MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea
SHA3-384 hash: 3b384ddfaaa26363fd5a1f92735814ebefb408fb31b310e46164b6da0b34e8c554c6a380b3ce2219f1b8b175b20bbbf6
SHA1 hash: d0318832cb573cd4ea4d2182bc3811291ce33022
MD5 hash: 9c67eb69320df4996f67f577a55fdd47
humanhash: mike-johnny-fish-robert
File name:cat.sh
Download: download sample
File size:973 bytes
First seen:2026-05-09 12:50:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:gGqQomGqfomGq+omGqd4OomGqdomGq2omGqZomGqx0omGqKRKuomGqFomGqU1uoD:guLoiw1Qx0CRKQdGQ+PBbv
TLSH T14A1126ED19B794B7C023CA42B3A5C8C9D28C97D03BE49E3964840E73748DE41BE35B4A
Magika batch
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/69ff2dd0df14f1cb2acea93e/reports/e0b223bf-9e6b-4d9a-848c-6c6404b8f983/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2026-05-09T09:57:00Z UTC
Last seen:
2026-05-11T01:34:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.cl HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9a3e0bbb-af45-42ac-b0c7-bfbab8cc5bcf
Behavior Graph:
Download SVG
%3 guuid=dd3ede65-1a00-0000-ae51-03c5ec090000 pid=2540 /usr/bin/sudo guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543 /tmp/sample.bin guuid=dd3ede65-1a00-0000-ae51-03c5ec090000 pid=2540->guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543 execve guuid=6ed2df68-1a00-0000-ae51-03c5f0090000 pid=2544 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=6ed2df68-1a00-0000-ae51-03c5f0090000 pid=2544 execve guuid=88580fa3-1a00-0000-ae51-03c57c0a0000 pid=2684 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=88580fa3-1a00-0000-ae51-03c57c0a0000 pid=2684 execve guuid=a1e258a3-1a00-0000-ae51-03c57e0a0000 pid=2686 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=a1e258a3-1a00-0000-ae51-03c57e0a0000 pid=2686 clone guuid=133c17a4-1a00-0000-ae51-03c5820a0000 pid=2690 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=133c17a4-1a00-0000-ae51-03c5820a0000 pid=2690 execve guuid=bdf411dd-1a00-0000-ae51-03c5f80a0000 pid=2808 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=bdf411dd-1a00-0000-ae51-03c5f80a0000 pid=2808 execve guuid=ed5266dd-1a00-0000-ae51-03c5f90a0000 pid=2809 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=ed5266dd-1a00-0000-ae51-03c5f90a0000 pid=2809 clone guuid=0c38eedd-1a00-0000-ae51-03c5fc0a0000 pid=2812 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=0c38eedd-1a00-0000-ae51-03c5fc0a0000 pid=2812 execve guuid=76486c15-1b00-0000-ae51-03c5640b0000 pid=2916 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=76486c15-1b00-0000-ae51-03c5640b0000 pid=2916 execve guuid=3828bd15-1b00-0000-ae51-03c5660b0000 pid=2918 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=3828bd15-1b00-0000-ae51-03c5660b0000 pid=2918 clone guuid=67d2be16-1b00-0000-ae51-03c5680b0000 pid=2920 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=67d2be16-1b00-0000-ae51-03c5680b0000 pid=2920 execve guuid=e74bd359-1b00-0000-ae51-03c5d40b0000 pid=3028 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=e74bd359-1b00-0000-ae51-03c5d40b0000 pid=3028 execve guuid=8a1b525a-1b00-0000-ae51-03c5d50b0000 pid=3029 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=8a1b525a-1b00-0000-ae51-03c5d50b0000 pid=3029 clone guuid=c204395b-1b00-0000-ae51-03c5d70b0000 pid=3031 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=c204395b-1b00-0000-ae51-03c5d70b0000 pid=3031 execve guuid=16fb7193-1b00-0000-ae51-03c54e0c0000 pid=3150 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=16fb7193-1b00-0000-ae51-03c54e0c0000 pid=3150 execve guuid=06d4e793-1b00-0000-ae51-03c5500c0000 pid=3152 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=06d4e793-1b00-0000-ae51-03c5500c0000 pid=3152 clone guuid=0e83cc95-1b00-0000-ae51-03c5560c0000 pid=3158 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=0e83cc95-1b00-0000-ae51-03c5560c0000 pid=3158 execve guuid=a82567ce-1b00-0000-ae51-03c59e0c0000 pid=3230 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=a82567ce-1b00-0000-ae51-03c59e0c0000 pid=3230 execve guuid=a61db0ce-1b00-0000-ae51-03c5a00c0000 pid=3232 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=a61db0ce-1b00-0000-ae51-03c5a00c0000 pid=3232 clone guuid=05a569cf-1b00-0000-ae51-03c5a40c0000 pid=3236 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=05a569cf-1b00-0000-ae51-03c5a40c0000 pid=3236 execve guuid=795c4812-1c00-0000-ae51-03c5fb0c0000 pid=3323 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=795c4812-1c00-0000-ae51-03c5fb0c0000 pid=3323 execve guuid=59648e12-1c00-0000-ae51-03c5fc0c0000 pid=3324 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=59648e12-1c00-0000-ae51-03c5fc0c0000 pid=3324 clone guuid=fa471613-1c00-0000-ae51-03c5ff0c0000 pid=3327 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=fa471613-1c00-0000-ae51-03c5ff0c0000 pid=3327 execve guuid=ffe05f55-1c00-0000-ae51-03c55b0d0000 pid=3419 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=ffe05f55-1c00-0000-ae51-03c55b0d0000 