

(this sample)

Mirai

sh 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

  
URLhaus
https://urlhaus.abuse.ch/url/3783362/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8264a3c5d5897320cf7549c149e0052
  
Dropping
SHA256 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

Comments