MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5d4c3f536405ae040761820b7ec39761cc425eea952a683de55c8bb8846f8ce2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 5d4c3f536405ae040761820b7ec39761cc425eea952a683de55c8bb8846f8ce2 |
|---|---|
| SHA3-384 hash: | 4ade3cfb3276b30db87ebd0ea3e0d5857659693bdf9aa517b715b1088f8e929bc8cd4bbb62259da35c4fcf1b273d57dc |
| SHA1 hash: | c8b7d753132894ddb922a99e97149eb6bd50cae8 |
| MD5 hash: | 0a0c2d1c273467e5ecccbe1222a5756e |
| humanhash: | queen-one-spaghetti-avocado |
| File name: | curl.sh |
| Download: | download sample |
| File size: | 676 bytes |
| First seen: | 2025-11-22 11:59:50 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 12:3J3LVqEKwpLVa9ohLVEFUILVTQUqLnTCUbSLFp1Lhr4LPwtEOXj:3J3kP3NQzTCsS1ywrXj |
| TLSH | T17A01F5DD4B17BAB32A2DFD2EB6618A4D0050D28C5A3E13C1BC600C6CCCD1A4231A872A |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://31.172.87.151/arc | n/a | n/a | elf ua-wget |
| http://31.172.87.151/arm | a8cf98b8e71e4800662e5fa1f73e8f730d51989379f7080e89eb439de1aee238 | Mirai | 32-bit elf mirai Mozi |
| http://31.172.87.151/arm5 | 94d887bd9e17ef1d032b1ade397c8cdb06ad5bee97ee2acbea986815812e7833 | Mirai | elf mirai ua-wget |
| http://31.172.87.151/arm7 | 3dfeaec000f3ed10fcc5e73e4511c8fae039625abb7c3ad78bd0494b9e806248 | Mirai | elf mirai ua-wget |
| http://31.172.87.151/mips | 8ace4e3efde30f300d3c116b03ddf62b3ed8b289363f6cb97f441229b9765786 | Mirai | 32-bit elf mirai Mozi |
| http://31.172.87.151/mpsl | 1a7cc94fc56632039953e36a6c1deb26451416d9315e00ec0a930417fd443c2a | Mirai | elf mirai ua-wget |
| http://31.172.87.151/ppc | 86623fea2bd4b84059577d1af23790421a9a054f8021c3628f5f4e45feb292ef | Mirai | elf mirai ua-wget |
| http://31.172.87.151/sh4 | 1382e61009a959a78baad1ed49599c84509e99aad0f2b8aaf8aa34fecff6e61f | Mirai | elf mirai ua-wget |
Intelligence
File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
evasive mirai
Verdict:
Malicious
File Type:
text
First seen:
2025-11-22T10:32:00Z UTC
Last seen:
2025-11-23T01:18:00Z UTC
Hits:
~10
Status:
terminated
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2025-11-22 11:54:11 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 5d4c3f536405ae040761820b7ec39761cc425eea952a683de55c8bb8846f8ce2
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.