pid=3419 execve guuid=c11b9b55-1c00-0000-ae51-03c55d0d0000 pid=3421 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=c11b9b55-1c00-0000-ae51-03c55d0d0000 pid=3421 clone guuid=5f792a56-1c00-0000-ae51-03c5610d0000 pid=3425 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=5f792a56-1c00-0000-ae51-03c5610d0000 pid=3425 execve guuid=00a83599-1c00-0000-ae51-03c5ed0d0000 pid=3565 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=00a83599-1c00-0000-ae51-03c5ed0d0000 pid=3565 execve guuid=184d9299-1c00-0000-ae51-03c5ee0d0000 pid=3566 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=184d9299-1c00-0000-ae51-03c5ee0d0000 pid=3566 clone guuid=8e15359a-1c00-0000-ae51-03c5f00d0000 pid=3568 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=8e15359a-1c00-0000-ae51-03c5f00d0000 pid=3568 execve guuid=ec6e2eda-1c00-0000-ae51-03c51b0e0000 pid=3611 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=ec6e2eda-1c00-0000-ae51-03c51b0e0000 pid=3611 execve guuid=d3a1a2da-1c00-0000-ae51-03c51c0e0000 pid=3612 /usr/bin/dash guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=d3a1a2da-1c00-0000-ae51-03c51c0e0000 pid=3612 clone guuid=82b0efdb-1c00-0000-ae51-03c5200e0000 pid=3616 /usr/bin/wget net send-data write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=82b0efdb-1c00-0000-ae51-03c5200e0000 pid=3616 execve guuid=d922a614-1d00-0000-ae51-03c57a0e0000 pid=3706 /usr/bin/chmod guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=d922a614-1d00-0000-ae51-03c57a0e0000 pid=3706 execve guuid=bf828415-1d00-0000-ae51-03c57b0e0000 pid=3707 memfd: write-file guuid=c04c6d68-1a00-0000-ae51-03c5ef090000 pid=2543->guuid=bf828415-1d00-0000-ae51-03c57b0e0000 pid=3707 execve 33cfb9a4-6696-573b-8d89-e6da27082618 82.26.104.36:80 guuid=6ed2df68-1a00-0000-ae51-03c5f0090000 pid=2544->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=133c17a4-1a00-0000-ae51-03c5820a0000 pid=2690->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=0c38eedd-1a00-0000-ae51-03c5fc0a0000 pid=2812->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=67d2be16-1b00-0000-ae51-03c5680b0000 pid=2920->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=c204395b-1b00-0000-ae51-03c5d70b0000 pid=3031->33cfb9a4-6696-573b-8d89-e6da27082618 send: 138B guuid=0e83cc95-1b00-0000-ae51-03c5560c0000 pid=3158->33cfb9a4-6696-573b-8d89-e6da27082618 send: 135B guuid=05a569cf-1b00-0000-ae51-03c5a40c0000 pid=3236->33cfb9a4-6696-573b-8d89-e6da27082618 send: 135B guuid=fa471613-1c00-0000-ae51-03c5ff0c0000 pid=3327->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=5f792a56-1c00-0000-ae51-03c5610d0000 pid=3425->33cfb9a4-6696-573b-8d89-e6da27082618 send: 138B guuid=8e15359a-1c00-0000-ae51-03c5f00d0000 pid=3568->33cfb9a4-6696-573b-8d89-e6da27082618 send: 134B guuid=82b0efdb-1c00-0000-ae51-03c5200e0000 pid=3616->33cfb9a4-6696-573b-8d89-e6da27082618 send: 137B guuid=aec90316-1d00-0000-ae51-03c57c0e0000 pid=3708 memfd: guuid=bf828415-1d00-0000-ae51-03c57b0e0000 pid=3707->guuid=aec90316-1d00-0000-ae51-03c57c0e0000 pid=3708 clone guuid=344c3216-1d00-0000-ae51-03c57d0e0000 pid=3709 memfd: guuid=bf828415-1d00-0000-ae51-03c57b0e0000 pid=3707->guuid=344c3216-1d00-0000-ae51-03c57d0e0000 pid=3709 clone guuid=78913a16-1d00-0000-ae51-03c57e0e0000 pid=3710 memfd: zombie guuid=344c3216-1d00-0000-ae51-03c57d0e0000 pid=3709->guuid=78913a16-1d00-0000-ae51-03c57e0e0000 pid=3710 clone guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711 memfd: delete-file net send-data write-file zombie guuid=78913a16-1d00-0000-ae51-03c57e0e0000 pid=3710->guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711 clone bd976b68-1373-5a3c-be47-3a6a02256d76 82.26.104.36:1337 guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711->bd976b68-1373-5a3c-be47-3a6a02256d76 send: 255B guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3712 memfd: guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711->guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3712 clone guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3713 memfd: guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711->guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3713 clone guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3745 memfd: guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3711->guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3745 clone guuid=345fa212-2400-0000-ae51-03c5cd140000 pid=5325 memfd: guuid=763b4816-1d00-0000-ae51-03c57f0e0000 pid=3712->guuid=345fa212-2400-0000-ae51-03c5cd140000 pid=5325 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-05-09 12:51:43 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mjl4k2j3a5ueodc2dihkpshpvh7lnxg2hfpkrr3i73yrwrmo47va._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260509-p3qv3ab13k/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3842963/
  
Delivery method
Distributed via web download

Comments